diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index ce2c578..9409e5f 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: write
+  actions: write
 
 concurrency:
   group: auto-release-main
@@ -80,3 +81,11 @@ jobs:
           git push origin HEAD:main
           TAG="${{ steps.bump.outputs.tag }}"
           git push origin "$TAG"
+
+      - name: Dispatch publish workflow for bot-created tag
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          set -euo pipefail
+          TAG="${{ steps.bump.outputs.tag }}"
+          gh workflow run publish.yml --ref "$TAG" -f publish_pypi=true -f publish_npm=true
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7161691..13ac55b 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -115,7 +115,7 @@ jobs:
       - verify
       - publish-pypi
       - publish-npm
-    if: github.event_name == 'push'
+    if: startsWith(github.ref, 'refs/tags/v') && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
     runs-on: ubuntu-latest
     permissions:
       contents: write
diff --git a/tests/test_release_workflows.py b/tests/test_release_workflows.py
index d0157e5..8f1c27d 100644
--- a/tests/test_release_workflows.py
+++ b/tests/test_release_workflows.py
@@ -12,10 +12,13 @@ def test_auto_release_workflow_bumps_versions_on_main_merges() -> None:
     assert "branches:" in workflow
     assert "- main" in workflow
     assert "contents: write" in workflow
+    assert "actions: write" in workflow
     assert "[skip release]" in workflow
     assert "scripts/bump_release_version.py --patch" in workflow
     assert "git push origin HEAD:main" in workflow
     assert "git push origin \"$TAG\"" in workflow
+    assert "gh workflow run publish.yml" in workflow
+    assert "--ref \"$TAG\"" in workflow
 
 
 def test_publish_workflow_remains_tag_driven_only() -> None:
@@ -26,3 +29,5 @@ def test_publish_workflow_remains_tag_driven_only() -> None:
     assert "branches:" not in workflow
     assert "npm publish --access public --provenance" in workflow
     assert "softprops/action-gh-release" in workflow
+    assert "github.event_name == 'workflow_dispatch'" in workflow
+    assert "startsWith(github.ref, 'refs/tags/v')" in workflow