From bf2eb5f2ac9e5b2519949f41757c250f40a00e63 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Thu, 7 Aug 2025 11:34:41 -0700
Subject: [PATCH 1/3] [1.3] CI: switch to GHA for arm

Since GHA now provides ARM, we can switch away from actuated.

Many thanks to @alexellis (@self-actuated) for being the sponsor of this
project.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(Cherry-picked from commit 1cf096803abb770c414ce0a1e2e0be283b09001d.)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 .github/workflows/test.yml | 51 ++++++--------------------------------
 README.md                  |  1 -
 2 files changed, 8 insertions(+), 44 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3c2e0681000..e3d86bdd0d5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-24.04, actuated-arm64-6cpu-8gb]
+        os: [ubuntu-24.04, ubuntu-24.04-arm]
         go-version: [1.22.x, 1.23.x, 1.24.x]
         rootless: ["rootless", ""]
         race: ["-race", ""]
@@ -37,39 +37,15 @@ jobs:
             go-version: 1.23.x
           - criu: criu-dev
             rootless: rootless
-          - criu: criu-dev
-            race: -race
-          - go-version: 1.22.x
-            os: actuated-arm64-6cpu-8gb
-          - go-version: 1.23.x
-            os: actuated-arm64-6cpu-8gb
-          - race: "-race"
-            os: actuated-arm64-6cpu-8gb
-          - criu: criu-dev
-            os: actuated-arm64-6cpu-8gb
+          # Do race detection only on latest Go.
+          - race: -race
+            go-version: 1.22.x
+          - race: -race
+            go-version: 1.23.x
 
     runs-on: ${{ matrix.os }}
 
     steps:
-# https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md
-# vmmeter start
-    - name: Prepare arkade
-      uses: alexellis/arkade-get@master
-      if: matrix.os == 'actuated-arm64-6cpu-8gb'
-      with:
-        crane: latest
-        print-summary: false
-
-    - name: Install vmmeter
-      if: matrix.os == 'actuated-arm64-6cpu-8gb'
-      run: |
-        crane export --platform linux/arm64 ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin
-
-    - name: Run vmmeter
-      uses: self-actuated/vmmeter-action@master
-      if: matrix.os == 'actuated-arm64-6cpu-8gb'
-# vmmeter end
-
     - name: checkout
       uses: actions/checkout@v4
 
@@ -95,17 +71,6 @@ jobs:
         # kernel config
         script/check-config.sh
 
-    - name: start sshd (used for testing rootless with systemd user session)
-      if: ${{ matrix.os == 'actuated-arm64-6cpu-8gb' && matrix.rootless == 'rootless' }}
-      run: |
-        # Generate new keys to fix "sshd: no hostkeys available -- exiting."
-        sudo ssh-keygen -A
-        if ! sudo systemctl start ssh.service; then
-          sudo journalctl -xeu ssh.service
-          exit 1
-        fi
-        ps auxw | grep sshd
-
     - name: install deps
       run: |
         sudo apt update
@@ -122,7 +87,7 @@ jobs:
         sudo apt update
         sudo apt -y install criu
 
-    - name: install CRIU (criu ${{ matrix.criu }})
+    - name: install CRIU (${{ matrix.criu }})
       if: ${{ matrix.criu != '' }}
       run: |
         sudo apt -qy install \
@@ -152,7 +117,7 @@ jobs:
 
     - name: Allow userns for runc
       # https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15
-      if: matrix.os == 'ubuntu-24.04'
+      if: startsWith(matrix.os, 'ubuntu-24.04')
       run: |
         sed "s;^profile runc /usr/sbin/;profile runc-test $PWD/;" < /etc/apparmor.d/runc | sudo apparmor_parser
 
diff --git a/README.md b/README.md
index 50fcd4e9222..59d9fe55e77 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@
 [![gha/validate](https://github.com/opencontainers/runc/workflows/validate/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Avalidate)
 [![gha/ci](https://github.com/opencontainers/runc/workflows/ci/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Aci)
 [![CirrusCI](https://api.cirrus-ci.com/github/opencontainers/runc.svg)](https://cirrus-ci.com/github/opencontainers/runc)
-<a href="https://actuated.dev"><img alt="Arm CI sponsored by Actuated" src="https://docs.actuated.dev/images/actuated-badge.png" width="120px"></img></a>
 
 ## Introduction
 

From 553c74de8eeade62d332fd2f6dc4da238c1e16db Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Tue, 12 Aug 2025 14:42:58 -0700
Subject: [PATCH 2/3] [1.3] ci: use criu built from source on gha arm

Currently, criu package from opensuse build farm times out on GHA arm,
so let's only use criu-dev (i.e. compiled from source on CI machine).

Once this is fixed, this patch can be reverted.

Related to criu issue 2709.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(Cherry-picked from commit 105674844eaaf24bf14135ef0c64703e511882ab.)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 .github/workflows/test.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e3d86bdd0d5..9d1676a8e51 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -35,13 +35,18 @@ jobs:
             go-version: 1.22.x
           - criu: criu-dev
             go-version: 1.23.x
+            os: ubuntu-24.04
           - criu: criu-dev
             rootless: rootless
+            os: ubuntu-24.04
           # Do race detection only on latest Go.
           - race: -race
             go-version: 1.22.x
           - race: -race
             go-version: 1.23.x
+          # CRIU package 4.1-1 from opensuse build farm doesn't work on arm.
+          - os: ubuntu-24.04-arm
+            criu: ""
 
     runs-on: ${{ matrix.os }}
 

From 376961e8308147bed485c9155be459240542caea Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Mon, 18 Aug 2025 10:46:13 -0700
Subject: [PATCH 3/3] [1.3] Switch to packaged criu on arm

The issue on arm [1] is now fixed, so let's get back to using the
packaged criu version for most of the CI matrix.

This reverts commit 105674844eaaf24bf14135ef0c64703e511882ab
("ci: use criu built from source on gha arm").

[1]: https://github.com/checkpoint-restore/criu/issues/2709

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(Cherry-picked from commit 96f4a90a6b1ca9e3f2011ebaeffb7dc52db2ca32.)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 .github/workflows/test.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9d1676a8e51..e3d86bdd0d5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -35,18 +35,13 @@ jobs:
             go-version: 1.22.x
           - criu: criu-dev
             go-version: 1.23.x
-            os: ubuntu-24.04
           - criu: criu-dev
             rootless: rootless
-            os: ubuntu-24.04
           # Do race detection only on latest Go.
           - race: -race
             go-version: 1.22.x
           - race: -race
             go-version: 1.23.x
-          # CRIU package 4.1-1 from opensuse build farm doesn't work on arm.
-          - os: ubuntu-24.04-arm
-            criu: ""
 
     runs-on: ${{ matrix.os }}