@@ -8,6 +8,15 @@ permissions:

 on:

   workflow_call:

+    inputs:

+      arch:

+        required: false

+        type: string

+        default: amd64

+      runner:

+        required: false

+        type: string

+        default: ubuntu-24.04

     secrets:

       CODECOV_TOKEN:

         required: false

@@ -21,7 +30,7 @@ env:

 jobs:

   unit:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ inputs.runner }}

     timeout-minutes: 120 # guardrails timeout for the whole job

     continue-on-error: ${{ github.event_name != 'pull_request' }}

     strategy:

@@ -40,12 +49,13 @@ jobs:

       -

         name: Prepare

         env:

+          ARCH: ${{ inputs.arch }}

           MODE: ${{ matrix.mode }}

         run: |

-          CACHE_DEV_SCOPE=dev

+          CACHE_DEV_SCOPE=dev-${ARCH}

           if [[ "$MODE" == *"firewalld"* ]]; then

             echo "FIREWALLD=true" >> $GITHUB_ENV

-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"

+            CACHE_DEV_SCOPE="dev-firewalld-${ARCH}"

           fi

           echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV

       -

@@ -81,14 +91,14 @@ jobs:

         with:

           directory: ./bundles

           env_vars: RUNNER_OS

-          flags: unit

+          flags: unit,${{ inputs.arch }}

           token: ${{ secrets.CODECOV_TOKEN }}  # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533

       -

         name: Upload reports

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-reports-unit--${{ matrix.mode }}

+          name: test-reports-unit-${{ inputs.arch }}-${{ matrix.mode }}

           path: /tmp/reports/*

           retention-days: 1

       -

@@ -96,7 +106,7 @@ jobs:

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-results-unit--${{ matrix.mode }}

+          name: test-results-unit-${{ inputs.arch }}-${{ matrix.mode }}

           path: /tmp/reports/**/*go-test-report*.json

           retention-days: 7

@@ -118,7 +128,7 @@ jobs:

         name: Download reports

         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1

         with:

-          pattern: test-reports-unit-*

+          pattern: test-reports-unit-${{ inputs.arch }}-*

           path: /tmp/reports

       -

         name: Install teststat

@@ -9,6 +9,14 @@ permissions:

 on:

   workflow_call:

     inputs:

+      arch:

+        required: false

+        type: string

+        default: amd64

+      runner:

+        required: false

+        type: string

+        default: ubuntu-24.04

       storage:

         required: true

         type: string

@@ -30,7 +38,7 @@ env:

 jobs:

   docker-py:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ inputs.runner }}

     timeout-minutes: 120 # guardrails timeout for the whole job

     continue-on-error: ${{ github.event_name != 'pull_request' }}

     steps:

@@ -56,7 +64,7 @@ jobs:

         with:

           targets: dev

           set: |

-            dev.cache-from=type=gha,scope=dev

+            dev.cache-from=type=gha,scope=dev-${{ inputs.arch }}

       -

         name: Test

         run: |

@@ -81,12 +89,12 @@ jobs:

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-reports-docker-py-${{ inputs.storage }}

+          name: test-reports-docker-py-${{ inputs.arch }}-${{ inputs.storage }}

           path: /tmp/reports/*

           retention-days: 1

   integration-flaky:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ inputs.runner }}

     timeout-minutes: 120 # guardrails timeout for the whole job

     continue-on-error: ${{ github.event_name != 'pull_request' }}

     steps:

@@ -112,7 +120,7 @@ jobs:

         with:

           targets: dev

           set: |

-            dev.cache-from=type=gha,scope=dev

+            dev.cache-from=type=gha,scope=dev-${{ inputs.arch }}

       -

         name: Test

         run: |

@@ -132,9 +140,13 @@ jobs:

         id: set

         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0

         env:

