DO NOT MERGE: Comment out tests for a reduced CI burden

WIP: workflows: Trigger CI tests with gh cli
- We are hitting limitations where gh can only call actions with 20 workflow jobs, so split out the CI test jobs as separate workflows and call them once the required artifacts are created. - Note: This commit updates the test runs to use the source branch workflows, rather than target branch that we have at the moment, we need to think about this pretty carefully to check there isn't any secuirty concerns here (I think there aren't as we are already vulnerable in this respect) WIP: Run the workflow on the ref, or the `main` version?
2026-02-22 14:54:23 +00:00 · 2025-07-17 14:51:19 +01:00 · 2025-07-17 14:51:19 +01:00 · 2025-07-17 14:51:19 +01:00
8 changed files with 693 additions and 448 deletions
--- a/.github/workflows/ci-devel.yaml
+++ b/.github/workflows/ci-devel.yaml
@@ -8,10 +8,11 @@ permissions:
 jobs:
  kata-containers-ci-on-push:
    permissions:
-      contents: read
-      packages: write
-      id-token: write
+      actions: write
      attestations: write
+      contents: read
+      id-token: write
+      packages: write
    uses: ./.github/workflows/ci.yaml
    with:
      commit-hash: ${{ github.sha }}
--- a/.github/workflows/ci-nightly.yaml
+++ b/.github/workflows/ci-nightly.yaml
@@ -13,10 +13,11 @@ permissions:
 jobs:
  kata-containers-ci-on-push:
    permissions:
-      contents: read
-      packages: write
-      id-token: write
+      actions: write
      attestations: write
+      contents: read
+      id-token: write
+      packages: write
    uses: ./.github/workflows/ci.yaml
    with:
      commit-hash: ${{ github.sha }}
--- a/.github/workflows/ci-on-push.yaml
+++ b/.github/workflows/ci-on-push.yaml
@@ -33,10 +33,11 @@ jobs:
    needs: skipper
    if: ${{ needs.skipper.outputs.skip_build != 'yes' }}
    permissions:
-      contents: read
-      packages: write
-      id-token: write
+      actions: write
      attestations: write
+      contents: read
+      id-token: write
+      packages: write
    uses: ./.github/workflows/ci.yaml
    with:
      commit-hash: ${{ github.event.pull_request.head.sha }}
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -71,112 +71,112 @@ jobs:
    secrets:
      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

-  build-kata-static-tarball-arm64:
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-      attestations: write
-    uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
+  # build-kata-static-tarball-arm64:
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #     id-token: write
+  #     attestations: write
+  #   uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}

-  publish-kata-deploy-payload-arm64:
-    needs: build-kata-static-tarball-arm64
-    permissions:
-      contents: read
-      packages: write
-    uses: ./.github/workflows/publish-kata-deploy-payload.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-arm64
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: ubuntu-22.04-arm
-      arch: arm64
-    secrets:
-      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+  # publish-kata-deploy-payload-arm64:
+  #   needs: build-kata-static-tarball-arm64
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #   uses: ./.github/workflows/publish-kata-deploy-payload.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-arm64
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: ubuntu-22.04-arm
+  #     arch: arm64
+  #   secrets:
+  #     QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

-  build-kata-static-tarball-s390x:
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-      attestations: write
-    uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-    secrets:
-      CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
-      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+  # build-kata-static-tarball-s390x:
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #     id-token: write
+  #     attestations: write
+  #   uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #   secrets:
+  #     CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
+  #     QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

-  build-kata-static-tarball-ppc64le:
-    permissions:
-      contents: read
-      packages: write
-    uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-    secrets:
-      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+  # build-kata-static-tarball-ppc64le:
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #   uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #   secrets:
+  #     QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

-  build-kata-static-tarball-riscv64:
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-      attestations: write
-    uses: ./.github/workflows/build-kata-static-tarball-riscv64.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-    secrets:
-      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+  # build-kata-static-tarball-riscv64:
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #     id-token: write
+  #     attestations: write
+  #   uses: ./.github/workflows/build-kata-static-tarball-riscv64.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #   secrets:
+  #     QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

-  publish-kata-deploy-payload-s390x:
-    needs: build-kata-static-tarball-s390x
-    permissions:
-      contents: read
-      packages: write
-    uses: ./.github/workflows/publish-kata-deploy-payload.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-s390x
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: s390x
-      arch: s390x
-    secrets:
-      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+  # publish-kata-deploy-payload-s390x:
+  #   needs: build-kata-static-tarball-s390x
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #   uses: ./.github/workflows/publish-kata-deploy-payload.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-s390x
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: s390x
+  #     arch: s390x
+  #   secrets:
+  #     QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

-  publish-kata-deploy-payload-ppc64le:
-    needs: build-kata-static-tarball-ppc64le
-    permissions:
-      contents: read
-      packages: write
-    uses: ./.github/workflows/publish-kata-deploy-payload.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-ppc64le
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: ppc64le
-      arch: ppc64le
-    secrets:
-      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+  # publish-kata-deploy-payload-ppc64le:
+  #   needs: build-kata-static-tarball-ppc64le
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #   uses: ./.github/workflows/publish-kata-deploy-payload.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-ppc64le
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: ppc64le
+  #     arch: ppc64le
+  #   secrets:
+  #     QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

  build-and-publish-tee-confidential-unencrypted-image:
    permissions:
@@ -275,29 +275,61 @@ jobs:

  run-kata-monitor-tests:
    if: ${{ inputs.skip-test != 'yes' }}
+    runs-on: ubuntu-22.04
    needs: build-kata-static-tarball-amd64
-    uses: ./.github/workflows/run-kata-monitor-tests.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
+    env:
+      GH_TOKEN: ${{ github.token }}
+    permissions:
+      actions: write # Permission to trigger the gh workflows
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Trigger kata monitor tests
+        run: |
+          ./tests/gha-helper.sh trigger-and-check-workflow \
+            run-kata-monitor-tests.yaml \
+            ${{ github.ref }} \
+            ${{ github.sha }} \
+            '{
+              "artifact-run-id":"${{ github.run_id }}",
+              "tarball-suffix":"-${{ inputs.tag }}",
+              "commit-hash":"${{ inputs.commit-hash }}",
+              "target-branch":"${{ inputs.target-branch }}"
+            }'

  run-k8s-tests-on-aks:
    if: ${{ inputs.skip-test != 'yes' }}
+    runs-on: ubuntu-22.04
    needs: publish-kata-deploy-payload-amd64
-    uses: ./.github/workflows/run-k8s-tests-on-aks.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-amd64
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
-    secrets:
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+    env:
+      GH_TOKEN: ${{ github.token }}
+    permissions:
+      actions: write # Permission to trigger the gh workflows
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Trigger run-k8s-tests-on-aks workflow
+        run: |
+          ./tests/gha-helper.sh trigger-and-check-workflow \
+            run-k8s-tests-on-aks.yaml \
+            ${{ github.ref }} \
+            ${{ github.sha }} \
+            '{
+              "artifact-run-id":"${{ github.run_id }}",
+              "tarball-suffix":"-${{ inputs.tag }}",
+              "registry":"ghcr.io",
+              "repo":"${{ github.repository_owner }}/kata-deploy-ci",
+              "tag":"${{ inputs.tag }}-amd64",
+              "commit-hash":"${{ inputs.commit-hash }}",
+              "pr-number":"${{ inputs.pr-number }}",
+              "target-branch":"${{ inputs.target-branch }}"
+            }'

  run-k8s-tests-on-amd64:
    if: ${{ inputs.skip-test != 'yes' }}
@@ -311,194 +343,206 @@ jobs:
      pr-number: ${{ inputs.pr-number }}
      target-branch: ${{ inputs.target-branch }}

-  run-k8s-tests-on-arm64:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: publish-kata-deploy-payload-arm64
-    uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml
-    with:
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-arm64
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
+  # run-k8s-tests-on-arm64:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: publish-kata-deploy-payload-arm64
+  #   uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml
+  #   with:
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-arm64
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     pr-number: ${{ inputs.pr-number }}
+  #     target-branch: ${{ inputs.target-branch }}

  run-kata-coco-tests:
    if: ${{ inputs.skip-test != 'yes' }}
+    runs-on: ubuntu-22.04
    needs:
-     - publish-kata-deploy-payload-amd64
-     - build-and-publish-tee-confidential-unencrypted-image
-     - publish-csi-driver-amd64
-    uses: ./.github/workflows/run-kata-coco-tests.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-amd64
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
-    secrets:
-      AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
-      ITA_KEY: ${{ secrets.ITA_KEY }}
+    - publish-kata-deploy-payload-amd64
+    - build-and-publish-tee-confidential-unencrypted-image
+    - publish-csi-driver-amd64
+    env:
+      GH_TOKEN: ${{ github.token }}
+    permissions:
+      actions: write # Permission to trigger the gh workflows
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Trigger kata-coco-tests for amd64 arch
+        run: |
+          ./tests/gha-helper.sh trigger-and-check-workflow \
+            run-kata-coco-tests.yaml \
+            ${{ github.ref }} \
+            ${{ github.sha }} \
+            '{
+              "artifact-run-id":"${{ github.run_id }}",
+              "tarball-suffix":"-${{ inputs.tag }}",
+              "registry":"ghcr.io",
+              "repo":"${{ github.repository_owner }}/kata-deploy-ci",
+              "tag":"${{ inputs.tag }}-amd64",
+              "commit-hash":"${{ inputs.commit-hash }}",
+              "pr-number":"${{ inputs.pr-number }}",
+              "target-branch":"${{ inputs.target-branch }}"
+            }'

