diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..57f8b00
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,38 @@
+name: Publish to Maven Central
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  publish:
+    if: contains(github.ref, 'release')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'temurin'
+
+      - name: Publish to Maven Central
+        run: ./gradlew publish
+        env:
+          ORG_GRADLE_PROJECT_NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
+          ORG_GRADLE_PROJECT_NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+          ORG_GRADLE_PROJECT_SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
+          ORG_GRADLE_PROJECT_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          ORG_GRADLE_PROJECT_SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+
+      - name: Notify Central Publisher Portal
+        if: !contains(github.ref, 'SNAPSHOT')
+        run: |
+          token=$(echo -n "${{ secrets.NEXUS_USERNAME }}:${{ secrets.NEXUS_PASSWORD }}" | base64)
+          curl -X POST \
+            -H "Authorization: Bearer $token" \
+            -F "publishing_type=automatic" \
+            https://central.sonatype.com/manual/upload/defaultRepository/com.pkware.filesystem
diff --git a/README.md b/README.md
index 5caae5f..8bcb2f9 100644
--- a/README.md
+++ b/README.md
@@ -64,23 +64,23 @@ val cachingPath = cachingFilesystem.convertToCachingPath(path)
 ```
 
 ## Releasing:
+Both a normal or snapshot release can be made. In order to have the publish pipeline run, the release must be made from
+a `release/*` branch. For a snapshot release, the release must be made fron a `release/*-SNAPSHOT` branch.
+
 1. Make and checkout a release branch on github.
-2. Change the version in gradle.properties to a non-SNAPSHOT version.
-3. Update the CHANGELOG.md for the impending release.
+2. Change the version in gradle.properties to a non-SNAPSHOT version if needed.
+3. Update the CHANGELOG.md for the impending release for non-SNAPSHOT versions.
 4. Run `git commit -am "Release X.Y.Z."` (where X.Y.Z is the new version) in the terminal or
    command line.
 5. Make a PR with your changes.
 6. Merge the release PR after approval, tag the commit on the main branch with
    `git tag -a X.Y.Z -m "X.Y.Z"`(X.Y.Z is the new version).
 7. Run `git push --tags`.
-8. Run `./gradlew publish` in the terminal or command line.
-9. Visit [Sonatype Nexus] and promote the artifact.
-10. Update `gradle.properties` to the next SNAPSHOT version.
-11. Run `git commit -am "Prepare next development version."`
-12. Make a PR with your changes.
-13. Merge the next version PR after approval.
-
-If step 8 or 9 fails, drop the Sonatype repo, fix the problem, commit, and start again at step 8.
+8. Verify [Sonatype] has the artifact published
+8. Update `gradle.properties` to the next SNAPSHOT version.
+9. Run `git commit -am "Prepare next development version."`
+10. Make a PR with your changes.
+11. Merge the next version PR after approval.
 
 [Procmon]: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
-[Sonatype Nexus]: https://oss.sonatype.org/
+[Sonatype]: https://central.sonatype.com/
diff --git a/file-attribute-caching/build.gradle.kts b/file-attribute-caching/build.gradle.kts
index 0a8a3af..84b8eed 100644
--- a/file-attribute-caching/build.gradle.kts
+++ b/file-attribute-caching/build.gradle.kts
@@ -74,6 +74,7 @@ publishing {
     }
     repositories {
         maven {
+            name = "MavenCentral"
             url = uri(if (version.toString().isReleaseBuild) releaseRepositoryUrl else snapshotRepositoryUrl)
             credentials {
                 username = repositoryUsername
@@ -84,8 +85,15 @@ publishing {
 }
 
 signing {
-    // Signing credentials are stored locally in the user's global gradle.properties file.
+    // Signing credentials are stored as secrets in GitHub.
     // See https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials for more information.
+
+    useInMemoryPgpKeys(
+        signingKeyId, // ID of the GPG key
+        signingKey, // GPG public key
+        signingPassword, // Password for the GPG public key
+    )
+
     sign(publishing.publications["mavenJava"])
 }
 
@@ -95,13 +103,13 @@ val String.isReleaseBuild
 val Project.releaseRepositoryUrl: String
     get() = properties.getOrDefault(
         "RELEASE_REPOSITORY_URL",
-        "https://oss.sonatype.org/service/local/staging/deploy/maven2",
+        "https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2",
     ).toString()
 
 val Project.snapshotRepositoryUrl: String
     get() = properties.getOrDefault(
         "SNAPSHOT_REPOSITORY_URL",
-        "https://oss.sonatype.org/content/repositories/snapshots",
+        "https://central.sonatype.com/repository/maven-snapshots/",
     ).toString()
 
 val Project.repositoryUsername: String
@@ -110,6 +118,15 @@ val Project.repositoryUsername: String
 val Project.repositoryPassword: String
     get() = properties.getOrDefault("NEXUS_PASSWORD", "").toString()
 
+val Project.signingKeyId: String
+    get() = properties.getOrDefault("SIGNING_KEY_ID", "").toString()
+
+val Project.signingKey: String
+    get() = properties.getOrDefault("SIGNING_KEY", "").toString()
+
+val Project.signingPassword: String
+    get() = properties.getOrDefault("SIGNING_PASSWORD", "").toString()
+
 val Project.pomPackaging: String
     get() = properties.getOrDefault("POM_PACKAGING", "jar").toString()