diff --git a/.github/workflows/upload-cdn.yml b/.github/workflows/upload-cdn.yml
new file mode 100644
--- /dev/null
+++ b/.github/workflows/upload-cdn.yml
@@ -0,0 +1,103 @@
+name: Upload (CDN)
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+      folder:
+        required: true
+        type: string
+      trigger_type:
+        required: true
+        type: string
+
+jobs:
+  prepare:
+    name: Prepare
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Download all bundles
+      uses: actions/download-artifact@v3
+
+    - name: Calculate checksums
+      run: |
+        echo "::group::Move bundles to a single folder"
+        mkdir bundles
+        mv openttd-*/* bundles/
+        echo "::endgroup::"
+
+        cd bundles
+        for i in $(ls openttd-*); do
+          echo "::group::Calculating checksums for ${i}"
+          openssl dgst -r -md5 -hex $i > $i.md5sum
+          openssl dgst -r -sha1 -hex $i > $i.sha1sum
+          openssl dgst -r -sha256 -hex $i > $i.sha256sum
+          echo "::endgroup::"
+        done
+
+        # Some targets generate files that are meant for our-eyes-only.
+        # They are stored in the "internal" folder, and contains bundles
+        # for targets like Windows Store. No user has a benefit of knowing
+        # they exist, hence: internal.
+        if [ -e internal ]; then
+          cd internal
+          for i in $(ls openttd-*); do
+            echo "::group::Calculating checksums for ${i}"
+            openssl dgst -r -md5 -hex $i > $i.md5sum
+            openssl dgst -r -sha1 -hex $i > $i.sha1sum
+            openssl dgst -r -sha256 -hex $i > $i.sha256sum
+            echo "::endgroup::"
+          done
+        fi
+
+    - name: Store bundles
+      uses: actions/upload-artifact@v3
+      with:
+        name: cdn-bundles
+        path: bundles/*
+        retention-days: 5
+
+  publish:
+    needs:
+    - prepare
+
+    name: Publish
+    uses: OpenTTD/actions/.github/workflows/rw-cdn-upload.yml@v4
+    secrets:
+      CDN_SIGNING_KEY: ${{ secrets.CDN_SIGNING_KEY }}
+      DEPLOYMENT_APP_ID: ${{ secrets.DEPLOYMENT_APP_ID }}
+      DEPLOYMENT_APP_PRIVATE_KEY: ${{ secrets.DEPLOYMENT_APP_PRIVATE_KEY }}
+    with:
+      artifact-name: cdn-bundles
+      folder: ${{ inputs.folder }}
+      version: ${{ inputs.version }}
+
+  docs:
+    if: ${{ inputs.trigger_type == 'new-master' }}
+    needs:
+    - publish
+
+    name: Publish docs
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Generate access token
+      id: generate_token
+      uses: tibdex/github-app-token@v1
+      with:
+        app_id: ${{ secrets.DEPLOYMENT_APP_ID }}
+        private_key: ${{ secrets.DEPLOYMENT_APP_PRIVATE_KEY }}
+        repository: OpenTTD/workflows
+
+    - name: Trigger 'Publish Docs'
+      uses: peter-evans/repository-dispatch@v2
+      with:
+        token: ${{ secrets.DEPLOYMENT_TOKEN }}
+        repository: OpenTTD/workflows
+        event-type: publish-docs
+        client-payload: '{"version": "${{ inputs.version }}", "folder": "${{ inputs.folder }}"}'