diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 79bce74..da6e284 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,5 +1,5 @@
 {
-  "build-plugin": "1.0.2",
+  "build-plugin": "1.0.3",
   "bundle-size": "1.0.2",
   "bundle-types": "1.0.2",
   "create-plugin-update": "1.1.0",
diff --git a/build-plugin/CHANGELOG.md b/build-plugin/CHANGELOG.md
index e2a3dc5..4f12b94 100644
--- a/build-plugin/CHANGELOG.md
+++ b/build-plugin/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## [1.0.3](https://github.com/grafana/plugin-actions/compare/build-plugin/v1.0.2...build-plugin/v1.0.3) (2025-10-21)
+
+
+### 🔧 Chores
+
+* **deps:** update actions/attest-build-provenance action to v3 ([#158](https://github.com/grafana/plugin-actions/issues/158)) ([39a0e52](https://github.com/grafana/plugin-actions/commit/39a0e52b82cd3d7b1f9e51c993e06f06cdf5f78c))
+* **deps:** update softprops/action-gh-release action to v2.3.4 ([#156](https://github.com/grafana/plugin-actions/issues/156)) ([c4393f0](https://github.com/grafana/plugin-actions/commit/c4393f091fd9f2ff7b7c6a09ca9d95c582cc174f))
+
 ## [1.0.2](https://github.com/grafana/plugin-actions/compare/build-plugin/v1.0.1...build-plugin/v1.0.2) (2025-08-04)
 
 
diff --git a/build-plugin/README.md b/build-plugin/README.md
index 937ecee..0bd10fd 100644
--- a/build-plugin/README.md
+++ b/build-plugin/README.md
@@ -29,7 +29,7 @@ name: Release
 on:
   push:
     tags:
-      - "v*" # Run workflow on version tags, e.g. v1.0.2.
+      - "v*" # Run workflow on version tags, e.g. v1.0.3.
 
 jobs:
   release:
@@ -41,7 +41,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.2
+      - uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.3
         with:
           # see https://grafana.com/developers/plugin-tools/publish-a-plugin/sign-a-plugin#generate-an-access-policy-token to generate it
           # save the value in your repository secrets
@@ -73,7 +73,7 @@ name: Release
 on:
   push:
     tags:
-      - "v*" # Run workflow on version tags, e.g. v1.0.2.
+      - "v*" # Run workflow on version tags, e.g. v1.0.3.
 
 jobs:
   release:
@@ -86,7 +86,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.2
+      - uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.3
         with:
           policy_token: ${{ secrets.GRAFANA_ACCESS_POLICY_TOKEN }}
           attestation: true # new line
@@ -108,7 +108,7 @@ To enable changelog generation in your workflow:
 <!-- x-release-please-start-version -->
 
 ```yaml
-- uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.2
+- uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.3
   with:
     policy_token: ${{ secrets.GRAFANA_ACCESS_POLICY_TOKEN }}
     use_changelog_generator: true
@@ -128,7 +128,7 @@ If your target branch is protected, the default github.token cannot push changes
 
 ```yaml
 - name: Build plugin
-  uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.2
+  uses: grafana/plugin-actions/build-plugin@build-plugin/v1.0.3
   with:
     use_changelog_generator: true
     token: ${{ secrets.CHANGELOG_PAT }}  # Replace default github.token