+          INPUT_ARCH: ${{ inputs.arch }}

+          INPUT_RUNNER: ${{ inputs.runner }}

           INPUT_STORAGE: ${{ inputs.storage }}

         with:

           script: |

+            const arch = core.getInput('arch', { required: true });

+            const runner = core.getInput('runner', { required: true });

             const storage = core.getInput('storage', { required: true });

             let includes = [

               { os: 'ubuntu-22.04', mode: '' },

@@ -145,10 +157,13 @@ jobs:

               { os: 'ubuntu-24.04', mode: 'systemd' },

               // { os: 'ubuntu-24.04', mode: 'rootless-systemd' }, // FIXME: https://github.com/moby/moby/issues/44084

             ];

+            if (arch != "amd64") {

+              includes = includes.filter(item => item.os == 'ubuntu-24.04').map(item => ({ ...item, os: runner }));

+            }

             if (storage == "snapshotter") {

-              includes.push({ os: 'ubuntu-24.04', mode: 'iptables+firewalld' });

-              includes.push({ os: 'ubuntu-24.04', mode: 'nftables' });

-              includes.push({ os: 'ubuntu-24.04', mode: 'nftables+firewalld' });

+              includes.push({ os: arch == "amd64" ? 'ubuntu-24.04' : runner, mode: 'iptables+firewalld' });

+              includes.push({ os: arch == "amd64" ? 'ubuntu-24.04' : runner, mode: 'nftables' });

+              includes.push({ os: arch == "amd64" ? 'ubuntu-24.04' : runner, mode: 'nftables+firewalld' });

             }

             await core.group(`Set matrix`, async () => {

               core.info(`matrix: ${JSON.stringify(includes)}`);

@@ -178,19 +193,20 @@ jobs:

       -

         name: Prepare

         env:

+          ARCH: ${{ inputs.arch }}

           MODE: ${{ matrix.mode }}

         run: |

-          CACHE_DEV_SCOPE=dev

+          CACHE_DEV_SCOPE=dev-${ARCH}

           if [[ "$MODE" == *"rootless"* ]]; then

             echo "DOCKER_ROOTLESS=1" >> $GITHUB_ENV

           fi

           if [[ "$MODE" == *"systemd"* ]]; then

             echo "SYSTEMD=true" >> $GITHUB_ENV

-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"

+            CACHE_DEV_SCOPE="dev-systemd-${ARCH}"

           fi

           if [[ "$MODE" == *"firewalld"* ]]; then

             echo "FIREWALLD=true" >> $GITHUB_ENV

-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"

+            CACHE_DEV_SCOPE="dev-firewalld-${ARCH}"

           fi

           if [[ "$MODE" == *"nftables"* ]]; then

             echo "DOCKER_FIREWALL_BACKEND=nftables" >> $GITHUB_ENV

@@ -257,7 +273,7 @@ jobs:

         with:

           directory: ./bundles/test-integration

           env_vars: RUNNER_OS

-          flags: integration,${{ matrix.mode }}

+          flags: integration,${{ inputs.arch }},${{ matrix.mode }}

           token: ${{ secrets.CODECOV_TOKEN }}  # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533

       -

         name: Test daemon logs

@@ -269,7 +285,7 @@ jobs:

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-reports-integration-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}

+          name: test-reports-integration-${{ inputs.arch }}-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}

           path: /tmp/reports/*

           retention-days: 1

       -

@@ -277,7 +293,7 @@ jobs:

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-results-integration-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}

+          name: test-results-integration-${{ inputs.arch }}-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}

           path: /tmp/reports/**/*go-test-report*.json

           retention-days: 7

@@ -300,7 +316,7 @@ jobs:

         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1

         with:

           path: /tmp/reports

-          pattern: test-reports-integration-${{ inputs.storage }}-*

+          pattern: test-reports-integration-${{ inputs.arch }}-${{ inputs.storage }}-*

           merge-multiple: true

       -

         name: Install teststat

@@ -314,7 +330,7 @@ jobs:

           fi

   integration-cli-prepare:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ inputs.runner }}

     timeout-minutes: 120 # guardrails timeout for the whole job

     continue-on-error: ${{ github.event_name != 'pull_request' }}

     outputs:

