diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
index 75d4c7772201..0e27d8241bb1 100644
--- a/.github/workflows/pypi-publish.yml
+++ b/.github/workflows/pypi-publish.yml
@@ -43,6 +43,14 @@ jobs:
           echo "PYPI_URL=https://test.pypi.org/legacy/" >> $GITHUB_ENV
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi'
 
+      - name: Setup python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: '3.14'
+        timeout-minutes: 3
+
+      - run: python -m pip install -c ci-constraints-requirements.txt 'uv'
+
       - uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
         with:
           path: tmpdist/
@@ -51,13 +59,15 @@ jobs:
       - run: |
           find tmpdist/ -type f -name 'cryptography*' -exec mv {} dist/ \;
 
+      - uses: astral-sh/attest-action@f589a42a7efb6fe400b4f400de60b4bc90390027 # v0.0.6
+        # Do not perform attestation for things for TestPyPI. This is
+        # because there's nothing that would prevent a malicious PyPI from
+        # serving a signed TestPyPI asset in place of a release intended for
+        # PyPI.
+        if: env.PYPI_URL == 'https://upload.pypi.org/legacy/'
+
       - name: Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b  # v1.14.0
-        with:
-          repository-url: ${{ env.PYPI_URL }}
-          skip-existing: true
-          # Do not perform attestation for things for TestPyPI. This is
-          # because there's nothing that would prevent a malicious PyPI from
-          # serving a signed TestPyPI asset in place of a release intended for
-          # PyPI.
-          attestations: ${{ env.PYPI_URL == 'https://upload.pypi.org/legacy/' }}
+        run: |
+          uv publish --trusted-publishing=always dist/*
+        env:
+          UV_PUBLISH_URL: ${{ env.PYPI_URL }}