diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 5281a46d0..5afe6cd2f 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -7,15 +7,11 @@ on:
       - "**.go"
       - go.mod
       - go.sum
-      - ".github/licenses.tmpl"
-      - "script/licenses*"
   pull_request:
     paths:
       - "**.go"
       - go.mod
       - go.sum
-      - ".github/licenses.tmpl"
-      - "script/licenses*"
 permissions:
   contents: read
 jobs:
@@ -50,18 +46,6 @@ jobs:
         with:
           version: v2.1.6
 
-      # actions/setup-go does not setup the installed toolchain to be preferred over the system install,
-      # which causes go-licenses to raise "Package ... does not have module info" errors.
-      # for more information, https://github.com/google/go-licenses/issues/244#issuecomment-1885098633
-      #
-      # go-licenses has been pinned for automation use.
-      - name: Check licenses
-        run: |
-          export GOROOT=$(go env GOROOT)
-          export PATH=${GOROOT}/bin:$PATH
-          go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e
-          make licenses-check
-
   # Discover vulnerabilities within Go standard libraries used to build GitHub CLI using govulncheck.
   govulncheck:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/third-party-licenses.yml b/.github/workflows/third-party-licenses.yml
new file mode 100644
index 000000000..b9d29e9dc
--- /dev/null
+++ b/.github/workflows/third-party-licenses.yml
@@ -0,0 +1,49 @@
+name: Third Party Licenses
+on:
+  push:
+    branches:
+      - trunk
+    paths:
+      - go.mod
+      - go.sum
+      - ".github/licenses.tmpl"
+      - "script/licenses*"
+jobs:
+  # This job is responsible for updating the third-party license reports and source code.
+  # It should be safe to cancel as the latest version of `go.mod` should be checked in.
+  regenerate-licenses:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}
+      cancel-in-progress: true
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.AUTOMATION_TOKEN }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Regenerate licenses
+        run: |
+          export GOROOT=$(go env GOROOT)
+          export PATH=${GOROOT}/bin:$PATH
+          go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e
+          make licenses
+          git diff
+
+      - name: Commit and push changes
+        run: |
+          if git diff --exit-code; then
+            echo "No third-party license changes to commit"
+          else
+            git config --local user.name "github-actions[bot]"
+            git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git add third-party third-party-licenses.*.md
+            git commit -m "Generate licenses - $GITHUB_SHA"
+            git pull
+            git push origin
+          fi