diff --git a/.github/workflows/publish-pypi.yaml b/.github/workflows/publish-pypi.yaml
new file mode 100644
index 0000000..9fd9922
--- /dev/null
+++ b/.github/workflows/publish-pypi.yaml
@@ -0,0 +1,30 @@
+name: "Publish on PyPI"
+
+# This workflow is triggered when a new release is published on GitHub. It
+# builds the package and uploads it to PyPI.
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  deploy_pypi:
+    if: ${{ github.repository == 'omsf/spec0' }}
+    runs-on: ubuntu-latest
+    name: "Publish on PyPI"
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+      - name: "Install release tools"
+        run: |
+          python -m pip install twine build
+      - name: "Build and check package"
+        run: |
+          python -m build --sdist --wheel
+          twine check dist/*
+      - name: "Publish on pypi"
+        uses: pypa/gh-action-pypi-publish@release/v1