@@ -409,7 +425,7 @@ jobs:

             });

   integration-cli:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ inputs.runner }}

     timeout-minutes: 120 # guardrails timeout for the whole job

     continue-on-error: ${{ github.event_name != 'pull_request' }}

     needs:

@@ -430,12 +446,13 @@ jobs:

       -

         name: Prepare

         env:

+          ARCH: ${{ inputs.arch }}

           MODE: ${{ matrix.mode }}

         run: |

-          CACHE_DEV_SCOPE=dev

+          CACHE_DEV_SCOPE=dev-${ARCH}

           if [[ "$MODE" == *"firewalld"* ]]; then

             echo "FIREWALLD=true" >> $GITHUB_ENV

-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"

+            CACHE_DEV_SCOPE="dev-firewalld-${ARCH}"

           fi

           if [[ "$MODE" == *"nftables"* ]]; then

             echo "DOCKER_FIREWALL_BACKEND=nftables" >> $GITHUB_ENV

@@ -454,7 +471,7 @@ jobs:

         with:

           targets: dev

           set: |

-            dev.cache-from=type=gha,scope=dev

+            dev.cache-from=type=gha,scope=${{ env.CACHE_DEV_SCOPE }}

       -

         name: Test

         run: |

@@ -487,7 +504,7 @@ jobs:

         with:

           directory: ./bundles/test-integration

           env_vars: RUNNER_OS

-          flags: integration-cli

+          flags: integration-cli,${{ inputs.arch }}

           token: ${{ secrets.CODECOV_TOKEN }}  # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533

       -

         name: Test daemon logs

@@ -499,7 +516,7 @@ jobs:

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-reports-integration-cli-${{ inputs.storage }}-${{ matrix.mode }}-${{ env.TESTREPORTS_NAME }}

+          name: test-reports-integration-cli-${{ inputs.arch }}-${{ inputs.storage }}-${{ matrix.mode }}-${{ env.TESTREPORTS_NAME }}

           path: /tmp/reports/*

           retention-days: 1

       -

@@ -507,7 +524,7 @@ jobs:

         if: always()

         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

         with:

-          name: test-results-integration-cli-${{ inputs.storage }}-${{ matrix.mode }}-${{ env.TESTREPORTS_NAME }}

+          name: test-results-integration-cli-${{ inputs.arch }}-${{ inputs.storage }}-${{ matrix.mode }}-${{ env.TESTREPORTS_NAME }}

           path: /tmp/reports/**/*go-test-report*.json

           retention-days: 7

@@ -530,7 +547,7 @@ jobs:

         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1

         with:

           path: /tmp/reports

-          pattern: test-reports-integration-cli-${{ inputs.storage }}-${{ matrix.mode }}-*

+          pattern: test-reports-integration-cli-${{ inputs.arch }}-${{ inputs.storage }}-*

           merge-multiple: true

       -

         name: Install teststat

deleted file mode 100644

@@ -1,304 +0,0 @@

-name: arm64

-

-concurrency:

-  group: ${{ github.workflow }}-${{ github.ref }}

-  cancel-in-progress: true

-

-permissions:

-  contents: read

-

-on:

-  workflow_dispatch:

-  push:

-    branches:

-      - 'master'

-      - '[0-9]+.[0-9]+'

-      - '[0-9]+.x'

-  pull_request:

-

-env:

-  GO_VERSION: "1.26.4"

-  TESTSTAT_VERSION: v0.1.25

-  DESTDIR: ./build

-  SETUP_BUILDX_VERSION: edge

-  SETUP_BUILDKIT_IMAGE: moby/buildkit:latest

-  DOCKER_EXPERIMENTAL: 1

-

-jobs:

-  validate-dco:

