diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..53c0b2f
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,16 @@
+name: publish
+
+on:
+  push:
+
+jobs:
+  # https://dart.dev/tools/pub/automated-publishing
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: flutter-actions/setup-flutter@v3
+      - uses: ./
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..04ab92d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# About
+GitHub Action to configuring credentials for automated publishing of packages to pub.dev
diff --git a/action.sh b/action.sh
new file mode 100755
index 0000000..2e51f51
--- /dev/null
+++ b/action.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+if [[ -z "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]] && [[ -z "${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" ]]; then
+    echo "==> No GitHub OIDC token found, skipping..."
+    exit 0
+fi
+
+log_group_start() {
+    echo "::group::${1}"
+}
+log_group_end() {
+    echo "::endgroup::"
+}
+
+jwtd() {
+    log_group_start "Decoding JWT data..."
+    jq -R 'split(".") | .[0],.[1] | @base64d | fromjson' <<< "${1}"
+    echo "Signature: $(echo "${1}" | awk -F'.' '{print $3}')"
+    log_group_end
+}
+
+INPUT_GITHUB_OIDC_AUDIENCE="https://pub.dev"
+
+echo "Create the OIDC token used for pub.dev publishing..."
+GITHUB_OIDC_RESPONSE=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=${INPUT_GITHUB_OIDC_AUDIENCE}")
+GITHUB_OIDC_IDTOKEN=$(jq -r '.value' <<< "${GITHUB_OIDC_RESPONSE}")
+export PUB_TOKEN=${GITHUB_OIDC_IDTOKEN}
+echo "PUB_TOKEN=${GITHUB_OIDC_IDTOKEN}" >> $GITHUB_ENV
+
+jwtd "$GITHUB_OIDC_IDTOKEN"
+
+echo "The Dart CLI successfully authenticated with the GitHub OIDC token,"
+dart pub token add ${INPUT_GITHUB_OIDC_AUDIENCE} --env-var PUB_TOKEN
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..76585f9
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,8 @@
+name: "Setup Pub.dev credentials"
+description: "Configuring credentials for automated publishing of packages to pub.dev"
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Pub.dev credentials
+      run: $GITHUB_ACTION_PATH/action.sh
+      shell: bash