diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0e5e67b33..e7ecb0ac2 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,6 +23,7 @@ repos:
             cookiecutter/.*/meltano.yml|
             cookiecutter/.*/.pre-commit-config.yaml|
             cookiecutter/.*/dependabot.yml|
+            cookiecutter/.*/build.yml|
             cookiecutter/.*/test.yml
         )$
   - id: end-of-file-fixer
diff --git a/cookiecutter/mapper-template/{{cookiecutter.mapper_id}}/.github/workflows/build.yml b/cookiecutter/mapper-template/{{cookiecutter.mapper_id}}/.github/workflows/build.yml
new file mode 100644
index 000000000..274aebced
--- /dev/null
+++ b/cookiecutter/mapper-template/{{cookiecutter.mapper_id}}/.github/workflows/build.yml
@@ -0,0 +1,45 @@
+name: Release
+
+on:
+  push:
+
+permissions:
+  contents: write  # Needed to upload artifacts to the release
+  id-token: write  # Needed for OIDC PyPI publishing
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - uses: hynek/build-and-inspect-python-package@v2
+
+  publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    needs: [build]
+    ## TODO: optionally provide the name of the environment for the trusted
+    ## publisher on PyPI
+    ## https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
+    # environment: pypi
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+    - uses: actions/download-artifact@v4
+      with:
+        name: Packages
+        path: dist
+    - name: Upload wheel to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_token: {{ '${{secrets.GITHUB_TOKEN}}' }}
+        file: dist/*.whl
+        tag: {{ '${{github.ref}}' }}
+        overwrite: true
+        file_glob: true
+
+    - name: Publish
+      ## TODO: create a trusted publisher on PyPI
+      ## https://docs.pypi.org/trusted-publishers/
+      uses: pypa/gh-action-pypi-publish@v1.8.14
diff --git a/cookiecutter/tap-template/{{cookiecutter.tap_id}}/.github/workflows/build.yml b/cookiecutter/tap-template/{{cookiecutter.tap_id}}/.github/workflows/build.yml
new file mode 100644
index 000000000..274aebced
--- /dev/null
+++ b/cookiecutter/tap-template/{{cookiecutter.tap_id}}/.github/workflows/build.yml
@@ -0,0 +1,45 @@
+name: Release
+
+on:
+  push:
+
+permissions:
+  contents: write  # Needed to upload artifacts to the release
+  id-token: write  # Needed for OIDC PyPI publishing
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - uses: hynek/build-and-inspect-python-package@v2
+
+  publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    needs: [build]
+    ## TODO: optionally provide the name of the environment for the trusted
+    ## publisher on PyPI
+    ## https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
+    # environment: pypi
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+    - uses: actions/download-artifact@v4
+      with:
+        name: Packages
+        path: dist
+    - name: Upload wheel to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_token: {{ '${{secrets.GITHUB_TOKEN}}' }}
+        file: dist/*.whl
+        tag: {{ '${{github.ref}}' }}
+        overwrite: true
+        file_glob: true
+
+    - name: Publish
+      ## TODO: create a trusted publisher on PyPI
+      ## https://docs.pypi.org/trusted-publishers/
+      uses: pypa/gh-action-pypi-publish@v1.8.14
diff --git a/cookiecutter/target-template/{{cookiecutter.target_id}}/.github/workflows/build.yml b/cookiecutter/target-template/{{cookiecutter.target_id}}/.github/workflows/build.yml
new file mode 100644
index 000000000..274aebced
--- /dev/null
+++ b/cookiecutter/target-template/{{cookiecutter.target_id}}/.github/workflows/build.yml
@@ -0,0 +1,45 @@
+name: Release
+
+on:
+  push:
+
+permissions:
+  contents: write  # Needed to upload artifacts to the release
+  id-token: write  # Needed for OIDC PyPI publishing
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - uses: hynek/build-and-inspect-python-package@v2
+
+  publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    needs: [build]
+    ## TODO: optionally provide the name of the environment for the trusted
+    ## publisher on PyPI
+    ## https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
+    # environment: pypi
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+    - uses: actions/download-artifact@v4
+      with:
+        name: Packages
+        path: dist
+    - name: Upload wheel to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_token: {{ '${{secrets.GITHUB_TOKEN}}' }}
+        file: dist/*.whl
+        tag: {{ '${{github.ref}}' }}
+        overwrite: true
+        file_glob: true
+
+    - name: Publish
+      ## TODO: create a trusted publisher on PyPI
+      ## https://docs.pypi.org/trusted-publishers/
+      uses: pypa/gh-action-pypi-publish@v1.8.14