diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
new file mode 100644
index 0000000..d1a1264
--- /dev/null
+++ b/.github/workflows/pr-checks.yml
@@ -0,0 +1,34 @@
+name: PR Checks
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    name: ShellCheck
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ShellCheck
+        run: |
+          scripts=$(grep -rlE '^#!.*\b(bash|sh)\b' --exclude-dir=.git .)
+          if [ -n "$scripts" ]; then
+            echo "$scripts" | xargs shellcheck --severity=error
+          else
+            echo "No shell scripts found"
+          fi
+
+  terraform-fmt:
+    name: Terraform Format
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: v1.10.5
+      - name: Check formatting
+        run: tofu fmt -check -recursive
diff --git a/databases/azure-cosmos-db/deployment/outputs.tf b/databases/azure-cosmos-db/deployment/outputs.tf
index c5580bf..3b59866 100644
--- a/databases/azure-cosmos-db/deployment/outputs.tf
+++ b/databases/azure-cosmos-db/deployment/outputs.tf
@@ -18,7 +18,7 @@ output "containers" {
   value = [
     for name, container in azurerm_cosmosdb_sql_container.containers : {
       container_name = name
-      id            = container.id
+      id             = container.id
       partition_key  = container.partition_key_paths[0]
     }
   ]
diff --git a/databases/azure-cosmos-db/permissions/locals.tf b/databases/azure-cosmos-db/permissions/locals.tf
index f70fc85..3476704 100644
--- a/databases/azure-cosmos-db/permissions/locals.tf
+++ b/databases/azure-cosmos-db/permissions/locals.tf
@@ -2,8 +2,8 @@ locals {
 
   # Map access levels to built-in role definition GUIDs
   role_definitions = {
-    read      = "00000000-0000-0000-0000-000000000001"  # Built-in Data Reader
-    readwrite = "00000000-0000-0000-0000-000000000002"  # Built-in Data Contributor
+    read      = "00000000-0000-0000-0000-000000000001" # Built-in Data Reader
+    readwrite = "00000000-0000-0000-0000-000000000002" # Built-in Data Contributor
   }
 
   # Create a map for for_each
diff --git a/databases/azure-cosmos-db/permissions/outputs.tf b/databases/azure-cosmos-db/permissions/outputs.tf
index a546729..2c9649b 100644
--- a/databases/azure-cosmos-db/permissions/outputs.tf
+++ b/databases/azure-cosmos-db/permissions/outputs.tf
@@ -26,7 +26,7 @@ output "role_assignments" {
       access_level = local.database_access_level
       scope        = azurerm_cosmosdb_sql_role_assignment.database_access[0].scope
     }
-  } : {
+    } : {
     for k, v in azurerm_cosmosdb_sql_role_assignment.container_access : k => {
       id           = v.id
       access_level = local.permissions_map[k]
diff --git a/databases/postgres/k8s/postgres-db/link/delete-database-user b/databases/postgres/k8s/postgres-db/link/delete-database-user
index f01106e..80b9d86 100755
--- a/databases/postgres/k8s/postgres-db/link/delete-database-user
+++ b/databases/postgres/k8s/postgres-db/link/delete-database-user
@@ -31,7 +31,8 @@ DROP OWNED BY "$USERNAME";
 
 -- Now drop the user
 DROP USER IF EXISTS "$USERNAME";
-EOF)
+EOF
+)
 
 ../run_query_in_pod.sh "$SERVICE_HOSTNAME" "$SERVICE_PORT" "$SERVICE_DBNAME" "postgres" "$ADMIN_PASSWORD" "$QUERY" "ddl"