diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml
new file mode 100644
index 000000000..d33c80f01
--- /dev/null
+++ b/.github/workflows/test-release.yml
@@ -0,0 +1,54 @@
+name: Release
+
+on:
+  push:
+    branches: [test-auth]
+  workflow_dispatch:
+
+env:
+  npmVersion: 8
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    # This environment contains secrets needed for publishing
+    environment: release
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          # Fetch all history (required for publishing which looks at history)
+          fetch-depth: 0
+          # Don't save creds in the git config (so it's easier to override later)
+          persist-credentials: false
+
+      - name: Install Node.js from .nvmrc
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+
+      # Guarantee a predictable version of npm (the PR build tests against both 6 and 8)
+      - name: Install package managers
+        run: npm install --global npm@${{ env.npmVersion }} yarn@1
+
+      - run: yarn --frozen-lockfile
+
+      - run: yarn build
+
+      - name: Publish package
+        run: |
+          git config user.email "kchau@microsoft.com"
+          git config user.name "Ken Chau"
+
+          # Get the existing remote URL without creds, and use a trap (like try/finally)
+          # to restore it after this step finishes
+          trap "git remote set-url origin '$(git remote get-url origin)'" EXIT
+
+          # Add a token to the remote URL for auth during release
+          git remote set-url origin "https://$REPO_PAT@github.com/$GITHUB_REPOSITORY"
+
+          yarn release -y
+        env:
+          REPO_PAT: ${{ secrets.REPO_PAT }}
diff --git a/beachball.config.js b/beachball.config.js
index 10b916e12..f4da88f62 100644
--- a/beachball.config.js
+++ b/beachball.config.js
@@ -1,6 +1,14 @@
 // @ts-check
-/** @type {import('./src/types/BeachballOptions').RepoOptions}*/
-module.exports = {
+const { git } = require('workspace-tools');
+/** @type {Partial<import('./src/types/BeachballOptions').RepoOptions>} */
+const config = {
+  gitTags: false,
+  tag: 'latest',
+  branch: 'test-auth',
+  publish: false,
+  generateChangelog: true,
+  groupChanges: true,
+  access: 'public',
   disallowedChangeTypes: ['major'],
   ignorePatterns: [
     '.*ignore',
@@ -16,4 +24,10 @@ module.exports = {
     // This one is especially important (otherwise dependabot would be blocked by change file requirements)
     'yarn.lock',
   ],
+  hooks: {
+    postbump: () => {
+      git(['remote', '-vv'], { stdio: 'inherit' });
+    },
+  },
 };
+module.exports = config;