diff --git a/.github/workflows/pinact-reusable.yml b/.github/workflows/pinact-reusable.yml
new file mode 100644
index 0000000..3042de0
--- /dev/null
+++ b/.github/workflows/pinact-reusable.yml
@@ -0,0 +1,71 @@
+name: Update use pins with pinact (reusable)
+
+on:
+  workflow_call:
+    inputs:
+      extra-inputs:
+        description: 'Additional space-separated input paths for pinact'
+        required: false
+        default: ""
+        type: string
+      dry-run:
+        description: 'Perform a dry run (do not create a PR)'
+        required: false
+        default: false
+        type: boolean
+      reviewers:
+        description: 'GitHub reviewers'
+        required: false
+        default: "woodruffw"
+        type: string
+    secrets:
+      GH_TOKEN:
+        description: 'The GitHub token to use'
+        required: true
+
+# calling workflow sets permissions.
+permissions: {}
+
+jobs:
+  pinact:
+    # NOTE: Intentionally runs on macOS to obtain pinact via brew.
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: install pinact
+        run: brew install pinact
+
+      - name: run pinact
+        run: |
+          pinact run --update
+
+          if [ -n "${PINACT_EXTRA_INPUTS}" ]; then
+            pinact run --update "${PINACT_EXTRA_INPUTS}"
+          fi
+        env:
+          PINACT_EXTRA_INPUTS: ${{ inputs.extra-inputs }}
+
+      - name: create PR
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        if: ${{ !inputs.dry-run }}
+        with:
+          commit-message: "[BOT] pinact: update use pins"
+          branch: pinact-bump
+          branch-suffix: timestamp
+          title: "[BOT] pinact: update use pins"
+          body: |
+            :robot: :warning: :robot:
+
+            This is an automated pull request. It uses [`pinact`]
+            to update the use pins in this repository.
+
+            Please review manually before merging.
+
+            [`pinact`]: https://github.com/suzuki-shunsuke/pinact
+          assignees: ${{ inputs.reviewers }}
+          reviewers: ${{ inputs.reviewers }}
+          token: ${{ secrets.GH_TOKEN }}
diff --git a/.github/workflows/pinact.yml b/.github/workflows/pinact.yml
new file mode 100644
index 0000000..388aacf
--- /dev/null
+++ b/.github/workflows/pinact.yml
@@ -0,0 +1,17 @@
+name: Update use pins with pinact
+
+on:
+  schedule:
+    - cron: "0 16 * * *"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  call-pinact:
+    permissions:
+      contents: write # for branch creation
+      pull-requests: write # for pull request creation
+    uses: ./.github/workflows/pinact-reusable.yml
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}