diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index eb2d2892f0..da23bdb6e8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,5 +1,10 @@
+# Workflow to publish crates.io and GitHub releases
+# Changes to this workflow must be reviewed carefully!
 name: Publish
 
+# Workflow triggers should be strictly controlled,
+# as this will trigger publishing to crates.io.
+# We only want to publish on the main branch.
 on:
   push:
     branches: [main]
@@ -50,3 +55,32 @@ jobs:
     with:
       release-tag: ${{ needs.publish-github-release.outputs.release-tag }}
       rust_version: stable
+
+  # Our CI testing ensures that mozjs-sys and mozjs are always bumped together.
+  # We always publish both versions, since mozjs depends on a specific version
+  # of mozjs-sys
+  publish-crates-io:
+    name: Publish to crates.io
+    runs-on: ubuntu-latest
+    needs:
+      - publish-github-release
+      - verify-release
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v6
+      - uses: rust-lang/crates-io-auth-action@v1
+        id: auth
+      # publish mozjs-sys. We ignore the error if the version is already published, but abort the workflow
+      # on other errors.
+      - run: |
+          cargo publish -p mozjs-sys 2> err.log || grep "already exists on crates.io" err.log || ( cat err.log ; exit 1)
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+      # Wait a bit to ensure the release is published
+      - run: sleep 5
+      - run: |
+          rm -f err.log
+          cargo publish -p mozjs 2> err.log || grep "already exists on crates.io" err.log || ( cat err.log ; exit 1)
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
\ No newline at end of file