diff --git a/.github/workflows/tn-p1.yml b/.github/workflows/tn-p1.yml
index 80ffe6e0..630d9a36 100644
--- a/.github/workflows/tn-p1.yml
+++ b/.github/workflows/tn-p1.yml
@@ -1,12 +1,18 @@
 name: "tn-p1"
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - "*"
+  workflow_call:
+  workflow_dispatch:
+    inputs:
+      attestation_ver:
+        description: "Specific org.tokenscript:attestation version"
+        required: false
+        type: string
+      use_github_packages:
+        description: "Whether to use github packages for building"
+        required: false
+        default: false
+        type: boolean
 
 jobs:
   tn-p1:
@@ -18,7 +24,23 @@ jobs:
           node-version: 16
           cache: "npm"
           cache-dependency-path: package-lock.json
-      - run: npm ci
+      - name: install dependencies
+        run: |
+          npm ci
+          if [ "${USE_GITHUB_PACKAGES}" = "true" ]; then
+            echo "//npm.pkg.github.com/:_authToken=${GPR_KEY}" >> .npmrc
+            echo "@tokenscript:registry=https://npm.pkg.github.com" >> .npmrc
+            cat .npmrc
+          fi
+          if [ -n "${ATTESTATION_VER}" ]; then
+            npm i -E "@tokenscript/attestation@${ATTESTATION_VER}"
+            cat package.json
+          fi
+        env:
+          ATTESTATION_VER: ${{ inputs.attestation_ver }}
+          USE_GITHUB_PACKAGES: ${{ inputs.use_github_packages }}
+          GPR_USER: ${{ secrets.GPR_USER }}
+          GPR_KEY: ${{ secrets.GPR_KEY }}
       - name: build
         run: npm run build
       - name: test
diff --git a/.github/workflows/tn.yml b/.github/workflows/tn.yml
new file mode 100644
index 00000000..35e76059
--- /dev/null
+++ b/.github/workflows/tn.yml
@@ -0,0 +1,13 @@
+name: "Token Negotiator CI"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - "*"
+
+jobs:
+  tn-p1:
+    uses: ./.github/workflows/tn-p1.yml