diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e7e103b63..471494f22 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,7 +29,28 @@ jobs:
         github_token: ${{ secrets.GITHUB_TOKEN }}
     - run: nix flake show --all-systems --json
 
+  pre-commit-checks:
+    name: pre-commit checks
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+      - uses: ./.github/actions/install-nix-action
+        with:
+          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
+          extra_nix_config: experimental-features = nix-command flakes
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: ./ci/gha/tests/pre-commit-checks
+
+  basic-checks:
+    name: aggregate basic checks
+    runs-on: ubuntu-24.04
+    needs: [pre-commit-checks, eval]
+    steps:
+      - run: ":" # Dummy step
+
   tests:
+    needs: basic-checks
     strategy:
       fail-fast: false
       matrix:
@@ -214,6 +235,7 @@ jobs:
         docker push $IMAGE_ID:master
 
   vm_tests:
+    needs: basic-checks
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v5
diff --git a/ci/gha/tests/pre-commit-checks b/ci/gha/tests/pre-commit-checks
new file mode 100755
index 000000000..8c9f64d6c
--- /dev/null
+++ b/ci/gha/tests/pre-commit-checks
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+system=$(nix eval --raw --impure --expr builtins.currentSystem)
+
+echo "::group::Running pre-commit checks"
+
+if nix build ".#checks.$system.pre-commit" -L; then
+    echo "::endgroup::"
+    exit 0
+fi
+
+echo "::error ::Changes do not pass pre-commit checks"
+
+cat <<EOF
+The code isn't formatted or doesn't pass lints. You can run pre-commit locally with:
+
+    nix develop -c ./maintainers/format.sh
+EOF
+
+echo "::endgroup::"
+
+exit 1