diff --git a/.github/workflows/release-and-deploy.yml b/.github/workflows/release-and-deploy.yml
new file mode 100644
index 0000000..0bd7562
--- /dev/null
+++ b/.github/workflows/release-and-deploy.yml
@@ -0,0 +1,57 @@
+# sets up java, maven and gpg
+# sets up settings.xml in such a way that the build/deploy works
+# releases the project with specified version
+# deploys it to the sonatype staging repo
+name: Release and deploy to Sonatype staging repo
+
+env:
+  GITHUB_PAT: ${{ secrets.QUDTLIB_BOT_GITHUB_TOKEN }}
+  MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+  MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+  MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}   
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Release version (such as 2.3.13)'     
+        required: true
+        type: string
+      next_snapshot_version:
+        description: 'Next SNAPSHOT version (such as 2.4-SNAPSHOT)'     
+        required: true
+        type: string      
+      environment:
+        description: 'Environment to run tests against'
+        type: environment
+        required: true
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '11'
+    - name: Set up Apache Maven Central
+      uses: actions/setup-java@v3
+      with: # running setup-java again overwrites the settings.xml
+        distribution: 'temurin'
+        java-version: '11'
+        server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+        server-username: MAVEN_USERNAME  # env variable for username in deploy
+        server-password: MAVEN_CENTRAL_TOKEN  # env variable for token in deploy
+        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}  # Value of the GPG private key to import
+        gpg-passphrase: MAVEN_GPG_PASSPHRASE  # env variable for GPG private key passphrase
+    - name: setup git config
+      run: |
+          git config user.name ${{ github.actor }}
+          git config user.email "<>"
+    - name: Build with Maven, deploying to sonatype staging repo
+      run: mvn -B release:clean release:prepare release:perform -Dpassword=$GITHUB_PAT -Dproject.version=${{ inputs.release_version }} -DdevelopmentVersion=${{ inputs.next_snapshot_version }} -Dgpg.passphrase=$MAVEN_GPG_PASSPHRASE
+    - name: Print summary
+      run: echo "Release ${{ inputs.release_version }} deployed to sonatype staging repo. Please go there, close the repo and publish it." >> $GITHUB_STEP_SUMMARY
diff --git a/pom.xml b/pom.xml
index 0760da3..5af2653 100644
--- a/pom.xml
+++ b/pom.xml
@@ -247,6 +247,13 @@
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
                         <version>1.6</version>
+                        <configuration>
+                            <!-- Prevent gpg from using pinentry programs -->
+                            <gpgArguments>
+                                <arg>--pinentry-mode</arg>
+                                <arg>loopback</arg>
+                            </gpgArguments>
+                        </configuration>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -295,4 +302,4 @@
             <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
         </repository>
     </distributionManagement>
-</project>
\ No newline at end of file
+</project>