diff --git a/.github/workflows/_build-package.yml b/.github/workflows/_build-package.yml
new file mode 100644
index 00000000..62101264
--- /dev/null
+++ b/.github/workflows/_build-package.yml
@@ -0,0 +1,22 @@
+name: build-package
+on: 
+  workflow_call:
+jobs:
+  build:
+    name: Build wheel and sdist
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with: 
+          python-version: 3.11
+      - name: Install build dependencies
+        run: pip install --no-cache-dir -U pip .['build']
+      - name: Build package
+        run: ./scripts/cd.py --build
+      - name: Upload built distributions
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: dist
\ No newline at end of file
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/_integration-tests.yml
similarity index 83%
rename from .github/workflows/integration-tests.yml
rename to .github/workflows/_integration-tests.yml
index 51bab177..1cefc25b 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/_integration-tests.yml
@@ -1,14 +1,13 @@
-name: integration-tests [experimental]
+name: integration-tests
 on: 
-  pull_request:
   workflow_call:
     secrets:
       DOCKER_TOKEN:
         required: true
 jobs:
-  integration_tests:
+  integration-tests:
+    name: Run integration tests
     runs-on: ubuntu-latest
-    continue-on-error: true
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python
diff --git a/.github/workflows/static-checks.yml b/.github/workflows/_static-checks.yml
similarity index 94%
rename from .github/workflows/static-checks.yml
rename to .github/workflows/_static-checks.yml
index 121414db..c406e718 100644
--- a/.github/workflows/static-checks.yml
+++ b/.github/workflows/_static-checks.yml
@@ -1,9 +1,9 @@
 name: static-checks
 on: 
-  pull_request:
   workflow_call:
 jobs:
-  build:
+  static-checks:
+    name: Run static checks
     runs-on: ubuntu-latest
     strategy:
       matrix:
diff --git a/.github/workflows/_upload-package.yml b/.github/workflows/_upload-package.yml
new file mode 100644
index 00000000..4805aa32
--- /dev/null
+++ b/.github/workflows/_upload-package.yml
@@ -0,0 +1,37 @@
+name: upload-package
+on: 
+  workflow_call:
+    secrets:
+      PYPI_TOKEN:
+        required: true
+jobs:
+  upload:
+    name: Upload wheel and sdist
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Compare tag and package version
+        run: |
+          TAG=${GITHUB_REF#refs/*/}
+          VERSION=$(grep -Po '(?<=version = ")[^"]*' pyproject.toml)
+          if [ "$TAG" != "$VERSION" ]; then
+            echo "Tag value and package version are different: ${TAG} != ${VERSION}"
+            exit 1
+          fi
+      - name: Download built distributions
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+          path: dist
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with: 
+          python-version: 3.11
+      - name: Install build dependencies
+        run: pip install --no-cache-dir -U pip .['build']
+      # - name: Upload to PyPI
+      #   run: ./scripts/cd.py --upload
+      #   env:
+      #     TWINE_REPOSITORY_URL: https://upload.pypi.org/legacy/
+      #     TWINE_USERNAME: __token__
+      #     TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
diff --git a/.github/workflows/build-upload.yml b/.github/workflows/build-upload.yml
deleted file mode 100644
index d7568139..00000000
--- a/.github/workflows/build-upload.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: build-and-upload
-on: 
-  push:
-    tags:
-      - "*"
-  # temporary for testing
-  pull_request:
-  
-jobs:
-  static-checks:
-    uses: ./.github/workflows/static-checks.yml
-  integration-tests:
-    uses: ./.github/workflows/integration-tests.yml
-    secrets:
-      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
-  build-upload:
-    needs: [static-checks, integration-tests]
-    name: Build and upload to PyPI
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with: 
-          python-version: 3.11
-
-      - name: Install build dependencies
-        run: pip install --no-cache-dir -U pip .['build']
-
-      - name: Compare tag and package version
-        run: |
-          TAG=${GITHUB_REF#refs/*/}
-          VERSION=$(python -c 'import importlib.metadata; print(importlib.metadata.version("thehive4py"))')
-          if [ "$TAG" != "$VERSION" ]; then
-            echo "Tag value and package version are different: ${TAG} != ${VERSION}"
-            exit 1
-          fi
-      - name: Build package
-        run: rm -rf build/ dist/ && python -m build --sdist --wheel
-      - name: Upload to PyPI
-        run: twine upload dist/*
-        env:
-          TWINE_REPOSITORY_URL: https://upload.pypi.org/legacy/
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
diff --git a/.github/workflows/main-cicd.yml b/.github/workflows/main-cicd.yml
new file mode 100644
index 00000000..706c313d
--- /dev/null
+++ b/.github/workflows/main-cicd.yml
@@ -0,0 +1,22 @@
+name: cicd
+on: 
+  push:
+    tags:
+      - "*"
+  pull_request:
+  
+jobs:
+  static-checks:
+    uses: ./.github/workflows/_static-checks.yml
+  integration-tests:
+    uses: ./.github/workflows/_integration-tests.yml
+    secrets:
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+  build-package:
+    uses: ./.github/workflows/_build-package.yml
+  upload-package:
+    uses: ./.github/workflows/_upload-package.yml
+    if: startsWith(github.ref, 'refs/tags/') 
+    needs: [static-checks, integration-tests, build-package]
+    secrets:
+      PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}