diff --git a/.github/workflows/pathogen-repo-build.yaml b/.github/workflows/pathogen-repo-build.yaml
index 1872d55..3db5fa1 100644
--- a/.github/workflows/pathogen-repo-build.yaml
+++ b/.github/workflows/pathogen-repo-build.yaml
@@ -209,6 +209,7 @@ on:
         required: true
 env:
   NEXTSTRAIN_GITHUB_DIR: .git/nextstrain/.github
+  NEXTSTRAIN_BUILD_LOG: build.log
 permissions:
   id-token: write
 jobs:
@@ -274,14 +275,20 @@ jobs:
           # shellcheck disable=SC2154
           set -x
 
-          eval "$NEXTSTRAIN_BUILD_COMMAND" |& tee build.log
+          # tee build output to .git/ to avoid
+          # https://github.com/nextstrain/.github/issues/77#issuecomment-1998652064
+          # After build is complete, move .git/build.log to the working directory
+          # so this is kept as an implementation detail
+          eval "$NEXTSTRAIN_BUILD_COMMAND" |& tee .git/"$NEXTSTRAIN_BUILD_LOG"
+
+          mv .git/"$NEXTSTRAIN_BUILD_LOG" "$NEXTSTRAIN_BUILD_LOG"
       # Attempt to get the AWS Batch ID even if the run build command failed
-      # as long as the runtime is `aws-batch` and the `build.log` file exists
-      - if: ${{ always() && inputs.runtime == 'aws-batch' && hashFiles('build.log') != '' }}
+      # as long as the runtime is `aws-batch` and the `NEXTSTRAIN_BUILD_LOG` file exists
+      - if: ${{ always() && inputs.runtime == 'aws-batch' && hashFiles(env.NEXTSTRAIN_BUILD_LOG) != '' }}
         name: Get AWS Batch job id
         id: aws-batch
         run: |
-          echo "AWS_BATCH_JOB_ID=$(sed -nE 's/.+AWS Batch Job ID\:.+ ([-a-f0-9]+)$/\1/p' < build.log)" | tee -a "$GITHUB_ENV"
+          echo "AWS_BATCH_JOB_ID=$(sed -nE 's/.+AWS Batch Job ID\:.+ ([-a-f0-9]+)$/\1/p' < "$NEXTSTRAIN_BUILD_LOG")" | tee -a "$GITHUB_ENV"
       - if: ${{ always() && env.AWS_BATCH_JOB_ID }}
         name: Generate AWS Batch summary
         run: |
@@ -293,7 +300,7 @@ jobs:
           if-no-files-found: warn
           name: ${{ inputs.artifact-name }}
           path: |
-            build.log
+            ${{ env.NEXTSTRAIN_BUILD_LOG }}
             auspice/
             results/
             benchmarks/
diff --git a/.github/workflows/pathogen-repo-build.yaml.in b/.github/workflows/pathogen-repo-build.yaml.in
index 5157cdf..0e2a618 100644
--- a/.github/workflows/pathogen-repo-build.yaml.in
+++ b/.github/workflows/pathogen-repo-build.yaml.in
@@ -135,7 +135,8 @@ on:
             logs/
             .snakemake/log/
 
-          The "build.log" contains log messages from the `nextstrain build` command.
+          The "build.log" contains log messages from the
+          `nextstrain build` command.
           The other paths are common output paths for Nextstrain builds.
           If a path does not exist in your build, then the action will still
           succeed and will print out a warning for the non-existent file(s).
@@ -160,6 +161,7 @@ on:
 
 env:
   NEXTSTRAIN_GITHUB_DIR: .git/nextstrain/.github
+  NEXTSTRAIN_BUILD_LOG: build.log
 
 permissions:
   id-token: write
@@ -240,15 +242,21 @@ jobs:
           # shellcheck disable=SC2154
           set -x
 
-          eval "$NEXTSTRAIN_BUILD_COMMAND" |& tee build.log
+          # tee build output to .git/ to avoid
+          # https://github.com/nextstrain/.github/issues/77#issuecomment-1998652064
+          # After build is complete, move .git/build.log to the working directory
+          # so this is kept as an implementation detail
+          eval "$NEXTSTRAIN_BUILD_COMMAND" |& tee .git/"$NEXTSTRAIN_BUILD_LOG"
+
+          mv .git/"$NEXTSTRAIN_BUILD_LOG" "$NEXTSTRAIN_BUILD_LOG"
 
       # Attempt to get the AWS Batch ID even if the run build command failed
-      # as long as the runtime is `aws-batch` and the `build.log` file exists
-      - if: ${{ always() && inputs.runtime == 'aws-batch' && hashFiles('build.log') != '' }}
+      # as long as the runtime is `aws-batch` and the `NEXTSTRAIN_BUILD_LOG` file exists
+      - if: ${{ always() && inputs.runtime == 'aws-batch' && hashFiles(env.NEXTSTRAIN_BUILD_LOG) != '' }}
         name: Get AWS Batch job id
         id: aws-batch
         run: |
-          echo "AWS_BATCH_JOB_ID=$(sed -nE 's/.+AWS Batch Job ID\:.+ ([-a-f0-9]+)$/\1/p' < build.log)" | tee -a "$GITHUB_ENV"
+          echo "AWS_BATCH_JOB_ID=$(sed -nE 's/.+AWS Batch Job ID\:.+ ([-a-f0-9]+)$/\1/p' < "$NEXTSTRAIN_BUILD_LOG")" | tee -a "$GITHUB_ENV"
 
       - if: ${{ always() && env.AWS_BATCH_JOB_ID }}
         name: Generate AWS Batch summary
@@ -262,7 +270,7 @@ jobs:
           if-no-files-found: warn
           name: ${{ inputs.artifact-name }}
           path: |
-            build.log
+            ${{ env.NEXTSTRAIN_BUILD_LOG }}
             auspice/
             results/
             benchmarks/