-    uses: ./.github/workflows/.dco.yml

-

-  build:

-    runs-on: ubuntu-24.04-arm

-    timeout-minutes: 20 # guardrails timeout for the whole job

-    if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}

-    needs:

-      - validate-dco

-    strategy:

-      fail-fast: false

-      matrix:

-        target:

-          - binary

-          - dynbinary

-    steps:

-      -

-        name: Set up Docker Buildx

-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

-        with:

-          version: ${{ env.SETUP_BUILDX_VERSION }}

-          driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}

-          buildkitd-flags: --debug

-      -

-        name: Build

-        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0

-        with:

-          targets: ${{ matrix.target }}

-      -

-        name: List artifacts

-        run: |

-          tree -nh ${{ env.DESTDIR }}

-      -

-        name: Check artifacts

-        run: |

-          find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +

-

-  build-dev:

-    runs-on: ubuntu-24.04-arm

-    timeout-minutes: 120 # guardrails timeout for the whole job

-    if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}

-    needs:

-      - validate-dco

-    steps:

-      -

-        name: Set up Docker Buildx

-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

-        with:

-          version: ${{ env.SETUP_BUILDX_VERSION }}

-          driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}

-          buildkitd-flags: --debug

-      -

-        name: Build dev image

-        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0

-        with:

-          targets: dev

-          set: |

-            *.cache-from=type=gha,scope=dev-arm64

-            *.cache-to=type=gha,scope=dev-arm64

-            *.output=type=cacheonly

-

-  test-unit:

-    runs-on: ubuntu-24.04-arm

-    timeout-minutes: 120 # guardrails timeout for the whole job

-    if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}

-    needs:

-      - build-dev

-    steps:

-      -

-        name: Checkout

-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

-      -

-        name: Set up runner

-        uses: ./.github/actions/setup-runner

-      -

-        name: Set up Docker Buildx

-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

-        with:

-          version: ${{ env.SETUP_BUILDX_VERSION }}

-          driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}

-          buildkitd-flags: --debug

-      -

-        name: Set up QEMU

-        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

-      -

-        name: Build dev image

-        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0

-        with:

-          targets: dev

-          set: |

-            dev.cache-from=type=gha,scope=dev-arm64

-      -

-        name: Test

-        run: |

-          make -o build test-unit

-      -

-        name: Prepare reports

-        if: always()

-        run: |

-          mkdir -p bundles /tmp/reports

-          find bundles \( -path '*/root' -o -path '*/root/*' \) -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print0 | sudo tar --null --files-from=- -czf /tmp/reports.tar.gz

-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports

-          sudo chown -R $(id -u):$(id -g) /tmp/reports

-          tree -nh /tmp/reports

-      -

-        name: Send to Codecov

-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1

-        with:

-          directory: ./bundles

-          env_vars: RUNNER_OS

-          flags: unit

-          token: ${{ secrets.CODECOV_TOKEN }}  # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533

-      -

-        name: Upload reports

-        if: always()

-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

-        with:

-          name: test-reports-unit-arm64-graphdriver

-          path: /tmp/reports/*

-          retention-days: 1

-      -

-        name: Upload test results (gotestsum JSON)

-        if: always()

-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

-        with:

-          name: test-results-unit-arm64-graphdriver

-          path: /tmp/reports/**/*go-test-report*.json

-          retention-days: 7

-

-  test-unit-report:

-    runs-on: ubuntu-24.04

-    timeout-minutes: 10

-    continue-on-error: ${{ github.event_name != 'pull_request' }}

-    if: always() && (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only'))

-    needs:

-      - test-unit

-    steps:

-      -

-        name: Set up Go

-        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0

-        with:

-          go-version: ${{ env.GO_VERSION }}

-          cache: false

-      -

-        name: Download reports

-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1

-        with:

