diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml
new file mode 100644
index 0000000..3baff8c
--- /dev/null
+++ b/.buildkite/pipeline.release.yml
@@ -0,0 +1,24 @@
+agents:
+  queue: hosted
+
+steps:
+  # This is most to prevent we accidentally tag things.
+  - block: "OK to release?"
+
+  - command: ".buildkite/steps/release-pypi"
+    label: ":pypi:"
+    if: build.tag != null
+    env:
+      # > The username to authenticate to the repository (package index) as. Has no effect on PyPI
+      # It should be a noop, I set it anyway to prevent prompt showing up.
+      TWINE_USERNAME: __token__
+    plugins:
+      - cluster-secrets#v1.0.0:
+          variables:
+            TWINE_PASSWORD: test-collector-python-pypi-api-token
+      - docker#v5.12.0:
+          image: "python:3.13"
+          environment:
+            - TWINE_USERNAME
+            - TWINE_PASSWORD
+
diff --git a/.buildkite/steps/release-pypi b/.buildkite/steps/release-pypi
new file mode 100755
index 0000000..1a04dad
--- /dev/null
+++ b/.buildkite/steps/release-pypi
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+__root="$(cd "$(dirname "${__dir}")"/../ && pwd)"
+
+cd "$__root"
+
+python -m venv .venv && source .venv/bin/activate
+
+pip install -e '.[dev]'
+
+# It will spit out a tar.gz in ./dist
+python -m build
+
+python -m twine check dist/*
+
+python -m twine upload --skip-existing dist/*
diff --git a/README.md b/README.md
index 28ab842..118c1ee 100644
--- a/README.md
+++ b/README.md
@@ -84,15 +84,12 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/buildk
 
 ## 🚀 Releasing
 
-1. Version bump the code, tag and push.
-2. Publish to the [Python Package Index](https://pypi.org/):
-
-```sh
-python3 -m build
-python3 -m twine upload dist/*
-```
-
-3. Create a [new github release](https://github.com/buildkite/test-collector-python/releases).
+1. Open a new PR bumping the version number in `constants.py`.
+2. Get the PR approved and merged.
+3. Tag the merge commit with the same version number, then git push.
+4. Go to release pipeline and approve the pipeline to execute.
+5. (Optional) In the event of step 4 failure, run `.buildkite/steps/release-pypi` locally with your own credentials.
+6. Create a [new github release](https://github.com/buildkite/test-collector-python/releases).
 
 ## 📜 License