diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index c888f86..43f8322 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,4 +1,4 @@
-name: Hadolint
+name: Lint
 
 on:
   pull_request:
@@ -8,6 +8,10 @@ on:
       - '**/Dockerfile'
       - '.github/workflows/lint.yml'
 
+concurrency:
+  group: ${{ github.head_ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   hadolint:
     runs-on: ubuntu-24.04
@@ -16,3 +20,56 @@ jobs:
     - uses: hadolint/hadolint-action@v3.1.0
       with:
         recursive: true
+  ensure-dockerfiles-up-to-date:
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install GHC and Stack
+      uses: haskell-actions/setup@v2.8.2
+      with:
+        enable-stack: true
+
+    - name: Cache ~/.stack
+      uses: actions/cache@v4.3.0
+      with:
+        path: ~/.stack
+        key: ${{ runner.os }}-stack-home-${{ hashFiles('**/stack.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-stack-home-
+    - name: "Cache generator binaries at generator/.stack-work"
+      uses: actions/cache@v4.3.0
+      with:
+        path: |
+          generator/.stack-work
+        key: ${{ runner.os }}-stack-${{ hashFiles('**/stack.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-stack-
+
+    - name: Download generator-binary release
+      run: |
+        gh release download generator-binary --repo haskell/docker-haskell --pattern 'generator' --dir artifacts
+        chmod +x artifacts/generator
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Ensure Dockerfiles are up-to-date
+      run: |
+        # Collect the list of Dockerfiles to be built
+        mapfile -t dockerfiles < <(find . -type f -name 'Dockerfile' | sort)
+        # Generate Dockerfiles using the generate.sh wrapper tool
+        for df in "${dockerfiles[@]}"; do
+          # Get appropriate YAML data file from the Dockerfile path
+          df_dir=$(dirname "${df}")
+          df_yaml="${df_dir}.yaml"
+          if [ ! -f "${df_yaml}" ]; then
+            echo "::warning file=${df} title=data-file:: Missing YAML data file ${df_yaml} for Dockerfile ${df}"
+          else
+            echo "::notice file=${df}::Generating ${df}"
+            ./generate.sh "${df_yaml}" "${df}.generated"
+            # Compare generated Dockerfile with the existing one
+            if ! diff -u "${df}" "${df}.generated"; then
+                echo "Error: Dockerfile ${df} is out of date. Please regenerate it."
+                exit 1
+            fi
+          fi
+        done
diff --git a/generate.sh b/generate.sh
index 7a007e4..1cc9b12 100755
--- a/generate.sh
+++ b/generate.sh
@@ -16,9 +16,13 @@ main() {
   abs_output_file=$(realpath "$2")
   local template_path
   template_path=$(realpath ./template/Dockerfile.jinja)
-  # run the generator
-  pushd generator || exit 1
-  stack run -- -t "$template_path" --data-file "$abs_data_file" > "$abs_output_file"
-  popd || exit 1
+  if [ "$CI" == "true" ] && [ "$GITHUB_ACTIONS" == "true" ]; then
+    ./artifacts/generator -t "$template_path" --data-file "$abs_data_file" > "$abs_output_file"
+  else
+    # run the generator
+    pushd generator || exit 1
+    stack run -- -t "$template_path" --data-file "$abs_data_file" > "$abs_output_file"
+    popd || exit 1
+  fi
 }
 main "$@"