diff --git a/.github/workflows/build-and-upload.yaml b/.github/workflows/build-and-upload.yaml
deleted file mode 100644
index 3edf747..0000000
--- a/.github/workflows/build-and-upload.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: ship-package
-
-on:
-  push:
-    branches: [ main ]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-jobs:
-  build-and-upload:
-    runs-on: self-hosted
-    permissions:
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Check for Changed Files
-        id: changed-files
-        uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366
-        with:
-          files: |
-            annotated_logger
-            Dockerfile
-            pyproject.toml
-            requirements.txt
-
-      - name: Log into registry
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.GHCR_USER }}
-          password: ${{ secrets.GHCR_PW }}
-
-      - name: Build Package
-        uses: ./ # Action defined in action.yaml in the root
-        if: steps.changed-files.outputs.any_changed == 'true'
diff --git a/.github/workflows/package-quality-control.yaml b/.github/workflows/package-quality-control.yaml
deleted file mode 100644
index 86fc874..0000000
--- a/.github/workflows/package-quality-control.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-name: package-quality-control
-
-on:
-  pull_request:
-    branches:
-      - main
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-jobs:
-  # Checks that version number has been updated
-  package-quality-control:
-    permissions:
-      contents: read
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Current PR Branch
-        uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v5
-      - name: Check for Changed Files
-        id: changed-files
-        uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366
-        with:
-          files: |
-            pyproject.toml
-            annotated_logger/__init__.py
-      - name: Install hatch
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: python -m pip install hatch
-      - name: Compare Versions
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: |
-          export BRANCH_VERSION=$(hatch version)
-          git checkout main
-          export MAIN_VERSION=$(hatch version)
-
-          if [[ "$BRANCH_VERSION" == "$MAIN_VERSION" ]]; then echo "Please update package version number." && exit 1; fi
diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml
new file mode 100644
index 0000000..b52b874
--- /dev/null
+++ b/.github/workflows/publish-to-pypi.yaml
@@ -0,0 +1,120 @@
+name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI
+
+on: push
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.x"
+    - name: Install hatch
+      run: >-
+        python3 -m
+        pip install
+        hatch
+        --user
+    - name: Build a binary wheel and a source tarball
+      run: python3 -m hatch build
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+
+  publish-to-pypi:
+    name: >-
+      Publish Python 🐍 distribution 📦 to PyPI
+    if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes
+    needs:
+    - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/annotated-logger
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to PyPI
+      uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
+
+  github-release:
+    name: >-
+      Sign the Python 🐍 distribution 📦 with Sigstore
+      and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 #v3.0.0
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        gh release create
+        '${{ github.ref_name }}'
+        --repo '${{ github.repository }}'
+        --notes ""
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+        gh release upload
+        '${{ github.ref_name }}' dist/**
+        --repo '${{ github.repository }}'
+
+  publish-to-testpypi:
+    name: Publish Python 🐍 distribution 📦 to TestPyPI
+    needs:
+    - build
+    runs-on: ubuntu-latest
+
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/annotated-logger
+
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to TestPyPI
+      uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
+      with:
+        repository-url: https://test.pypi.org/legacy/
diff --git a/action.yaml b/action.yaml
deleted file mode 100644
index e31c1d1..0000000
--- a/action.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-name: "Build Package"
-description: "Build the vulnerability-aggregator client python package"
-runs:
-  using: "docker"
-  image: "Dockerfile"
-  entrypoint: "/app/script/build_package"
diff --git a/annotated_logger/__init__.py b/annotated_logger/__init__.py
index e4309ff..9d398a6 100644
--- a/annotated_logger/__init__.py
+++ b/annotated_logger/__init__.py
@@ -29,7 +29,12 @@
 if TYPE_CHECKING:  # pragma: no cover
     from collections.abc import MutableMapping
 
-VERSION = "1.2.0"  # pragma: no mutate
+# Use 0.0.0.dev1 and so on when working in a PR
+# Each push attempts to upload to testpypi, but it only works with a unique version
+# https://test.pypi.org/project/annotated-logger/
+# The dev versions in testpypi can then be pulled in to whatever project needed
+# the new feature.
+VERSION = "1.2.1"  # pragma: no mutate
 
 T = TypeVar("T")
 P = ParamSpec("P")
diff --git a/script/build_package b/script/build_package
deleted file mode 100755
index 46d057d..0000000
--- a/script/build_package
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -ex
-
-cd "$(dirname $0)/.."
-
-
-hatch build
-cp dist/* /github/workspace/dist