-          pattern: test-reports-unit-arm64-*

-          path: /tmp/reports

-      -

-        name: Install teststat

-        run: |

-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}

-      -

-        name: Create summary

-        run: |

-          if [ -d /tmp/reports ]; then

-            find /tmp/reports -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> "$GITHUB_STEP_SUMMARY"

-          fi

-

-  test-integration:

-    runs-on: ubuntu-24.04-arm

-    timeout-minutes: 120 # guardrails timeout for the whole job

-    continue-on-error: ${{ github.event_name != 'pull_request' }}

-    if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}

-    needs:

-      - build-dev

-    steps:

-      -

-        name: Checkout

-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

-      -

-        name: Set up runner

-        uses: ./.github/actions/setup-runner

-      -

-        name: Set up tracing

-        uses: ./.github/actions/setup-tracing

-      -

-        name: Set up Docker Buildx

-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

-        with:

-          version: ${{ env.SETUP_BUILDX_VERSION }}

-          driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}

-          buildkitd-flags: --debug

-      -

-        name: Set up QEMU

-        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

-      -

-        name: Build dev image

-        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0

-        with:

-          targets: dev

-          set: |

-            dev.cache-from=type=gha,scope=dev-arm64

-      -

-        name: Test

-        run: |

-          make -o build test-integration

-        env:

-          TEST_SKIP_INTEGRATION_CLI: 1

-          TESTCOVERAGE: 1

-      -

-        name: Prepare reports

-        if: always()

-        run: |

-          reportsName=arm64-graphdriver

-          reportsPath=/tmp/reports/$reportsName

-          echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV

-          

-          docker stop otelcol

-          mkdir -p bundles $reportsPath

-          find bundles \( -path '*/root' -o -path '*/root/*' \) -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print0 | sudo tar --null --files-from=- -czf /tmp/reports.tar.gz

-          tar -xzf /tmp/reports.tar.gz -C $reportsPath

-          sudo mv /tmp/reports/otel-trace*.jsonl $reportsPath/ 2>/dev/null || true

-          sudo chown -R $(id -u):$(id -g) $reportsPath

-          tree -nh $reportsPath

-      -

-        name: Send to Codecov

-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1

-        with:

-          directory: ./bundles/test-integration

-          env_vars: RUNNER_OS

-          flags: integration

-          token: ${{ secrets.CODECOV_TOKEN }}  # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533

-      -

-        name: Test daemon logs

-        if: always()

-        run: |

-          cat bundles/test-integration/docker.log

-      -

-        name: Upload reports

-        if: always()

-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

-        with:

-          name: test-reports-integration-arm64-graphdriver

-          path: /tmp/reports/*

-          retention-days: 1

-      -

-        name: Upload test results (gotestsum JSON)

-        if: always()

-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1

-        with:

-          name: test-results-integration-arm64-graphdriver

-          path: /tmp/reports/**/*go-test-report*.json

-          retention-days: 7

-

-  test-integration-report:

-    runs-on: ubuntu-24.04

-    timeout-minutes: 10

-    continue-on-error: ${{ github.event_name != 'pull_request' }}

-    if: always() && (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only'))

-    needs:

-      - test-integration

-    steps:

-      -

-        name: Set up Go

-        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0

-        with:

-          go-version: ${{ env.GO_VERSION }}

-          cache: false

-      -

-        name: Download reports

-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1

-        with:

-          path: /tmp/reports

-          pattern: test-reports-integration-arm64-*

-          merge-multiple: true

-      -

-        name: Install teststat

-        run: |

-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}

-      -

-        name: Create summary

-        run: |

-          if [ -d /tmp/reports ]; then

-            find /tmp/reports -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> "$GITHUB_STEP_SUMMARY"

-          fi

@@ -26,16 +26,22 @@ jobs:

     uses: ./.github/workflows/.dco.yml

   build:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ matrix.runner }}

     timeout-minutes: 20 # guardrails timeout for the whole job

     needs:

