diff --git a/.github/workflows/check.sh b/.github/workflows/check.sh
new file mode 100755
index 0000000..46e5276
--- /dev/null
+++ b/.github/workflows/check.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -e
+
+pushd () {
+    command pushd "$@" > /dev/null
+}
+
+popd () {
+    command popd "$@" > /dev/null
+}
+
+export pushd popd
+
+root=$(pwd)
+for i in $(ls -1 high/envs); do
+  pushd ./high/envs/$i
+  for f in $(ls .); do
+    if [[ ! -f $f ]]; then
+      continue
+    fi
+    p=$(cat $f | grep path | cut -d: -f 2 | tr -d ' ')
+    if [[ -e "$root/$p" ]]; then
+      pushd "../../../$p"
+      echo $p
+      kustomize build . > /dev/null
+      popd
+    fi
+  done
+  popd
+done
\ No newline at end of file
diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
index 39d46d1..4bd2a71 100644
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -23,6 +23,20 @@ jobs:
     - name: Setup terraform docs
       uses: draios/action-setup-terraform-docs@v0.0.2
 
+    - name: Install arkade
+      if:  ${{ ! ((github.event_name == 'push') && (github.ref == 'refs/heads/main')) }}
+      uses: alexellis/setup-arkade@v3
+    - uses: alexellis/arkade-get@master
+      if:  ${{ ! ((github.event_name == 'push') && (github.ref == 'refs/heads/main')) }}
+      with:
+        kubectl: latest
+        helm: latest
+        kubeconform: latest
+        kustomize: latest
     - uses: pre-commit/action@v2.0.3
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Check flux resources
+      shell: bash
+      run: .github/workflows/check.sh
\ No newline at end of file
diff --git a/devbox.json b/devbox.json
index 1ddbaf7..016944d 100644
--- a/devbox.json
+++ b/devbox.json
@@ -6,7 +6,8 @@
       "fluxcd@latest",
       "pre-commit@latest",
       "terraform@1.5.7",
-      "packer@latest"
+      "packer@latest",
+      "kubeconform@latest"
     ],
     "shell": {
       "init_hook": [
diff --git a/devbox.lock b/devbox.lock
index 0752cf0..c4b7533 100644
--- a/devbox.lock
+++ b/devbox.lock
@@ -161,6 +161,54 @@
         }
       }
     },
+    "kubeconform@latest": {
+      "last_modified": "2024-05-22T06:18:38Z",
+      "resolved": "github:NixOS/nixpkgs/3f316d2a50699a78afe5e77ca486ad553169061e#kubeconform",
+      "source": "devbox-search",
+      "version": "0.6.6",
+      "systems": {
+        "aarch64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/w7dc87xibz03s6ax708g2q1xwy55hq5m-kubeconform-0.6.6",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/w7dc87xibz03s6ax708g2q1xwy55hq5m-kubeconform-0.6.6"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/azzxni29c33dxvdnzwm1v1rn7v2chnai-kubeconform-0.6.6",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/azzxni29c33dxvdnzwm1v1rn7v2chnai-kubeconform-0.6.6"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/v61b4wq0fc2jgansv296l4dd10m9s1j9-kubeconform-0.6.6",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/v61b4wq0fc2jgansv296l4dd10m9s1j9-kubeconform-0.6.6"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/wqv89hd72ca55mkgyy6j3cqjf0vix23w-kubeconform-0.6.6",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/wqv89hd72ca55mkgyy6j3cqjf0vix23w-kubeconform-0.6.6"
+        }
+      }
+    },
     "packer@latest": {
       "last_modified": "2024-05-22T06:18:38Z",
       "resolved": "github:NixOS/nixpkgs/3f316d2a50699a78afe5e77ca486ad553169061e#packer",