diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml
index 3ab78409..e308bdb1 100644
--- a/.github/workflows/build-docs.yaml
+++ b/.github/workflows/build-docs.yaml
@@ -6,6 +6,11 @@ on:
         description: 'the git sha to checkout'
         required: true
         type: string
+      publish-docs:
+        description: 'whether to deploy the generated docs to github pages'
+        required: false
+        default: false
+        type: boolean
 permissions:
   contents: read
 jobs:
@@ -36,3 +41,16 @@ jobs:
         uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
         with:
           path: "rats-devtools/dist/site"
+  deploy-docs:
+    name: "deploy-docs"
+    if: "${{ inputs.publish-docs }}"
+    needs: generate-docs
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 10
+    permissions:
+      pages: write
+      id-token: write
+    steps:
+      - name: "deploy-gh-pages"
+        id: deployment
+        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index ac83057e..f7ea8b18 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -2,13 +2,10 @@ name: Main
 on:
   push:
     branches: [ "main" ]
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
 permissions:
-  contents: write
+  contents: read
   pages: write
   id-token: write
-  attestations: write
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -21,31 +18,12 @@ jobs:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     with:
       sha: ${{ github.sha }}
-  build-wheels:
-    uses: ./.github/workflows/build-wheels.yaml
-    permissions:
-      contents: read
-      id-token: write
-      attestations: write
-    with:
-      sha: ${{ github.sha }}
   build-docs:
     uses: ./.github/workflows/build-docs.yaml
     permissions:
       contents: read
-    with:
-      sha: ${{ github.sha }}
-  release:
-    uses: ./.github/workflows/release.yaml
-    permissions:
-      contents: write
       pages: write
       id-token: write
-    needs:
-      - build-docs
-      - build-wheels
-      - checks
     with:
       sha: ${{ github.sha }}
       publish-docs: true
-      publish-wheels: true
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index bcc943e8..987f4ab1 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -30,5 +30,7 @@ jobs:
     uses: ./.github/workflows/build-docs.yaml
     permissions:
       contents: read
+      pages: write
+      id-token: write
     with:
       sha: ${{ github.sha }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 47937793..49f9a196 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,24 +1,28 @@
 name: Release
 on:
-  workflow_call:
-    inputs:
-      sha:
-        description: 'the git sha to checkout'
-        required: true
-        type: string
-      publish-docs:
-        description: 'whether to publish docs to the github pages'
-        required: true
-        type: boolean
-      publish-wheels:
-        description: 'whether to publish wheels to the configured feed'
-        required: true
-        type: boolean
+  push:
+    branches: [ "main" ]
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+permissions:
+  contents: read
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
+  build-wheels:
+    uses: ./.github/workflows/build-wheels.yaml
+    permissions:
+      contents: read
+      id-token: write
+      attestations: write
+    with:
+      sha: ${{ github.sha }}
+
   publish-wheels:
-    name: "publish-wheels"
-    runs-on: "ubuntu-latest"
-    if: "${{ inputs.publish-wheels }}"
+    name: publish-wheels
+    runs-on: ubuntu-24.04
+    needs: build-wheels
     strategy:
       fail-fast: false
       matrix:
@@ -46,16 +50,3 @@ jobs:
         run: gh release upload "$TAG_NAME" dist/* --clobber
       - name: publish-wheels
         uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
-
-  publish-docs:
-    name: "deploy-docs"
-    runs-on: "ubuntu-latest"
-    if: "${{ inputs.publish-docs }}"
-    timeout-minutes: 10
-    permissions:
-      pages: write
-      id-token: write
-    steps:
-      - name: "deploy-gh-pages"
-        id: deployment
-        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
diff --git a/rats-apps/pyproject.toml b/rats-apps/pyproject.toml
index 3c8ded09..9dbacb16 100644
--- a/rats-apps/pyproject.toml
+++ b/rats-apps/pyproject.toml
@@ -41,7 +41,7 @@ dev = [
 ]
 
 [build-system]
-requires = ["uv_build>=0.9.2,<0.12.0"]
+requires = ["uv_build>=0.11.19,<0.12.0"]
 build-backend = "uv_build"
 
 [tool.uv.build-backend]
diff --git a/rats-devtools/pyproject.toml b/rats-devtools/pyproject.toml
index 65f2b45f..e8e99b2e 100644
--- a/rats-devtools/pyproject.toml
+++ b/rats-devtools/pyproject.toml
@@ -45,7 +45,7 @@ dev = [
 ]
 
 [build-system]
-requires = ["uv_build>=0.9.2,<0.12.0"]
+requires = ["uv_build>=0.11.19,<0.12.0"]
 build-backend = "uv_build"
 
 [tool.uv.build-backend]