       - validate-dco

     strategy:

       fail-fast: false

       matrix:

-        target:

-          - binary

-          - dynbinary

+        include:

+          - runner: ubuntu-24.04

+            target: binary

+          - runner: ubuntu-24.04

+            target: dynbinary

+          - runner: ubuntu-24.04-arm

+            target: binary

+          - runner: ubuntu-24.04-arm

+            target: dynbinary

     steps:

       -

         name: Set up Docker Buildx

@@ -28,13 +28,16 @@ jobs:

     uses: ./.github/workflows/.dco.yml

   build-dev:

-    runs-on: ubuntu-24.04

+    runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}

     timeout-minutes: 120 # guardrails timeout for the whole job

     needs:

       - validate-dco

     strategy:

       fail-fast: false

       matrix:

+        arch:

+          - amd64

+          - arm64

         mode:

           - ""

           - systemd

@@ -61,16 +64,16 @@ jobs:

         with:

           targets: dev

           set: |

-            *.cache-from=type=gha,scope=dev${{ matrix.mode }}

-            *.cache-to=type=gha,scope=dev${{ matrix.mode }}

-            ${{ matrix.mode == '' && '*.output=type=docker,dest=/tmp/dev-image.tar' || '*.output=type=cacheonly' }}

+            *.cache-from=type=gha,scope=${{ matrix.mode == '' && format('dev-{0}', matrix.arch) || format('dev-{0}-{1}', matrix.mode, matrix.arch) }}

+            *.cache-to=type=gha,scope=${{ matrix.mode == '' && format('dev-{0}', matrix.arch) || format('dev-{0}-{1}', matrix.mode, matrix.arch) }}

+            ${{ matrix.mode == '' && format('*.output=type=docker,dest=/tmp/dev-image-{0}.tar', matrix.arch) || '*.output=type=cacheonly' }}

       -

         name: Cache dev image

         if: matrix.mode == ''

         uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5

         with:

-          key: dev-image-${{ github.run_id }}

-          path: /tmp/dev-image.tar

+          key: dev-image-${{ matrix.arch }}-${{ github.run_id }}

+          path: /tmp/dev-image-${{ matrix.arch }}.tar

   test:

     if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}

@@ -81,10 +84,22 @@ jobs:

     strategy:

       fail-fast: false

       matrix:

-        storage:

-          - graphdriver

-          - snapshotter

+        include:

+          - arch: amd64

+            runner: ubuntu-24.04

+            storage: graphdriver

+          - arch: amd64

+            runner: ubuntu-24.04

+            storage: snapshotter

+          - arch: arm64

+            runner: ubuntu-24.04-arm

+            storage: graphdriver

+          - arch: arm64

+            runner: ubuntu-24.04-arm

+            storage: snapshotter

     with:

+      arch: ${{ matrix.arch }}

+      runner: ${{ matrix.runner }}

       storage: ${{ matrix.storage }}

     secrets:

       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

@@ -95,6 +110,17 @@ jobs:

       - build-dev

       - validate-dco

     uses: ./.github/workflows/.test-unit.yml

+    strategy:

+      fail-fast: false

+      matrix:

+        include:

+          - arch: amd64

+            runner: ubuntu-24.04

+          - arch: arm64

+            runner: ubuntu-24.04-arm

+    with:

+      arch: ${{ matrix.arch }}

+      runner: ${{ matrix.runner }}

     secrets:

       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

@@ -146,13 +172,13 @@ jobs:

         name: Restore dev image

         uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5

         with:

-          key: dev-image-${{ github.run_id }}

-          path: /tmp/dev-image.tar

+          key: dev-image-amd64-${{ github.run_id }}

+          path: /tmp/dev-image-amd64.tar

           fail-on-cache-miss: true

       -

         name: Load dev image

         run: |

-          docker load -i /tmp/dev-image.tar

+          docker load -i /tmp/dev-image-amd64.tar

       -

         name: Validate

         env: