diff --git a/.github/workflows/build-check.yml b/.github/workflows/build-check.yml
new file mode 100644
index 0000000..87a71d9
--- /dev/null
+++ b/.github/workflows/build-check.yml
@@ -0,0 +1,34 @@
+name: Build Check
+
+on:
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-check:
+    name: Build Check
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image (validation only)
+        uses: docker/build-push-action@v6.15.0
+        with:
+          context: .
+          push: false
+          tags: ghcr.io/${{ github.repository }}:pr-check
+          cache-from: type=gha,scope=image
+          cache-to: type=gha,mode=max,scope=image
+
+
diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml
new file mode 100644
index 0000000..4427187
--- /dev/null
+++ b/.github/workflows/code-lint.yml
@@ -0,0 +1,28 @@
+name: Code Lint
+
+on:
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint-dockerfile:
+    name: Lint Dockerfile
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Lint Dockerfile with hadolint
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: ./Dockerfile
+          config: .hadolint.yaml
+
+
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 1f3a8ad..e915638 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -4,6 +4,10 @@ on:
   push:
     branches: [main]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 0000000..558cce5
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,6 @@
+# .hadolint.yaml
+ignored:
+  - DL3007 # Using latest is prone to errors if the image will ever update
+  - DL3008 # Pin versions in apt get install
+  - DL3013 # Pin versions in pip install
+  - DL3016 # Pin versions in npm install
diff --git a/Dockerfile b/Dockerfile
index 2114137..d0f3404 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,10 +2,13 @@ FROM ghcr.io/actions/actions-runner:latest
 
 USER root
 
+# Set shell with pipefail for better error handling
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # Update and install base dependencies
 RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
- && apt update \
- && apt install -y --no-install-recommends \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
     # System build tools
     autoconf \
     automake \
@@ -37,7 +40,7 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
     zip \
     # Linters/Formatters
     yamllint \
- && apt clean \
+ && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
 # Install AWS CLI