diff --git a/.forgejo/workflows/validate-shared-actions.yml b/.forgejo/workflows/validate-shared-actions.yml
new file mode 100644
index 0000000..570918d
--- /dev/null
+++ b/.forgejo/workflows/validate-shared-actions.yml
@@ -0,0 +1,23 @@
+name: validate-shared-actions
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+
+jobs:
+  validate-shared-actions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Validate shared action metadata
+        uses: mpalmer/action-validator@v0.9.0
+        with:
+          version: 0.9.0
+          patterns: |
+            :(glob)**/action.yml
+            :(glob)**/action.yaml
diff --git a/.github/workflows/validate-shared-actions.yml b/.github/workflows/validate-shared-actions.yml
deleted file mode 100644
index d12f25d..0000000
--- a/.github/workflows/validate-shared-actions.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-name: validate-shared-actions
-
-on:
-  pull_request:
-    types: [opened, reopened, synchronize]
-
-permissions:
-  contents: read
-
-jobs:
-  validate-shared-actions:
-    runs-on: ubuntu-latest
-    env:
-      ACTIONLINT_VERSION: "1.7.8"
-    steps:
-      - name: Checkout
-        uses: https://code.forgejo.org/actions/checkout@v4
-
-      - name: Restore actionlint cache
-        id: cache-actionlint
-        uses: https://data.forgejo.org/actions/cache/restore@v4
-        with:
-          path: .cache/tools/actionlint
-          key: actionlint-${{ runner.os }}-${{ env.ACTIONLINT_VERSION }}
-
-      - name: Install actionlint (pinned + checksum)
-        if: ${{ steps.cache-actionlint.outputs.cache-hit != 'true' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          VERSION="${ACTIONLINT_VERSION}"
-          OS="linux"
-          ARCH="amd64"
-          BASE_URL="https://github.com/rhysd/actionlint/releases/download/v${VERSION}"
-          TAR="actionlint_${VERSION}_${OS}_${ARCH}.tar.gz"
-          CHECKSUMS="checksums.txt"
-
-          INSTALL_DIR=".cache/tools/actionlint/${VERSION}"
-          mkdir -p "${INSTALL_DIR}"
-
-          curl -fsSL "${BASE_URL}/${TAR}" -o "/tmp/${TAR}"
-          curl -fsSL "${BASE_URL}/${CHECKSUMS}" -o "/tmp/${CHECKSUMS}"
-
-          grep " ${TAR}$" "/tmp/${CHECKSUMS}" > "/tmp/actionlint-sha256.txt"
-          (cd /tmp && sha256sum -c actionlint-sha256.txt)
-
-          tar -xzf "/tmp/${TAR}" -C "${INSTALL_DIR}" actionlint
-          chmod +x "${INSTALL_DIR}/actionlint"
-
-      - name: Save actionlint cache
-        if: ${{ steps.cache-actionlint.outputs.cache-hit != 'true' }}
-        uses: https://data.forgejo.org/actions/cache/save@v4
-        with:
-          path: .cache/tools/actionlint
-          key: actionlint-${{ runner.os }}-${{ env.ACTIONLINT_VERSION }}
-
-      - name: Lint workflows with actionlint
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          ACTIONLINT_BIN=".cache/tools/actionlint/${ACTIONLINT_VERSION}/actionlint"
-          if [ ! -x "${ACTIONLINT_BIN}" ]; then
-            echo "actionlint binary missing: ${ACTIONLINT_BIN}"
-            exit 1
-          fi
-
-          if compgen -G ".github/workflows/*.yml" > /dev/null || compgen -G ".github/workflows/*.yaml" > /dev/null; then
-            "${ACTIONLINT_BIN}" -color
-          else
-            echo "No workflow files found in .github/workflows; skipping actionlint workflow lint"
-          fi