diff --git a/.github/actions/release.sh b/.github/actions/release.sh
index c9a56b70..b37b4e59 100755
--- a/.github/actions/release.sh
+++ b/.github/actions/release.sh
@@ -83,11 +83,7 @@ towncrier build --yes --version "${RELEASE_VERSION}" && git add CHANGELOG.md cha
 git add src/openllm/__about__.py package.json && git commit -S -sm "infra: prepare for release ${RELEASE_VERSION} [generated]"
 git push origin main
 
-echo "Building artifacts for releasing..." && hatch build
-
-echo "Releasing version ${RELEASE_VERSION}" && hatch publish
-
-echo "Releasing tag ${RELEASE_VERSION}..." && git tag -a "v${RELEASE_VERSION}" -sm "Release ${RELEASE_VERSION} [generated by tools/release]"
+echo "Releasing tag ${RELEASE_VERSION}..." && git tag -a "v${RELEASE_VERSION}" -sm "Release ${RELEASE_VERSION} [generated by GitHub Actions]"
 git push origin "v${RELEASE_VERSION}"
 
 echo "Finish releasing version ${RELEASE_VERSION}"
diff --git a/.github/workflows/create-releases.yml b/.github/workflows/create-releases.yml
index 97ac92b9..93d37a90 100644
--- a/.github/workflows/create-releases.yml
+++ b/.github/workflows/create-releases.yml
@@ -25,13 +25,6 @@ on:
           - major
           - minor
           - patch
-env:
-  # This special value tells pypi that the user identity is supplied within the token
-  HATCH_INDEX_USER: __token__
-  # Note, the PYPI_API_TOKEN is for the OpenLLM PyPI user, on
-  # https://github.com/bentoml/openllm/settings/secrets/actions
-  HATCH_INDEX_AUTH: ${{ secrets.PYPI_API_TOKEN }}
-# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrun
 defaults:
   run:
     shell: bash --noprofile --norc -exo pipefail {0}
@@ -39,7 +32,6 @@ jobs:
   release:
     if: github.repository_owner == 'bentoml'
     runs-on: ubuntu-latest
-    environment: release
     permissions:
       contents: write
       id-token: write
@@ -88,10 +80,29 @@ jobs:
     needs: release
     name: Create binary/wheels distribution
     uses: bentoml/OpenLLM/.github/workflows/binary-releases.yml@main
+  publish-python:
+    if: github.repository_owner == 'bentoml' && github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
+    needs:
+      - binary-distribution
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Download Python artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: python-artifacts
+          path: dist
+      - name: Push Python artifacts to PyPI
+        uses: pypa/gh-action-pypi-publish@v1.8.7
+        with:
+          skip-existing: true
   prepare-for-dev-cycle:
     if: github.repository_owner == 'bentoml'
     needs:
       - release
+      - publish-python
       - binary-distribution
     name: Create release notes and setup for next cycle
     uses: bentoml/OpenLLM/.github/workflows/release-notes.yml@main
diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
index 1723ae48..8b572454 100644
--- a/.github/workflows/release-notes.yml
+++ b/.github/workflows/release-notes.yml
@@ -25,13 +25,6 @@ on:
       tags:
         required: true
         type: string
-env:
-  # This special value tells pypi that the user identity is supplied within the token
-  HATCH_INDEX_USER: __token__
-  # Note, the PYPI_API_TOKEN is for the OpenLLM PyPI user, on
-  # https://github.com/bentoml/openllm/settings/secrets/actions
-  HATCH_INDEX_AUTH: ${{ secrets.PYPI_API_TOKEN }}
-# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrun
 defaults:
   run:
     shell: bash --noprofile --norc -exo pipefail {0}