diff --git a/.github/CODEOWNERS.md b/.github/CODEOWNERS.md
new file mode 100644
index 0000000..a905f98
--- /dev/null
+++ b/.github/CODEOWNERS.md
@@ -0,0 +1 @@
+@scratchfoundation/scratch-engineering
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..526fa07
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,32 @@
+name: Build and Deploy ScratchJr Website
+
+on:
+    push:
+jobs:
+    build-and-deploy:
+        runs-on: ubuntu-latest
+        permissions:
+            id-token: write
+            contents: write
+        environment: ${{ github.ref == 'refs/heads/master' && 'production' || 'staging' }}
+        steps:
+        - uses: actions/checkout@v4
+        - name: Use Node 17x
+          uses: actions/setup-node@v3
+          with:
+            node-version: '17.x'
+        - name: Install Dependencies
+          run: npm install --legacy-peer-deps
+        - name: Lint Site Code
+          run: npm run test
+        - name: Build Site
+          run: npm run build
+        - name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            role-to-assume: ${{ secrets.AWS_OIDC_ROLE }}
+            role-session-name: GitHub-Action-Role
+            aws-region: ${{ vars.AWS_REGION }}
+        - name: Upload to S3
+          run: |
+                aws s3 sync ./build s3://${{ vars.AWS_S3_BUCKET }}/junior/
diff --git a/.gitignore b/.gitignore
index 13e3656..50cda1a 100755
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,7 @@ npm-*
 
 # Build
 /build
+
+# act
+.secrets
+.env