diff --git a/.github/scripts/s3_upload.sh b/.github/scripts/s3_upload.sh
new file mode 100644
index 00000000..abb7ffcc
--- /dev/null
+++ b/.github/scripts/s3_upload.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -ev
+
+# First, upload the new files w/o deleting the old ones
+aws s3 sync . $BUCKET --exclude '.git/*' --exclude '.github/*'
+
+# Second, upload them again but delete the old files this time
+# This allows for a no-downtime deployment
+aws s3 sync . $BUCKET --exclude '.git/*' --exclude '.github/*' --delete
+
+# Finally, upload all HTML files again but w/o an extention so that URLs like /welcome open the right page
+for file in $(find . -name '*.html' | sed 's|^\./||'); do
+    aws s3 cp ${file%} $BUCKET/${file%.*} --content-type 'text/html' --exclude '.git/*' --exclude '.github/*'
+done
\ No newline at end of file
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 00000000..47b49fff
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,64 @@
+name: Deploy to staging
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - nextra
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions: write-all
+
+    name: Deploy to staging
+
+    steps:
+      - name: Cancel previous runs
+        uses: styfle/cancel-workflow-action@0.8.0
+        with:
+          access_token: ${{ github.token }}
+
+      - uses: actions/checkout@v3
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Install dependencies
+        shell: bash
+        run: pnpm install --frozen-lockfile
+
+      - name: Build app
+        shell: bash
+        run: pnpm build
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      # Deploy the nextra branch to staging
+      - name: Deploy to the staging S3
+        if: github.ref == 'refs/heads/nextra'
+        env:
+          BUCKET: s3://${{ secrets.AWS_STAGING_BUCKET_NAME }}/current
+        run: bash ./scripts/github/s3_upload.sh
+
+      # Comment
+      - name: Post a deployment link in the PR
+        if: always() && github.event.number
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-id: praul
+          message: |
+            ## Branch preview
+            ✅  Deployed to dev:
+
+            https://safe-web-landing.dev.5afe.dev
+          message-failure: |
+            ## Branch preview
+            ❌  Deploy failed!
+