diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml
index b9fc99ae1..56a3a4880 100644
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@@ -2,8 +2,6 @@ name: autofix.ci  # needed to securely identify the workflow
 
 on:
   pull_request:
-  push:
-    branches: [ "main" ]
 
 permissions:
   contents: read
@@ -18,9 +16,15 @@ jobs:
         with:
           node-version: 20
           cache: "pnpm"
+
       - run: pnpm install
-      - name: Run sync
+
+      - name: Lint
+        run: pnpm lint --fix
+
+      - name: Sync
         run: pnpm sync
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
       - uses: autofix-ci/action@ff86a557419858bb967097bfc916833f5647fa8c
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bf48c4b4a..cb5a709f5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,9 +21,12 @@ jobs:
         with:
           node-version: 20
           cache: "pnpm"
+
       - run: pnpm install
 
       - name: Lint
+        # these run in the autofix workflow on pull requests
+        if: github.event_name == 'push'
         run: pnpm lint
 
       - name: Test types
@@ -31,29 +34,15 @@ jobs:
 
       - name: Sync
         run: pnpm sync
+        # these run in the autofix workflow on pull requests
+        if: github.event_name == 'push'
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
       - name: Sync Status
+        # these run in the autofix workflow on pull requests
+        if: github.event_name == 'push'
         run: git diff --exit-code
 
       - name: Build
         run: pnpm build
-
-      - uses: dorny/paths-filter@v2
-        if: github.event_name == 'push'
-        id: changes
-        with:
-          filters: |
-            modules:
-              - 'modules/**'
-              - 'lib/**'
-
-      - name: Publish to npm
-        if: github.event_name == 'push' && steps.changes.outputs.modules == 'true'
-        run: |
-          echo "//registry.npmjs.org/:_authToken=$NPM_AUTH_TOKEN" >> ~/.npmrc
-          echo "//registry.pnpmpkg.com/:_authToken=$NPM_AUTH_TOKEN" >> ~/.npmrc
-          pnpm release
-        env:
-          NPM_AUTH_TOKEN: ${{secrets.NPM_AUTH_TOKEN}}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000..4f9183c97
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,35 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - main
+    paths: 
+      - 'modules/**'
+      - 'lib/**'
+
+permissions:
+  contents: read
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: corepack enable
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: "pnpm"
+      - run: pnpm install
+
+      - name: Build
+        run: pnpm build
+
+      - name: Publish to npm
+        run: |
+          echo "//registry.npmjs.org/:_authToken=$NPM_AUTH_TOKEN" >> ~/.npmrc
+          echo "//registry.pnpmpkg.com/:_authToken=$NPM_AUTH_TOKEN" >> ~/.npmrc
+          pnpm release
+        env:
+          NPM_AUTH_TOKEN: ${{secrets.NPM_AUTH_TOKEN}}