diff --git a/.github/scripts/ensure_compose_image.py b/.github/scripts/ensure_compose_image.py
old mode 100644
new mode 100755
index 54825eb..cd15b88
--- a/.github/scripts/ensure_compose_image.py
+++ b/.github/scripts/ensure_compose_image.py
@@ -4,9 +4,9 @@ from pathlib import Path
 
 try:
     import yaml
-except Exception as e:
-    sys.stderr.write("PyYAML is required to run this hook.\n")
-    raise
+except Exception:
+    sys.stderr.write("PyYAML is required to run this check.\n")
+    sys.exit(2)
 
 EXPECTED_IMAGE = "cooldockerizer93/spotizerr"
 
@@ -23,28 +23,15 @@ def validate_compose_image(path: Path) -> int:
         sys.stderr.write(f"Failed to parse YAML from {path}: {e}\n")
         return 1
 
-    image = (
-        (data or {})
-        .get("services", {})
-        .get("spotizerr", {})
-        .get("image")
-    )
+    image = (data or {}).get("services", {}).get("spotizerr", {}).get("image")
 
-    errors = []
-    if not isinstance(image, str):
-        errors.append("services.spotizerr.image is missing or not a string")
-    else:
-        if image != EXPECTED_IMAGE:
-            errors.append(
-                f"services.spotizerr.image must be '{EXPECTED_IMAGE}' (found '{image}')"
-            )
-
-    if errors:
-        sys.stderr.write("docker-compose.yaml validation failed:\n")
-        for err in errors:
-            sys.stderr.write(f" - {err}\n")
+    if image != EXPECTED_IMAGE:
+        sys.stderr.write(
+            f"services.spotizerr.image must be '{EXPECTED_IMAGE}' (found '{image}')\n"
+        )
         return 1
 
+    print(f"OK: docker-compose image is '{EXPECTED_IMAGE}'")
     return 0
 
 
@@ -54,4 +41,4 @@ def main(argv: list[str]) -> int:
 
 
 if __name__ == "__main__":
-    sys.exit(main(sys.argv)) 
\ No newline at end of file
+    sys.exit(main(sys.argv))
diff --git a/.github/workflows/compose-image-guard.yml b/.github/workflows/compose-image-guard.yml
new file mode 100644
index 0000000..a63f297
--- /dev/null
+++ b/.github/workflows/compose-image-guard.yml
@@ -0,0 +1,36 @@
+name: Compose Image Guard
+
+on:
+  push:
+    branches: [ dev, main, master ]
+    paths:
+      - 'docker-compose.yaml'
+      - '.github/workflows/compose-image-guard.yml'
+      - '.github/scripts/ensure_compose_image.py'
+  pull_request:
+    branches: [ dev, main, master ]
+    paths:
+      - 'docker-compose.yaml'
+      - '.github/workflows/compose-image-guard.yml'
+      - '.github/scripts/ensure_compose_image.py'
+
+jobs:
+  validate-compose-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pyyaml
+
+      - name: Validate docker-compose image
+        run: |
+          python .github/scripts/ensure_compose_image.py docker-compose.yaml
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 70035fc..821bd17 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -52,4 +52,4 @@ repos:
             args: [--no-strict-optional, --ignore-missing-imports]
             exclude: ^spotizerr-ui/
             # NOTE: you might need to add some deps here:
-            additional_dependencies: [waitress==3.0.2, types-waitress, types-requests]
+            additional_dependencies: [waitress==3.0.2, types-waitress, types-requests, types-PyYAML]