diff --git a/.github/workflows/lint-go.yml b/.github/workflows/lint-go.yml
index 4909967..970c58a 100644
--- a/.github/workflows/lint-go.yml
+++ b/.github/workflows/lint-go.yml
@@ -6,7 +6,7 @@ on:
       - master
   pull_request:
     branches:
-      - master
+      - "*"
 
   workflow_dispatch: {}
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7825023..ada894e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ env:
 jobs:
   release-binary:
     runs-on: ubuntu-latest
-    if: contains(github.ref, 'tag')
+    if: github.ref_type == 'tag'
     permissions:
       id-token: write
       contents: write
@@ -57,10 +57,10 @@ jobs:
       - name: Install cosign
         uses: sigstore/cosign-installer@main
 
-      - name: Install docker buildx
+      - name: Install Docker buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Build list of docker tags to use
+      - name: Build list of Docker tags to use
         id: tag-types
         run: |
           if [[ ${{ contains(github.ref, 'tag') }} == true ]]; then
@@ -83,7 +83,7 @@ jobs:
             echo "EOF"
           } >> "$GITHUB_ENV"
 
-      - name: Set docker labels and tags
+      - name: Set Docker labels and tags
         id: metadata
         uses: docker/metadata-action@v4
         with:
@@ -103,7 +103,7 @@ jobs:
         id: get-tag
         uses: olegtarasov/get-tag@v2.1
 
-      - name: Build and push docker image
+      - name: Build and push Docker image
         id: build-push
         uses: docker/build-push-action@v3
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5771ce9..d71342c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,7 +6,7 @@ on:
       - master
   pull_request:
     branches:
-      - master
+      - "*"
 
   workflow_dispatch: {}
 
@@ -27,6 +27,10 @@ jobs:
           check-latest: true
           cache: true
 
+      - name: Ensure main package builds
+        run: |
+          go build
+
       - name: Run tests
         run: |
           go test -race -timeout 5m -v ./...
@@ -48,3 +52,21 @@ jobs:
       - name: Fuzz code for 10 minutes
         run: |
           go test -fuzz Fuzz -run DONOT -fuzztime 10m
+
+  build-image:
+    runs-on: ubuntu-latest
+    # only run this check on pull requests, pushes to master will trigger
+    # an image release
+    if: contains(github.ref, 'pull')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install Docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Ensure Docker image builds
+        uses: docker/build-push-action@v3
+        with:
+          push: false
+          tags: ghcr.io/${{ github.repository }}:build-test
diff --git a/.github/workflows/vuln.yml b/.github/workflows/vuln.yml
index 98b0a40..e01eb5d 100644
--- a/.github/workflows/vuln.yml
+++ b/.github/workflows/vuln.yml
@@ -6,7 +6,7 @@ on:
       - master
   pull_request:
     branches:
-      - master
+      - "*"
 
   workflow_dispatch: {}