diff --git a/.github/workflows/testingfarm.yml b/.github/workflows/testingfarm.yml
new file mode 100644
index 00000000..bb550290
--- /dev/null
+++ b/.github/workflows/testingfarm.yml
@@ -0,0 +1,43 @@
+---
+name: Testing farm tests
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+# To use testing farm we need the TF_API_KEY secret available inside the
+# forked repo which requires the pull_request_target trigger. To protect
+# the secrets we need to make sure only our own or reviewed PRs trigger
+# a checkout of the untrusted code.
+#
+# This follows https://michaelheap.com/access-secrets-from-forks/
+jobs:
+  testingfarm:
+    name: "Run in testing farm"
+    runs-on: ubuntu-latest
+    steps:
+    - name: Get User Permission
+      id: checkAccess
+      uses: actions-cool/check-user-permission@v2
+      with:
+        require: write
+        username: ${{ github.triggering_actor }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Check User Permission
+      if: steps.checkAccess.outputs.require-result == 'false'
+      run: |
+        echo "${{ github.triggering_actor }} does not have permissions on this repo."
+        echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+        echo "Job originally triggered by ${{ github.actor }}"
+        exit 1
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
+    - name: Run the tests
+      uses: sclorg/testing-farm-as-github-action@v1
+      with:
+        api_key: ${{ secrets.TF_API_KEY }}
+        git_url: ${{ github.event.pull_request.head.repo.clone_url }}
+        git_ref: ${{ github.event.pull_request.head.ref }}
+        pull_request_status_name: "Testing farm"