diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
new file mode 100644
index 000000000..b31b1627a
--- /dev/null
+++ b/.github/workflows/pypi.yml
@@ -0,0 +1,45 @@
+# This workflow will upload a Python Package using Twine when a new tag is created
+# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+
+name: detect-secrets-pypi
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+
+  tox:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        python: ['3.6', '3.7', '3.8', '3.9']
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python }}
+    - run: python -m pip install --upgrade setuptools pip tox virtualenv
+    # Run tox only for the installed py version on the runner as outlined in the python matrix
+    # Ensures the correct py version is installed and tested as opposed to 'tox' which attempts to run for all py versions in tox.ini
+    - run: tox -e py
+    - run: tox -e mypy
+
+  deploy:
+    # Run tests beforing deploying to pypi
+    needs: tox
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+    - name: Build package
+      run: python setup.py sdist bdist_wheel
+    - name: Publish package
+      uses: pypa/gh-action-pypi-publish@v1.5.0
+      with:
+        password: ${{ secrets.pypi_password }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a8ae6f1e0..52262f9b4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,49 @@ If you love `detect-secrets`, please star our project on GitHub to show your sup
 ### Unreleased
 -->
 
+### v1.2.0
+##### February 10th, 2022
+
+#### :mega: Release Highlights
+- Continous integration github action added ([#506])
+- Release pipeline github action added ([#513])
+
+#### :tada: New Features
+
+- New GitHub token plugin added ([#465])
+- New SendGrid plugin added ([#463])
+- More new ignored file extensions
+
+#### :bug: Bugfixes
+- Fixes catastrophic backtracking for indirect reference heuristic ([#509])
+- Fixes pre-commit hook secret equality checking causing updates to baseline with no real changes - only a timestamp update ([#507])
+- Fixes python 3.8 failing to load plugins on windows and macos ([#505])
+- Fixes yaml transformer inline dicitonary index out of bounds exceptions ([#501])
+- Fixes regex for slack url ([#477])
+- Fixes `AttributeError: 'PotentialSecret' object has no attribute 'line_number'` by safely falling back to 0 if line_number isn't present. ([#476])([#472])
+- Fixes gibberish-detector current version
+- Fixes filtering ordering in .secrets.baseline
+
+#### :snake: Miscellaneous
+
+- Updated README due hook failing to interpret filenames with spaces ([#470])
+- Add CI github action badge to README
+- Development dependency bumps ([#519])
+
+[#463]: https://github.com/Yelp/detect-secrets/pull/463
+[#465]: https://github.com/Yelp/detect-secrets/pull/465
+[#470]: https://github.com/Yelp/detect-secrets/pull/470
+[#472]: https://github.com/Yelp/detect-secrets/pull/472
+[#476]: https://github.com/Yelp/detect-secrets/pull/476
+[#477]: https://github.com/Yelp/detect-secrets/pull/477
+[#501]: https://github.com/Yelp/detect-secrets/pull/501
+[#505]: https://github.com/Yelp/detect-secrets/pull/505
+[#506]: https://github.com/Yelp/detect-secrets/pull/506
+[#507]: https://github.com/Yelp/detect-secrets/pull/507
+[#509]: https://github.com/Yelp/detect-secrets/pull/509
+[#513]: https://github.com/Yelp/detect-secrets/pull/513
+[#519]: https://github.com/Yelp/detect-secrets/pull/519
+
 ### v1.1.0
 ##### April 14th, 2021
 
diff --git a/README.md b/README.md
index 1a3796434..5daab473c 100644
--- a/README.md
+++ b/README.md
@@ -380,7 +380,7 @@ We recommend setting this up as a pre-commit hook. One way to do this is by usin
 # .pre-commit-config.yaml
 repos:
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.0.0
+    rev: v1.2.0
     hooks:
     -   id: detect-secrets
         args: ['--baseline', '.secrets.baseline']
diff --git a/docs/upgrades.md b/docs/upgrades.md
index bfee89a2b..0a269a3df 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -71,10 +71,5 @@ scripts/bump-version
 
