diff --git a/playbooks/artifacts/promote.yaml b/playbooks/artifacts/promote.yaml
new file mode 100644
index 0000000..2fc0528
--- /dev/null
+++ b/playbooks/artifacts/promote.yaml
@@ -0,0 +1,43 @@
+- hosts: localhost
+  vars:
+    name_replacement: '.*?(-py.*?\.whl|\.tar\.gz)'
+    name_target: "{{zuul.project.short_name}}-{{zuul.branch | replace('/', '-')}}\\1"
+  tasks:
+    - name: Check execution context
+      when: "zuul.branch is not defined"
+      fail:
+        msg: "This playbook must be run in a branch-based pipeline (e.g., 'promote')."
+    - name: Create artifact staging directory
+      file:
+        state: directory
+        path: "{{ zuul.executor.work_root }}/artifacts"
+    - name: Download artifacts
+      include_role:
+        name: download-artifact
+      vars:
+        # download_artifact_job: provided by zuul job
+        download_artifact_api: "https://zuul.opendev.org/api/tenant/{{ zuul.tenant }}"
+        # download_artifact_name: provided by zuul job
+        download_artifact_pipeline: gate
+        download_artifact_directory: "{{ zuul.executor.work_root }}/artifacts"
+    - name: Find artifacts
+      find:
+        paths: "{{ zuul.executor.work_root }}/artifacts"
+      register: files
+    - name: Set target directory
+      set_fact:
+        target_dir: "{{ afs.artifact_path }}"
+    - name: Get an AFS token
+      include_role:
+        name: create-afs-token
+    - name: Ensure target directory exists
+      file:
+        path: "{{ target_dir }}"
+        state: directory
+    - name: Upload to AFS
+      command: "cp {{ item.path }} {{ target_dir }}/{{ item.path | basename | regex_replace(name_replacement, name_target) }}"
+      when: "item.path is match(name_replacement)"
+      loop: "{{files.files}}"
+    - name: Destroy AFS token
+      include_role:
+        name: destroy-afs-token
diff --git a/zuul.yaml b/zuul.yaml
index 2c94399..6209876 100644
--- a/zuul.yaml
+++ b/zuul.yaml
@@ -93,6 +93,23 @@
       docs_redirect_path: "/afs/.openstack.org/project/opendev.org/docs/{{ zuul.project.name }}/.htaccess"
       docs_redirect_content: "RedirectMatch 302 ^/{{ zuul.project.name }}/?$ /{{ zuul.project.name }}/latest/"
 
+- secret:
+    name: opendev-zuul-tarballs
+    data:
+      keytab: !encrypted/pkcs1-oaep
+        - nFyEj6IMXdp7UZwOQz9qAi6IlcKILCCzUqoNbchto7g2Uv8D/ZGdDU3DT+KV6ziWtv2d/
+          WBXQFjsCjE66SXpAUvtcGxj/rVqFGlayOb2WbOeo4+WvrFusNycVIs55R7I0vYyFzidZl
+          FVNP3+5Uv8N54mhFEVMudZdBO8aCwNftea5A2lLdZL/bnK071bzCKNYZAuDI/2j1VOsKx
+          JT346KdP3vqmyokqo+OxFE6QfbFHLTMgZigId3bkK01lpI0TBY2Wiv4rF76ErQWe/eghB
+          yOwrO1Oh2kkHADsrjrJ3rKGI8ZkWpgYIxKExXH9IAedbYaWhz7unvVrjUVjR/QIySv/u7
+          dENCrZhx2zd429eOjUHD+NmHisWoOQnvOVfiYBFbEPL9uAC+ek7fDxB3/9z3ok6KPv9f8
+          XLMNS63cQgPjYJP6kOqjrV/FXLl30SS3ikV0wVI2ErqYn3R2ukOccKJaF4uV9HCf+/mKt
+          0Uz89b0sUTzL5JkFYz/PhdqRVGwjjRNYahQb+QzWkxw/AgNS8Pdl/ijffx5DXAY5oKnJD
+          Jpyp6oXA+W+qefPPqQlxa9EbP3emwVf/HWUdCjlCw+GjDz730P94Xd8ie6KiGq3ywYtFn
+          EuJvheVCAYjlq4lwshfNIysNA8WePvAze9T5DpVl1MayR7b1KC+R/7wM6xUCbw=
+      service_name: service/opendev-zuul@OPENSTACK.ORG
+      artifacts_path: "/afs/.openstack.org/project/opendev.org/tarballs/{{ zuul.project.name }}"
+
 - secret:
     name: opendev-pypi
     data:
@@ -416,6 +433,81 @@
         name: afs
         pass-to-parent: true
 
+- job:
+    name: opendev-promote-artifact-base
+    description: |
+      Publish a previously built branch-tip artifact.
+
+      Use this in the promote pipeline to publish a branch tip artifact
+      built in the gate pipeline.
+
+      This is an abstract job intended to be inherited from in an
+      OpenDev tenant and an appropriate secret added.
+
+      .. zuul:jobvar:: afs
+         :type: dict
+
+         This is expected to be a Zuul Secret with these keys:
+
+        .. zuul:jobvar:: keytab
+
+           The AFS keytab for the service principal.
+
+        .. zuul:jobvar:: service_name
+
+           The name of the service princpal.
+
+        .. zuul:jobvar:: artifacts_path
+
+           The full publication path to use.
+
+      .. zuul:jobvar:: download_artifact_job
+
+         The name of the job which built the artifacts which this
+         job should download and promote.
+
+       .. zuul:jobvar:: download_artifact_name
+
+         The name of the artifact.
+    abstract: True
+    run: playbooks/artifacts/promote.yaml
+    nodeset:
+      nodes: []
+
+- job:
+    name: opendev-promote-python
+    parent: opendev-promote-artifact-base
+    description: |
+      Publish a previously built branch-tip sdist/wheels.
+
+      Use this in the promote pipeline to publish a branch tip
+      sdist and wheel(s) built in the gate pipeline.
+    vars:
+      download_artifact_job: build-python-release
+      download_artifact_name:
+        - python_sdist
+        - python_wheel
+    secrets:
+      - secret: opendev-zuul-tarballs
+        name: afs
+        pass-to-parent: true
+
+- job:
+    name: opendev-promote-javascript-content
+    parent: opendev-promote-artifact-base
+    description: |
+      Publish a previously built branch-tip javascript content archive.
+
+      Use this in the promote pipeline to publish a branch tip
+      javascript content archive built in the gate pipeline.
+    vars:
+      download_artifact_job: build-javascript-content
+      download_artifact_name: javascript_content
+    secrets:
+      - secret: opendev-zuul-tarballs
+        name: afs
+        pass-to-parent: true
+
 - job:
     name: opendev-release-python
     description: Release python tarballs / wheels to pypi.