diff --git a/.github/workflows/build_and_release.yml b/.github/workflows/build_and_release.yml
new file mode 100644
index 0000000..7b96218
--- /dev/null
+++ b/.github/workflows/build_and_release.yml
@@ -0,0 +1,54 @@
+name: Build and Publish Python Wheel
+
+permissions:
+  id-token: write   # This is required for requesting to login in AWS
+  contents: write
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v5
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::356432868028:role/github_oidc_codeartifact
+        aws-region: 'us-east-1'
+
+    - name: Deployment Token
+      id: deployment-token
+      run: |
+        TOKEN=$(aws codeartifact get-authorization-token \
+          --domain python-domain \
+          --domain-owner 356432868028 \
+          --query authorizationToken \
+          --output text)
+        
+        # This line prevents the token from appearing in logs
+        echo "::add-mask::$TOKEN"
+        
+        # Save to output for use in later steps
+        echo "token=$TOKEN" >> $GITHUB_OUTPUT
+
+    - uses: astral-sh/setup-uv@v7
+
+    - name: Build wheel
+      run: uv build
+
+    - name: Publish on code artifact
+      env:
+        UV_PUBLISH_USERNAME: aws
+        UV_PUBLISH_PASSWORD: ${{ steps.deployment-token.outputs.token }}
+        UV_PUBLISH_URL: https://python-domain-356432868028.d.codeartifact.us-east-1.amazonaws.com/pypi/shiphero/
+      run: uv publish
+
+    - name: Publish release
+      uses: softprops/action-gh-release@v1
+      with:
+        files: dist/*.whl