diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..db8ab15
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,32 @@
+---
+name: Build
+
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: almalinux-8
+    container:
+      image: git.unkin.net/unkin/almalinux9-actionsdind:latest
+      options: --privileged
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Fetch master branch
+        run: |
+          git fetch origin master:master
+
+      - name: Show changed files
+        run: |
+          git diff --name-only master
+
+      - name: Run Terraform Plan
+        env:
+          VAULT_ROLEID: ${{ secrets.TERRAFORM_INCUS_VAULT_ROLEID }}
+        run: |
+          make plan
diff --git a/Makefile b/Makefile
index e42187b..a02f551 100644
--- a/Makefile
+++ b/Makefile
@@ -11,6 +11,7 @@ define vault_env
 	export PUPPET_CERT_PUB=$$(vault kv get -field=public_key kv/service/puppet/certificates/terraform) && \
 	export PUPPET_CERT_PRIV=$$(vault kv get -field=private_key kv/service/puppet/certificates/terraform) && \
 	export TG_QUEUE_EXCLUDE_DIR="templates/base" && \
+	export TG_PROVIDER_CACHE=1 && \
 	export $$(vault read -format=json kv/data/service/terraform/incus | jq -r '.data.data | to_entries[] | "\(.key)=\(.value)"')
 endef