diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000000..0c9dd6255a
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,65 @@
+on:
+  push:
+    branches:
+      - main
+
+name: release-please
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v5
+        id: configure-changelog
+        with:
+          result-encoding: string
+          script: |
+            const changelogTypes = [
+              {type: "feat", section: "Features", hidden: false},
+              {type: "chore", section: "Misc", hidden: false},
+              {type: "fix", section: "BugFixes", hidden: false},
+            ]
+
+            return JSON.stringify(changelogTypes)
+      # See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
+      # For why we need to generate a token and not use the default
+      - name: Generate token
+        id: generate_token
+        uses: chanzuckerberg/github-app-token@v1.1.4
+        with:
+          app_id: ${{ secrets.CZI_RELEASE_PLEASE_APP_ID }}
+          private_key: ${{ secrets.CZI_RELEASE_PLEASE_PK }}
+
+      - name: Import GPG key
+        id: import_gpg
+        uses: hashicorp/ghaction-import-gpg@v2.1.0
+        env:
+          # These secrets will need to be configured for the repository:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: release please
+        uses: google-github-actions/release-please-action@v3
+        id: release
+        with:
+          release-type: simple
+          bump-minor-pre-major: true
+          changelog-types: ${{ steps.configure-changelog.outputs.result }}
+          token: ${{ steps.generate_token.outputs.token }}
+
+      - uses: actions/checkout@v2
+        if: ${{ steps.release.outputs.release_created }}
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+        if: ${{ steps.release.outputs.release_created }}
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+        if: ${{ steps.release.outputs.release_created }}