openshift
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 53 additions & 16 deletions b/‎.github/workflows/build.yml‎
Lines changed: 53 additions & 16 deletions
diff --git a/‎.github/workflows/olm_tests.yaml‎
Lines changed: 3 additions & 4 deletions b/‎.github/workflows/olm_tests.yaml‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 11 additions & 19 deletions b/‎.github/workflows/test.yml‎
Lines changed: 11 additions & 19 deletions
@@ -7,8 +7,7 @@ on:
     types: [published]
   pull_request:
 env:
-  GO_VERSION: '1.24'
-  NIX_VERSION: '2.25.0'
+  NIX_VERSION: '2.30.1'
   BOM_VERSION: v0.6.0
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -23,12 +22,20 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: ./go.mod
       - run: make test-unit
       - run: make verify-go-lint
 
   nix:
-    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - amd64
+          - arm64
+          - ppc64le
+    runs-on: ubuntu-24.04
+    name: nix / ${{ matrix.arch }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
@@ -39,15 +46,45 @@ jobs:
           name: security-profiles-operator
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
           pushFilter: security-profiles-operator
-      - run: make nix
+      - run: make nix-${{ matrix.arch }}
       - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: build
-          path: build.tar.gz
+          name: build-${{ matrix.arch }}
+          path: build/${{ matrix.arch }}
 
   nix-spoc:
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - amd64
+          - arm64
+          - ppc64le
+    runs-on: ubuntu-24.04
+    name: nix / spoc / ${{ matrix.arch }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
+        with:
+          install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
+      - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
+        with:
+          name: security-profiles-operator
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          pushFilter: security-profiles-operator
+      - run: nix-build nix/default-${{ matrix.arch }}.nix
+
+  nix-spoc-push:
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - amd64
+          - arm64
+          - ppc64le
     if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
-    runs-on: ubuntu-22.04
+    name: nix / spoc / push / ${{ matrix.arch }}
+    runs-on: ubuntu-24.04
     permissions:
       contents: write  # required for updating the release
       id-token: write  # required for sigstore signing
@@ -66,10 +103,10 @@ jobs:
           sudo curl -sSfL --retry 5 --retry-delay 3 -o /usr/bin/bom \
             https://github.com/kubernetes-sigs/bom/releases/download/${{ env.BOM_VERSION }}/bom-amd64-linux
           sudo chmod +x /usr/bin/bom
-      - run: make nix-spoc
+      - run: make nix-spoc-${{ matrix.arch }}
       - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: spoc
+          name: spoc-${{ matrix.arch }}
           path: |
             build/*
       - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
@@ -79,12 +116,12 @@ jobs:
             build/*
 
   bpf:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
-          go-version: ${{ env.GO_VERSION }}
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          go-version-file: ./go.mod
       - uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
         with:
           install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
@@ -96,7 +133,7 @@ jobs:
       - run: make verify-bpf
 
   build-image:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Remove unnecessary files
         run: |
@@ -137,7 +174,7 @@ jobs:
           push: ${{ github.ref == 'refs/heads/main' }}
 
   operator-image:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Docker Buildx
@@ -171,7 +208,7 @@ jobs:
           load: true
 
   ubi-image:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Docker Buildx
 
@@ -5,8 +5,7 @@ on:
       - main
   pull_request:
 env:
-  GO_VERSION: '1.24'
-  KIND_IMG_TAG: v1.32.0
+  KIND_IMG_TAG: v1.32.2
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -16,7 +15,7 @@ permissions: {}
 jobs:
   main:
     name: tests
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -29,7 +28,7 @@ jobs:
 
     - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: ./go.mod
 
     - name: Install dependencies
       run: |
 
@@ -4,8 +4,6 @@ on:
     branches:
       - main
   pull_request:
-env:
-  GO_VERSION: '1.24'
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -19,7 +17,7 @@ jobs:
       # write security-events is required by all codeql-action workflows
       security-events: write
 
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: github/codeql-action/init@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # v2.17.1
@@ -29,12 +27,12 @@ jobs:
       - uses: github/codeql-action/analyze@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # v2.17.1
 
   coverage:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: ./go.mod
       - name: Install dependencies
         run: sudo hack/install-packages
       - run: make test-unit
@@ -45,7 +43,7 @@ jobs:
           verbose: true
 
   image:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - run: hack/install-crun
@@ -60,8 +58,7 @@ jobs:
 
   e2e-fedora:
     needs: image
-    # TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 90
     env:
       RUN: ./hack/ci/run-fedora.sh
@@ -96,8 +93,7 @@ jobs:
 
   e2e-ubuntu:
     needs: image
-    # TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 90
     env:
       RUN: ./hack/ci/run-ubuntu.sh
@@ -132,8 +128,7 @@ jobs:
 
   e2e-flatcar:
     needs: image
-    # TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 90
     env:
       RUN: ./hack/ci/run-flatcar.sh
@@ -174,8 +169,7 @@ jobs:
 
   e2e-spoc:
     needs: image
-    # TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 90
     env:
       RUN: ./hack/ci/run-debian.sh
@@ -205,8 +199,7 @@ jobs:
 
   e2e-seccomp-profile:
     needs: image
-    # TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 90
     env:
       RUN: ./hack/ci/run-debian.sh
@@ -236,8 +229,7 @@ jobs:
 
   e2e-apparmor-profile:
     needs: image
-    # TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 90
     env:
       RUN: ./hack/ci/run-debian.sh
@@ -266,7 +258,7 @@ jobs:
         run: $RUN hack/ci/e2e-apparmor.sh
 
   typos:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: crate-ci/typos@9d890159570d5018df91fedfa40b4730cd4a81b1 # v1.28.4