diff --git a/tools/release/git/git-client.ts b/tools/release/git/git-client.ts
index 02f019128..e1ff3715a 100644
--- a/tools/release/git/git-client.ts
+++ b/tools/release/git/git-client.ts
@@ -18,9 +18,9 @@ export class GitClient {
 
     /** Gets the commit SHA for the specified remote repository branch. */
     getRemoteCommitSha(branchName: string): string {
-        return this.spawnGitProcess(['ls-remote', this.remoteGitUrl, '-h',
-            `refs/heads/${branchName}`])
-            .stdout.split('\t')[0].trim();
+        return this.spawnGitProcess(['ls-remote', this.remoteGitUrl, '-h', `refs/heads/${branchName}`])
+            .stdout.split('\t')[0]
+            .trim();
     }
 
     /** Gets the latest commit SHA for the specified git reference. */
@@ -70,13 +70,16 @@ export class GitClient {
 
     /** Gets the Git SHA of the specified local tag. */
     getShaOfLocalTag(tagName: string) {
-        return this.spawnGitProcess(['rev-parse', `refs/tags/${tagName}`]).stdout.trim();
+        // We need to use the "^{}" suffix to instruct Git to deference the tag to
+        // the actual commit. See: https://www.git-scm.com/docs/git-rev-parse
+        return this.spawnGitProcess(['rev-parse', `refs/tags/${tagName}^{}`]).stdout.trim();
     }
 
     /** Gets the Git SHA of the specified remote tag. */
     getShaOfRemoteTag(tagName: string): string {
-        return this.spawnGitProcess(['ls-remote', this.remoteGitUrl, '-t', `refs/tags/${tagName}`])
-            .stdout.split('\t')[0].trim();
+        return this.spawnGitProcess(['ls-remote', this.remoteGitUrl, '-t', `refs/tags/${tagName}^{}`])
+            .stdout.split('\t')[0]
+            .trim();
     }
 
     /** Pushes the specified tag to the remote git repository. */
diff --git a/tools/release/publish-release.ts b/tools/release/publish-release.ts
index 8a508ae9f..c1e1a2a85 100644
--- a/tools/release/publish-release.ts
+++ b/tools/release/publish-release.ts
@@ -90,28 +90,30 @@ class PublishReleaseTask extends BaseReleaseTask {
             await this.promptStableVersionForNextTag();
         }
 
+        // Ensure that we are authenticated, so that we can run "npm publish" for
+        // each package once the release output is built.
+        this.checkNpmAuthentication();
+
         this.buildReleasePackages();
         console.info(chalk.green(`  ✓   Built the release output.`));
 
         this.checkReleaseOutput();
 
         // Extract the release notes for the new version from the changelog file.
-        const {releaseNotes, releaseTitle} = extractReleaseNotes(
+        const extractedReleaseNotes = extractReleaseNotes(
             join(this.projectDir, CHANGELOG_FILE_NAME), newVersionName);
 
-        // TODO : need fix it
-        if (!releaseNotes) {
+        if (!extractedReleaseNotes) {
             console.error(chalk.red(`  ✘   Could not find release notes in the changelog.`));
             process.exit(1);
         }
 
+        const {releaseNotes, releaseTitle} = extractedReleaseNotes;
+
         // Create and push the release tag before publishing to NPM.
         this.createReleaseTag(newVersionName, releaseNotes);
         this.pushReleaseTag(newVersionName, upstreamRemote);
 
-        // Ensure that we are authenticated before running "npm publish" for each package.
-        this.checkNpmAuthentication();
-
         // Just in order to double-check that the user is sure to publish to NPM, we want
         // the user to interactively confirm that the script should continue.
         await this.promptConfirmReleasePublish();