 ### Pushing to PyPi
 
-```bash
-# First, test with test.pypi.com
-scripts/upload-to-pypi
-
-# If all looks good, we can head to prod!
-scripts/upload-to-pypi --prod
-```
+Once the tag from `scripts/bump-version` has been created and pushed to the repository, the pypi
+github action will automatically start and publish the package to pypi.
diff --git a/scripts/upload-to-pypi b/scripts/upload-to-pypi
deleted file mode 100755
index 2d14e1d10..000000000
--- a/scripts/upload-to-pypi
+++ /dev/null
@@ -1,144 +0,0 @@
-#!/usr/bin/env python
-import argparse
-import os
-import re
-import shutil
-import subprocess
-import sys
-from contextlib import contextmanager
-from functools import lru_cache
-from typing import Generator
-from typing import Tuple
-from urllib.parse import urlsplit
-from urllib.parse import urlunsplit
-
-from detect_secrets.__version__ import VERSION
-
-
-PACKAGE_NAME = 'detect-secrets'
-
-
-def main() -> int:
-    args = parse_args()
-    set_index_url(args.prod)
-
-    if exists_in_pypi():
-        print('error: version already exists in pypi.', file=sys.stderr)
-        return 1
-
-    install_dependencies()
-    with create_distribution_files():
-        upload_to_pypi()
-
-    return 0
-
-
-def parse_args() -> argparse.Namespace:
-    parser = argparse.ArgumentParser()
-    parser.add_argument(
-        '--prod',
-        action='store_true',
-        help='Uploads to proper PyPI.',
-    )
-
-    return parser.parse_args()
-
-
-def set_index_url(is_prod: bool) -> None:
-    # Source: https://pip.pypa.io/en/latest/user_guide/#environment-variables
-    if os.environ.get('PIP_DEFAULT_INDEX_URL'):
-        # If this is already specified, don't specify the index url through CLI, otherwise
-        # it will be overwritten.
-        return
-
-    if is_prod:
-        # This will default to public pypi.
-        return
-
-    # Otherwise, we leverage environment variables to inject this to make things simpler.
-    os.environ['PIP_DEFAULT_INDEX_URL'] = 'https://test.pypi.org/simple/'
-
-
-def install_dependencies() -> None:
-    pip_install('setuptools', 'wheel', 'twine')
-
-
-@lru_cache(maxsize=1)
-def get_pip_version() -> Tuple[int]:
-    return tuple(
-        map(
-            int,
-            # example output: pip 19.3.1 from ...
-            (
-                subprocess.check_output('pip --version'.split()).decode()
-                .split()[1]
-                .split('.')
-            ),
-        ),
-    )
-
-
-def exists_in_pypi() -> bool:
-    # Source: https://stackoverflow.com/a/26664162/13340678
-    pip_version = get_pip_version()
-
-    command = ['pip', 'install']
-    if os.environ.get('PIP_DEFAULT_INDEX_URL'):
-        command += ['-i', os.environ['PIP_DEFAULT_INDEX_URL']]
-    if pip_version[0] >= 20 and pip_version[1] >= 3:
-        command.append('--use-deprecated=legacy-resolver')
-
-    try:
-        subprocess.check_output(
-            [
-                sys.executable, '-m',
-                *command,
-                f'{PACKAGE_NAME}==',
-            ],
-            stderr=subprocess.STDOUT,
-        )
-    except subprocess.CalledProcessError as e:
-        available_versions = re.search(r'from versions: ([^\)]+)\)', e.stdout.decode()).group(1)
-        return VERSION in available_versions
-
-
-def upload_to_pypi() -> None:
-    command = ['twine', 'upload']
-    if os.environ.get('PIP_DEFAULT_INDEX_URL'):
-        # NOTE: The upload URL is `/legacy`.
-        parts = list(urlsplit(os.environ['PIP_DEFAULT_INDEX_URL']))
-        parts[2] = '/legacy/'
-
-        command += ['--repository-url', urlunsplit(parts)]
-
-    subprocess.run([*command, 'dist/*'])
-
-
-def pip_install(*packages) -> None:
-    subprocess.run([
-        sys.executable, '-m',
-        'pip', 'install',
-        *packages,
-    ])
-
-
-@contextmanager
-def create_distribution_files() -> Generator[None, None, None]:
-    try:
-        subprocess.run([
-            sys.executable, 'setup.py',
-            # sdist == source files
-            'sdist',
-
-            # bdest == binary distributions through wheels (for faster installs)
-            'bdist_wheel',
-        ])
-
-        yield
-    finally:
-        shutil.rmtree('build')
-        shutil.rmtree('dist')
-
-
-if __name__ == '__main__':
-    sys.exit(main())
diff --git a/setup.cfg b/setup.cfg
index b590c860c..da8312d81 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -4,10 +4,7 @@ commit = True
 tag = True
 
 [metadata]
-description-file = README.md
-
-[wheel]
-universal = True
+description_file = README.md
 
 [bumpversion:file:detect_secrets/__version__.py]
 search = VERSION = '{current_version}'