diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8373473..f9739c1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+    tags:
+      - 'v*'
   workflow_dispatch:
     inputs:
       dry_run:
@@ -11,6 +13,11 @@ on:
         required: false
         type: boolean
         default: true
+      publish:
+        description: 'Publish to pypi.org'
+        required: false
+        type: boolean
+        default: true
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -65,7 +72,8 @@ jobs:
     needs: semantic-release
     runs-on: ubuntu-latest
     timeout-minutes: 30
-    if: (github.ref_name == 'main' && github.event_name == 'push') || (github.ref_name == 'main' && github.event_name == 'workflow_dispatch' && !inputs.dry_run)
+    # Only publish after semantic-release has created a new tag
+    if: startsWith(github.ref, 'refs/tags/v') || (github.event_name == 'workflow_dispatch' && !inputs.dry_run && inputs.publish)
 
     permissions:
       contents: read
@@ -90,6 +98,7 @@ jobs:
         run: make build-dist
 
       # Requires TWINE_TOKEN to be configured in repo secrets
+      # TODO remove "with: password" using TWINE_TOKEN once trusted publisher config is fixed
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with: