diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 383f4c1..2665e9d 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -4,6 +4,8 @@ on:
       - main
 
   pull_request:
+  release:
+    types: [published]
 
 jobs:
   build:
@@ -21,3 +23,30 @@ jobs:
       # - run: npm ci
       - run: npm install --no-package-lock
       - run: npm run build
+
+  publish:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'release'
+    environment: release
+    needs: build
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+          cache: npm
+          registry-url: "https://registry.npmjs.org"
+
+      # Working around https://github.com/npm/cli/issues/4828
+      # - run: npm ci
+      - run: npm install --no-package-lock
+
+      # TODO: Add --provenance once the repo is public
+      - run: npm run publish-all
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}