diff --git a/.github/workflows/nix-parse.yml b/.github/workflows/nix-parse.yml
new file mode 100644
index 000000000000..36560ae22558
--- /dev/null
+++ b/.github/workflows/nix-parse.yml
@@ -0,0 +1,40 @@
+name: "Check whether nix files are parseable"
+
+permissions: read-all
+
+on:
+  # avoids approving first time contributors
+  pull_request_target:
+    branches-ignore:
+      - 'release-**'
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
+    steps:
+    - name: Get list of changed files from PR
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh api \
+          repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
+          | jq '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
+          > "$HOME/changed_files"
+        if [[ -s "$HOME/changed_files" ]]; then
+          echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
+        fi
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        # pull_request_target checks out the base branch by default
+        ref: refs/pull/${{ github.event.pull_request.number }}/merge
+      if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
+    - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
+    - name: Parse all changed or added nix files
+      run: |
+        ret=0
+        while IFS= read -r file; do
+          out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
+        done < "$HOME/changed_files"
+        exit "$ret"
+      if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}