diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..1cdd84f
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,34 @@
+# See https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/
+# https://github.com/pypa/gh-action-pypi-publish
+# https://github.com/pypa/sampleproject/blob/main/.github/workflows/release.yml
+
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.x'
+    - name: Install build dependencies
+      run: python -m pip install -U setuptools wheel build
+    - name: Build
+      run: python -m build .
+    - name: Publish
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        skip-existing: true
+        verbose: true
+