diff --git a/.github/allowed-actions.js b/.github/allowed-actions.js
index e8e4cf3f9a..e245095d90 100644
--- a/.github/allowed-actions.js
+++ b/.github/allowed-actions.js
@@ -4,6 +4,7 @@
 // can be added it this list.
 
 export default [
+  'actions/cache@c64c572235d810460d0d6876e9c705ad5002b353', // v2.1.6
   'actions/checkout@1e204e9a9253d643386038d443f96446fa156a97', // v2.3.5
   'actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d', // v4.0.2
   'actions/labeler@5f867a63be70efff62b767459b009290364495eb', // v2.2.0
diff --git a/.github/workflows/staging-build-pr.yml b/.github/workflows/staging-build-pr.yml
index 3ddc10d397..50f050f9cc 100644
--- a/.github/workflows/staging-build-pr.yml
+++ b/.github/workflows/staging-build-pr.yml
@@ -11,6 +11,16 @@ on:
       - reopened
       - synchronize
 
+  # This is necessary so that the cached things can be reused between
+  # pull requests.
+  # If we don't let the workflow run on `main` the caching will only
+  # help between multiple runs of the same workflow. By letting
+  # it build on pushes to main too, the cache will be reusable
+  # in other people's PRs too.
+  push:
+    branches:
+      - main
+
 permissions:
   contents: read
 
@@ -87,6 +97,12 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Cache nextjs build
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353
+        with:
+          path: .next/cache
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }}-${{ hashFiles('.github/workflows/staging-build-pr.yml') }}
+
       - name: Build
         run: npm run build
 
@@ -101,14 +117,13 @@ jobs:
 
       - name: Delete heavy things we won't need deployed
         run: |
-          # Not needed to run after having been built.
-          rm -fr .next/cache
-
           # The dereferenced file is not used in runtime once the
           # decorated file has been created from it.
           rm -fr lib/rest/static/dereferenced
 
       - name: Create an archive
+        # Only bother if this is actually a pull request
+        if: ${{ github.event.pull_request.number }}
         run: |
           tar -c --file=app.tar \
             node_modules/ \
@@ -128,10 +143,18 @@ jobs:
             app.json \
             Procfile
 
+          # We can't delete the .next/cache directory from the workflow
+          # because it's needed for caching, but we can at least delete it
+          # from within the tarball. Then it can be cached but not
+          # weigh down the tarball we intend to deploy.
+          tar --delete --file=app.tar .next/cache
+
       # Upload only the files needed to run this application.
       # We are not willing to trust the rest (e.g. script/) for the remainder
       # of the deployment process.
       - name: Upload build artifact
+        # Only bother if this is actually a pull request
+        if: ${{ github.event.pull_request.number }}
         uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074
         with:
           name: pr_build
diff --git a/.github/workflows/staging-deploy-pr.yml b/.github/workflows/staging-deploy-pr.yml
index 7651e852f2..958e6c2c1e 100644
--- a/.github/workflows/staging-deploy-pr.yml
+++ b/.github/workflows/staging-deploy-pr.yml
@@ -43,6 +43,13 @@ jobs:
         run: echo "$GITHUB_CONTEXT"
 
   pr-metadata:
+    # This is needed because the workflow we depend on
+    # (see on.workflow_run.workflows) might be running from pushes on
+    # main. That's because it needs to do that to popular the cache.
+    if: >
+      ${{ github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' }}
+
     runs-on: ubuntu-latest
     outputs:
       number: ${{ steps.pr.outputs.number }}