diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index d168f9a..5c3f80f 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -1,6 +1,7 @@
 name: CI pipeline
 on:
   workflow_dispatch:
+  workflow_call:
   pull_request:
     branches:
       - 'dev'
@@ -29,3 +30,8 @@ jobs:
         run: yarn test
       - name: build code
         run: yarn build
+      - name: upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: dist
diff --git a/.github/workflows/S3-Deploy-Boris.yml b/.github/workflows/S3-Deploy-Boris.yml
new file mode 100644
index 0000000..aeef05f
--- /dev/null
+++ b/.github/workflows/S3-Deploy-Boris.yml
@@ -0,0 +1,30 @@
+name: CD pipeline Boris
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  rerun-CI-worlflow:
+    uses: ./.github/workflows/CI.yml
+  deploy-to-S3:
+    needs: rerun-CI-worlflow
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v4
+      - name: download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: dist
+      - name: configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          audience: sts.amazonaws.com
+          aws-region: ap-southeast-2
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_BORIS }}
+      - name: sts get caller identity
+        run: aws sts get-caller-identity
+      - name: deploy to S3
+        run: aws s3 sync dist s3://${{ secrets.AWS_S3_BUCKET_BORIS }}