diff --git a/.github/workflows/pypi-package.yml b/.github/workflows/pypi-package.yml
new file mode 100644
index 00000000..a4ae72b5
--- /dev/null
+++ b/.github/workflows/pypi-package.yml
@@ -0,0 +1,56 @@
+---
+name: Build and upload package
+
+on:
+  push:
+    branches: [main]
+    tags: ["*"]
+  pull_request:
+    branches: [ main ]
+  release:
+    types:
+      - published
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build-package:
+    name: Build & verify package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: hynek/build-and-inspect-python-package@v2
+
+  auto-release-test-pypi:
+    runs-on: ubuntu-latest
+    needs: [build-package]
+    # if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'nipreps/eddymotion' }}
+
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  auto-release-pypi:
+    runs-on: ubuntu-latest
+    environment: "Release"
+    needs: [build-package]
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+      - uses: pypa/gh-action-pypi-publish@release/v1
\ No newline at end of file