diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
new file mode 100644
index 0000000..1836a19
--- /dev/null
+++ b/.github/workflows/actionlint.yaml
@@ -0,0 +1,34 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Action Lint
+
+on:
+  pull_request:
+    branches: [ 'main', 'release-*' ]
+
+jobs:
+
+  action-lint:
+    name: Action lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - name: Check out code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Find yamls
+        id: get_yamls
+        run: |
+          yamls="$(find .github/workflows -name "*.y*ml" | grep -v dependabot. | xargs echo)"
+          echo "files=${yamls}" >> "$GITHUB_OUTPUT"
+
+      - name: Action lint
+        uses: reviewdog/action-actionlint@c6ee1eb0a5d47b2af53a203652b5dac0b6c4016e # v1.43.0
+        with:
+          actionlint_flags: ${{ steps.get_yamls.outputs.files }}