diff --git a/.github/workflows/bicep-pr-yml b/.github/workflows/bicep-pr-yml
new file mode 100644
index 0000000..9d23885
--- /dev/null
+++ b/.github/workflows/bicep-pr-yml
@@ -0,0 +1,84 @@
+name: "PR - IaC (Bicep)"
+
+# run on pr to main branch only
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - ".azure/bicep/**"
+  workflow_dispatch:
+  
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+  issues: write
+  
+# Set envs
+env:
+  WORKDIR: ".azure/bicep"
+
+# Set defaults for GitHub Actions runner
+defaults:
+  run:
+    working-directory: ".azure/bicep"
+
+jobs:
+  codequalitycheck:
+    name: "Code Quality Check"
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      # Get RESOURCES_PREFIX based on the repo name
+      - name: Get repo name
+        uses: actions/github-script@v5
+        id: resources_prefix
+        with:
+          result-encoding: string
+          script: return context.repo.repo.toLowerCase()
+
+      # Login to Azure with Service Principal
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      # Checks that all Bicep configuration files adhere to a canonical format
+      - name: Bicep Lint
+        uses: Azure/cli@v2.1.0
+        with:
+          inlineScript: az bicep build --file ${{ env.WORKDIR }}/webapp.bicep
+        id: lint
+
+      # Validate whether a template is valid at subscription scope
+      - name: Bicep Validate
+        uses: Azure/cli@v2.1.0
+        with:
+          inlineScript: |
+            az deployment sub validate \
+              --name ${{ github.run_id }} \
+              --template-file ${{ env.WORKDIR }}/webapp.bicep \
+              --location uksouth \
+              --parameters resourcesPrefix=${{ steps.resources_prefix.outputs.result }}
+        id: validate
+              
+      - name: Update Pull Request
+        uses: actions/github-script@v7.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Bicep Lint 🖌\`${{ steps.lint.outcome }}\`
+            #### Bicep Validation 🤖\`${{ steps.validate.outcome }}\`
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })