From 47440f508ff34c5c1b86bdb9462e1c5132f302af Mon Sep 17 00:00:00 2001
From: Martin Pitt <mpitt@redhat.com>
Date: Fri, 13 Feb 2026 13:12:54 +0100
Subject: [PATCH 1/2] workflows: Disable CodeQL on push

This is just a waste of resources.
---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a42aec877..e4083c954 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,5 +1,5 @@
 name: CodeQL
-on: [push, pull_request]
+on: pull_request
 
 jobs:
   analyze:

From 757933ad70cdfe4aafa9aa1ec70dd93364a9084a Mon Sep 17 00:00:00 2001
From: Martin Pitt <mpitt@redhat.com>
Date: Fri, 13 Feb 2026 13:08:56 +0100
Subject: [PATCH 2/2] workflows: Run browser integration tests

This is just a proof of concept. It's missing image/npm/pixel git cache
and posting to S3.
---
 .github/workflows/integration-test.yml | 56 ++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .github/workflows/integration-test.yml

diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
new file mode 100644
index 000000000..4ae1d63c6
--- /dev/null
+++ b/.github/workflows/integration-test.yml
@@ -0,0 +1,56 @@
+name: Test
+on:
+  pull_request:
+
+permissions: {}
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        # TODO: read from bots test map
+        test_os:
+          - centos-9-bootc
+          - fedora-43
+
+    steps:
+      - name: Set up /dev/kvm
+        run: |
+          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm.rules
+          sudo udevadm control --reload-rules
+          sudo udevadm trigger --name-match=kvm --settle
+          ls -l /dev/kvm
+
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Start tasks container
+        run: |
+          podman run -d --rm --name tasks \
+            --user github \
+            --init \
+            --device /dev/kvm \
+            --shm-size=512m \
+            --env TEST_OS=${{ matrix.test_os }} \
+            --env HOME=/tmp/home \
+            -v ${{ github.workspace }}:/workspace:U \
+            -w /workspace \
+            $(< .cockpit-ci/container) sh -c 'sleep infinity'
+
+      - name: Create home dir
+        run: podman exec tasks mkdir -p /tmp/home
+
+      # https://github.blog/2022-04-12-git-security-vulnerability-announced/
+      - name: Pacify git's permission check
+        run: podman exec tasks git config --global --add safe.directory /workspace
+
+      - name: Build package and test VM
+        run: podman exec tasks make prepare-check
+
+      - name: Run integration tests
+        run: podman exec tasks make check