diff --git a/.github/workflows/deploy-release.yml b/.github/workflows/deploy-release.yml
new file mode 100644
index 0000000..bd62c49
--- /dev/null
+++ b/.github/workflows/deploy-release.yml
@@ -0,0 +1,22 @@
+name: Deploy release
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  pypi:
+    permissions:
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+      - name: Install dependencies
+        run: pip install -U build
+      - name: Build package
+        run: python -m build
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
deleted file mode 100644
index eddea39..0000000
--- a/.github/workflows/publish.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-name: Publish
-
-on:
-  push:
-    tags:
-      - '*'
-
-jobs:
-  publish:
-    name: "Publish to PyPI"
-    runs-on: "ubuntu-latest"
-
-    steps:
-      - uses: "actions/checkout@v2"
-      - uses: "actions/setup-python@v2"
-        with:
-          python-version: 3.8
-      - name: "Install dependencies"
-        run: scripts/install
-      - name: "Build package artifacts"
-        run: scripts/build
-      - name: "Publish to PyPI"
-        run: scripts/publish
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}