diff --git a/.github/workflows/pr-check-signed-commits.yml b/.github/workflows/pr-check-signed-commits.yml
new file mode 100644
index 0000000..77a8b8a
--- /dev/null
+++ b/.github/workflows/pr-check-signed-commits.yml
@@ -0,0 +1,13 @@
+name: Check signed commits in PR
+on: pull_request_target
+
+jobs:
+  build:
+    name: Check signed commits in PR
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@v1
diff --git a/test.yaml b/test.yaml
new file mode 100644
index 0000000..4504c80
--- /dev/null
+++ b/test.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app-example
+spec:
+  selector:
+    matchLabels:
+      app: app-example
+  template:
+    metadata:
+      annotations:
+        operator.1password.io/inject: "app-example1"
+      labels:
+        app: app-example
+    spec:
+      containers:
+        - name: app-example1
+          image: debian
+          volumeMounts:
+            - name: redis
+              mountPath: /etc/redis
+          command: ["printenv"]
+          args: ["DB_USERNAME", "DB_PASSWORD"]
+          env:
+            - name: OP_CONNECT_HOST
+              value: http://onepassword-connect:8080
+            - name: OP_CONNECT_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: onepassword-token
+                  key: token
+            - name: DB_USERNAME
+              value: your-secret-reference
+            - name: DB_PASSWORD
+              value: another-secret-reference
+      volumes:
+        - name: redis
+          emptyDir: {}