diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
deleted file mode 100644
index c8bfe0e..0000000
--- a/.github/workflows/publish.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-name: Publish
-on:
-  push:
-    branches:
-      - main
-      - master
-
-permissions:
-  contents: write # Required to create tags & GitHub Releases
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    concurrency:
-      group: ${{ github.workflow }}-publish-${{ github.ref_name }}
-      cancel-in-progress: false
-
-    steps:
-      # Use a merge queue to avoid `main` commit race conditions.
-      - name: Checkout release branch
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref_name }}
-          fetch-depth: 0
-          fetch-tags: true
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v6.4.3
-        with:
-          version: latest
-
-      - name: Install dependencies
-        run: ./scripts/setup.sh
-
-      - name: Create GitHub release
-        id: create-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        shell: bash
-        run: ./scripts/create-release.sh
-
-      - name: Build
-        if: steps.create-release.outputs.released == 'true'
-        run: ./scripts/build.sh
-
-      - name: Publish GitHub release
-        id: publish-release
-        if: steps.create-release.outputs.released == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: ./scripts/publish.sh "${{ steps.create-release.outputs.tag }}" "${{ steps.build.outputs.sha256 }}"
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 60dd096..1fdbedd 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -33,8 +33,6 @@ jobs:
 
       - name: Install uv
         uses: astral-sh/setup-uv@v6.4.3
-        with:
-          version: latest
 
       - name: Setup
         run: uv run task setup
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..35e18d9
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,42 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+      - master
+
+permissions:
+  contents: write # Required to create tags & GitHub Releases
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-release-${{ github.ref_name }}
+      cancel-in-progress: false
+    environment:
+      name: release
+
+    steps:
+      # Use a merge queue to avoid `main` commit race conditions.
+      - name: Checkout release branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6.4.3
+
+      - name: Setup
+        run: uv run task setup
+
+      - name: Build
+        run: uv run task build
+
+      - name: Release (ECR)
+        run: uv run task release-ecr-no-build
diff --git a/Taskfile.yml b/Taskfile.yml
index 571fc89..d5fc09d 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -76,3 +76,17 @@ tasks:
     run: once
     cmds:
       - ./scripts/local-instance.sh stop {{.DOCKER_IMAGE}}
+
+  release-ecr:
+    desc: Release the Docker image to ECR
+    run: once
+    deps:
+      - build
+    cmds:
+      - ./scripts/release-ecr.sh
+
+  release-ecr-no-build:
+    desc: Release the Docker image to ECR without building it first
+    run: once
+    cmds:
+      - ./scripts/release-ecr.sh
diff --git a/scripts/release-ecr.sh b/scripts/release-ecr.sh
new file mode 100755
index 0000000..b0b905b
--- /dev/null
+++ b/scripts/release-ecr.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -euo pipefail
+
+ECR_REPOSITORY_URL="${1:-$ECR_REPOSITORY_URL}"
+
+IMAGE_NAME="$(echo "$ECR_REPOSITORY_URL" | cut -d '/' -f 2)"
+IMAGE_TAG="$(./scripts/get-version.sh)"
+AWS_ACCOUNT_ID="$(echo "$ECR_REPOSITORY_URL" | cut -d '.' -f 1)"
+AWS_ECR_REGION="$(echo "$ECR_REPOSITORY_URL" | cut -d '.' -f 4)"
+
+function ensure_parameters() {
+    if [ -z "$ECR_REPOSITORY_URL" ]; then
+        echo "ECR_REPOSITORY_URL is not set"
+        exit 1
+    fi
+}
+
+function ecr_login() {
+    aws ecr get-login-password --region "$AWS_ECR_REGION" | \
+        docker login --username AWS --password-stdin "$ECR_REPOSITORY_URL"
+}
+
+function ecr_tag() {
+    echo "Tagging image: $ECR_REPOSITORY_URL:$IMAGE_TAG"
+    docker tag "$IMAGE_NAME:$IMAGE_TAG" "$ECR_REPOSITORY_URL:$IMAGE_TAG"
+}
+
+function ecr_push() {
+    echo "Pushing image to ECR: $ECR_REPOSITORY_URL:$IMAGE_TAG"
+    docker push "$ECR_REPOSITORY_URL:$IMAGE_TAG"
+}
+
+function main() {
+    ensure_parameters
+    ecr_login
+    ecr_tag
+    ecr_push
+}
+
+main
\ No newline at end of file