diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
new file mode 100644
index 000000000..1aeacb6dc
--- /dev/null
+++ b/.github/workflows/pr-title.yml
@@ -0,0 +1,31 @@
+name: "PR Metadata"
+# if someone opens a PR, edits it, or reopens it we want to validate the title
+# This is separate from the rest of the CI as the title may change without code changes
+
+on:
+  # SECURITY: pull_request_target is used here to allow validation of PRs from forks.
+  # This is safe because:
+  # 1. No code from the PR is checked out
+  # 2. Permissions are restricted to pull-requests: read
+  # 3. Only a trusted third-party action is used to validate the PR title
+  # 4. No user-controlled code is executed
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  pr-title:
+    name: Validate PR title follows https://conventionalcommits.org
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    steps:
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}