diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..6ee1d0a
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,17 @@
+name: CI
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Install Nix
+        uses: cachix/install-nix-action@v16
+      - name: Shellcheck
+        run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..115f8c0
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1638263381,
+        "narHash": "sha256-1rZDxTw74ETuJEjwPfpMgY0sfx8Cv1tRNt3gibol574=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "7b031d0d99e8cdaf0b70457c0cb33f16c0c958bb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..74864bd
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,30 @@
+{
+  description = "update-flake-lock";
+
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+  outputs =
+    { self
+    , nixpkgs
+    }:
+    let
+      nameValuePair = name: value: { inherit name value; };
+      genAttrs = names: f: builtins.listToAttrs (map (n: nameValuePair n (f n)) names);
+
+      allSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forAllSystems = f: genAttrs allSystems
+        (system: f {
+          inherit system;
+          pkgs = import nixpkgs { inherit system; };
+        });
+    in
+    {
+      devShell = forAllSystems
+        ({ system, pkgs, ... }:
+          pkgs.stdenv.mkDerivation {
+            name = "update-flake-lock-devshell";
+            buildInputs = [ pkgs.shellcheck ];
+            src = self;
+          });
+    };
+}
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..4f7af74
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,6 @@
+(import
+  (fetchTarball {
+    url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
+    sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2";
+  })
+  { src = ./.; }).shellNix