diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index 07efe35..4fdc82a 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -1,4 +1,3 @@
-
 name: upload package to pypi
 
 on:
@@ -10,6 +9,10 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
     steps:
     - uses: actions/checkout@v4
       with:
@@ -22,6 +25,8 @@ jobs:
         enable-cache: true
         cache-dependency-glob: "uv.lock"
 
+    - run: uv build
+
     - name: Generate artifact attestation for sdist and wheels
       uses: actions/attest-build-provenance@v2
       with: