diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index f721273e07..abae7b6f1d 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -1,62 +1,96 @@
-name: 'CI - Pull Request'
+name: "CI - Pull Request"
 
 on:
   pull_request_target:
+    paths-ignore:
+      - "**.nix"
+      - "core/i18n/**"
+      - "package.json"
+      - "package-lock.json"
+      - "core/package.json"
+    branches:
+      - main
 
 concurrency:
-  group: '${{ github.workflow }}-${{ github.head_ref || github.ref_name }}'
+  group: "${{ github.workflow }}-${{ github.head_ref || github.ref_name }}"
   cancel-in-progress: true
 
 permissions:
   contents: read
 
 jobs:
-  build:
-    name: 'Build nixos.org PR'
-    runs-on: 'ubuntu-latest'
+  check:
+    name: "Check nixos.org PR"
+    runs-on: "ubuntu-latest"
     permissions:
       contents: read
-      pull-requests: write
-      statuses: write
     steps:
-      - name: 'Checking out the PR repository'
-        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # v5.0.0
+      - name: "Checking out the PR repository"
+        uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           fetch-depth: 0
           persist-credentials: false
-
-      - name: 'Installing Nix'
-        uses: 'cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8' # v31.6.0
-
-      - name: 'Install npm dependencies'
+          clean: true
+      - name: "Install npm dependencies"
         run: |
           npm install --workspaces --include-workspace-root
-
-      - name: 'Check formatting'
+      - name: "Check formatting"
         run: |
-          npm run format:check
-
-      - name: 'Lint'
+          npm exec --package=prettier -c 'prettier --check ./core/src'
+      - name: "Lint"
         run: |
-          npm run lint
+          npm exec --package=eslint -c 'eslint'
 
-      - name: 'Build'
-        run: |
-          nix build
-          mkdir -p ./build
-          cp -RL ./result/* ./build/
+  build:
+    name: "Build nixos.org PR"
+    runs-on: "ubuntu-latest"
+    needs: check
+    permissions:
+      contents: read
+    steps:
+      - name: "Checking out the PR repository"
+        uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+          persist-credentials: false
+          clean: true
+      - name: "Installing Nix"
+        uses: "cachix/install-nix-action@456688f15bc354bef6d396e4a35f4f89d40bf2b7" # v31.8.2
+      - name: "Build"
+        run: nix build
+      - name: "Upload build artifact"
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: nixos-homepage-artifact
+          path: ./result
 
-      - name: 'Publish to Netlify'
-        uses: 'nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654' # v3.0.0
+  publish:
+    name: "Publish nixos.org PR"
+    runs-on: "ubuntu-latest"
+    needs: build
+    permissions:
+      contents: read # to fetch PR changes
+      pull-requests: write # to post PR comments
+      statuses: write # to set commit status
+    steps:
+      - name: "Download build artifact"
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        with:
+          name: nixos-homepage-artifact
+          path: ./build
+      - name: "Publish to Netlify"
+        uses: "nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654" # v3.0.0
         env:
-          NETLIFY_AUTH_TOKEN: '${{ secrets.NETLIFY_AUTH_TOKEN }}'
-          NETLIFY_SITE_ID: '${{ secrets.NETLIFY_SITE_ID }}'
+          NETLIFY_AUTH_TOKEN: "${{ secrets.NETLIFY_AUTH_TOKEN }}"
+          NETLIFY_SITE_ID: "${{ secrets.NETLIFY_SITE_ID }}"
         with:
-          github-token: '${{ secrets.GITHUB_TOKEN }}'
-          deploy-message: 'Published from GitHub Actions'
-          publish-dir: './build'
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          deploy-message: "Published from GitHub Actions"
+          publish-dir: "./build"
 
           enable-pull-request-comment: true
           overwrites-pull-request-comment: false
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index 94b1546418..c8de825e09 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -19,8 +19,8 @@ jobs:
     runs-on: 'ubuntu-latest'
     permissions:
       contents: read
-      statuses: write
-      deployments: write
+      statuses: write # to set commit status
+      deployments: write # to create GitHub deployments for production deploys
     steps:
       - name: 'Checking out the repository'
         uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # v5.0.0
@@ -29,7 +29,7 @@ jobs:
           persist-credentials: false
 
       - name: 'Installing Nix'
-        uses: 'cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8' # v31.6.0
+        uses: 'cachix/install-nix-action@a809471b5c7c913aa67bec8f459a11a0decc3fce' # v31.6.2
 
       - name: 'Setup Cachix'
         uses: 'cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad' # v16
@@ -43,11 +43,11 @@ jobs:
 
       - name: 'Check formatting'
         run: |
-          npm run format:check
+          npm exec --package=prettier -c 'prettier --check ./core/src'
 
       - name: 'Lint'
         run: |
-          npm run lint
+          npm exec --package=eslint -c 'eslint'
 
       - name: 'Build'
         run: |
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
index f94e823227..5c0a15efe1 100644
--- a/.github/workflows/update-flake-lock.yml
+++ b/.github/workflows/update-flake-lock.yml
@@ -1,30 +1,31 @@
-name: "Update flake.lock"
+name: 'Update flake.lock'
 on:
   workflow_dispatch: # allows manual triggering
   schedule:
     - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
 
-permissions: 
+permissions:
   contents: read
 
 jobs:
   lockfile:
-    runs-on: "ubuntu-latest"
+    name: 'Update flake.lock'
+    runs-on: 'ubuntu-latest'
     permissions:
-      contents: write
-      pull-requests: write
+      contents: write # used to update the lock file
+      pull-requests: write # used to create a PR if needed
     steps:
-      - name: "Checkout repository"
-        uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
+      - name: 'Checkout repository'
+        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # v5.0.0
         with:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: "Install Nix"
-        uses: "cachix/install-nix-action@56a7bb7b56d9a92d4fd1bc05758de7eea4a370a8" # v31.6.0
+      - name: 'Install Nix'
+        uses: 'cachix/install-nix-action@a809471b5c7c913aa67bec8f459a11a0decc3fce' # v31.6.2
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 
-      - name: "Update flake.lock"
-        uses: "DeterminateSystems/update-flake-lock@c5930b397a673a70ca70be06020e943aeac310a1" # v27
+      - name: 'Update flake.lock'
+        uses: 'DeterminateSystems/update-flake-lock@c5930b397a673a70ca70be06020e943aeac310a1' # v27
diff --git a/core/src/pages/index.astro b/core/src/pages/index.astro
index fe1a04dcd3..bc1f344af9 100644
--- a/core/src/pages/index.astro
+++ b/core/src/pages/index.astro
@@ -14,6 +14,7 @@ import InlineSVG from '../components/util/InlineSVG.astro';
 
 const landingFeatures = await getCollection('landingFeatures');
 const demos = await getEntry('landing', 'demos');
+const sponsors = await getEntry('sponsors', 'info');
 const posts = await getCollection('blog');
 
 const currentBanner = await getEntry('banners', BANNER);
@@ -159,6 +160,34 @@ posts
       </Container>
     </div>
   </div>
+  <div>
+    <Container class:list={['flex flex-col items-center gap-8 pt-4 pb-8']}>
+      <h2
+        class="font-heading text-nix-blue pb-0 text-4xl leading-tight font-bold"
+      >
+        Our awesome Sponsors
+      </h2>
+      <div class="flex flex-wrap items-center justify-center gap-8">
+        {
+          sponsors.data.items.map((item) => (
+            <a href={item.href} target="_blank" rel="noopener noreferrer">
+              <img
+                class="max-h-14 max-w-32 opacity-65 grayscale-100 transition-all duration-100 hover:opacity-100 hover:grayscale-0 md:max-w-48"
+                src={item.src}
+                alt={item.alt}
+              />
+            </a>
+          ))
+        }
+      </div>
+      <div class="pb-8 text-gray-500">
+        You want to be one of them? <a
+          href="/sponsorship"
+          class="text-nix-blue font-bold hover:underline">Become a sponsor!</a
+        >
+      </div>
+    </Container>
+  </div>
   <div>
     <Container>
       <h2