diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..5e1c0665
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,31 @@
+# This is a basic workflow to help you get started with Actions
+
+name: prebuild devx closures
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "master" branch
+  push:
+    branches:
+      - main
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Nix with good defaults
+        uses: cachix/install-nix-action@v17
+        with:
+          extra_nix_config: |
+            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= loony-tools:pr9m4BkM/5/eSTZlkQyRt57Jz7OMBxNSUiMC4FkcNfk= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+            substituters = https://cache.iog.io/ https://cache.zw3rk.com/ https://cache.nixos.org/
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Compute and upload closure and developer environment on a custom S3 bucket
+        run: ./extra/s3-uploads.sh ${{ secrets.KEY_ID }} ${{ secrets.SECRET }} ${{ secrets.SECRET_KEY }}
diff --git a/extra/s3-uploads.sh b/extra/s3-uploads.sh
new file mode 100755
index 00000000..e92e4e53
--- /dev/null
+++ b/extra/s3-uploads.sh
@@ -0,0 +1,38 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p awscli zstd
+
+DEV_SHELLS=(
+    "ghc8107"
+    "ghc902"
+    "ghc925"
+    "ghc8107-minimal"
+    "ghc902-minimal"
+    "ghc925-minimal"
+    "ghc8107-static-minimal"
+    "ghc902-static-minimal"
+    "ghc925-static-minimal"
+)
+
+SYSTEMS=("aarch64-darwin" "aarch64-linux" "x86_64-darwin" "x86_64-linux")
+
+# shellcheck disable=SC2034
+AWS_DEFAULT_REGION=us-east-1
+# shellcheck disable=SC2034
+AWS_ACCESS_KEY_ID="$1"
+# shellcheck disable=SC2034
+AWS_SECRET_ACCESS_KEY="$2"
+
+# Generated with: % nix key generate-secret --key-name s3.zw3rk.com
+echo "$3" > ./secret-key
+
+for system in "${SYSTEMS[@]}"; do
+    for devShell in "${DEV_SHELLS[@]}"; do
+        nix build ".#devShells.${system}.${devShell}"
+        nix store sign --key-file ./secret-key --recursive ./result
+        # shellcheck disable=SC2046
+        nix-store --export $(nix-store -qR result) | zstd -z8T8 > "${system}.${devShell}.zstd"
+        nix print-dev-env ".#devShells.${system}.${devShell}" > "${system}.${devShell}.sh"
+        aws --endpoint-url https://s3.zw3rk.com s3 cp "./${system}.${devShell}.sh" s3://devx/
+        aws --endpoint-url https://s3.zw3rk.com s3 cp "./${system}.${devShell}.zstd" s3://devx/
+    done
+done