-  run-k8s-tests-on-zvsi:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image]
-    uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml
-    with:
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-s390x
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
-    secrets:
-      AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
+  # run-k8s-tests-on-zvsi:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image]
+  #   uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml
+  #   with:
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-s390x
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     pr-number: ${{ inputs.pr-number }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #   secrets:
+  #     AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}

-  run-k8s-tests-on-ppc64le:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: publish-kata-deploy-payload-ppc64le
-    uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml
-    with:
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-ppc64le
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
+  # run-k8s-tests-on-ppc64le:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: publish-kata-deploy-payload-ppc64le
+  #   uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml
+  #   with:
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-ppc64le
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     pr-number: ${{ inputs.pr-number }}
+  #     target-branch: ${{ inputs.target-branch }}

-  run-kata-deploy-tests:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: [publish-kata-deploy-payload-amd64]
-    uses: ./.github/workflows/run-kata-deploy-tests.yaml
-    with:
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-amd64
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
+  # run-kata-deploy-tests:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: [publish-kata-deploy-payload-amd64]
+  #   uses: ./.github/workflows/run-kata-deploy-tests.yaml
+  #   with:
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-amd64
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     pr-number: ${{ inputs.pr-number }}
+  #     target-branch: ${{ inputs.target-branch }}

-  run-metrics-tests:
-    # Skip metrics tests whilst runner is broken
-    if: false
-    # if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-amd64
-    uses: ./.github/workflows/run-metrics.yaml
-    with:
-      registry: ghcr.io
-      repo: ${{ github.repository_owner }}/kata-deploy-ci
-      tag: ${{ inputs.tag }}-amd64
-      commit-hash: ${{ inputs.commit-hash }}
-      pr-number: ${{ inputs.pr-number }}
-      target-branch: ${{ inputs.target-branch }}
+  # run-metrics-tests:
+  #   # Skip metrics tests whilst runner is broken
+  #   if: false
+  #   # if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-amd64
+  #   uses: ./.github/workflows/run-metrics.yaml
+  #   with:
+  #     registry: ghcr.io
+  #     repo: ${{ github.repository_owner }}/kata-deploy-ci
+  #     tag: ${{ inputs.tag }}-amd64
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     pr-number: ${{ inputs.pr-number }}
+  #     target-branch: ${{ inputs.target-branch }}

-  run-basic-amd64-tests:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-amd64
-    uses: ./.github/workflows/basic-ci-amd64.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
+  # run-basic-amd64-tests:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-amd64
+  #   uses: ./.github/workflows/basic-ci-amd64.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}

-  run-basic-s390x-tests:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-s390x
-    uses: ./.github/workflows/basic-ci-s390x.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
+  # run-basic-s390x-tests:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-s390x
+  #   uses: ./.github/workflows/basic-ci-s390x.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}

-  run-cri-containerd-amd64:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-amd64
-    strategy:
-      fail-fast: false
-      matrix:
-        params: [
-          { containerd_version: lts,    vmm: clh              },
-          { containerd_version: lts,    vmm: dragonball       },
-          { containerd_version: lts,    vmm: qemu             },
-          { containerd_version: lts,    vmm: stratovirt       },
-          { containerd_version: lts,    vmm: cloud-hypervisor },
-          { containerd_version: lts,    vmm: qemu-runtime-rs  },
-          { containerd_version: active, vmm: clh              },
-          { containerd_version: active, vmm: dragonball       },
-          { containerd_version: active, vmm: qemu             },
-          { containerd_version: active, vmm: stratovirt       },
-          { containerd_version: active, vmm: cloud-hypervisor },
-          { containerd_version: active, vmm: qemu-runtime-rs  },
-         ]
-    uses: ./.github/workflows/run-cri-containerd-tests.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: ubuntu-22.04
-      arch: amd64
-      containerd_version: ${{ matrix.params.containerd_version }}
-      vmm: ${{ matrix.params.vmm }}
+  # run-cri-containerd-amd64:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-amd64
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       params: [
+  #         { containerd_version: lts,    vmm: clh              },
+  #         { containerd_version: lts,    vmm: dragonball       },
+  #         { containerd_version: lts,    vmm: qemu             },
+  #         { containerd_version: lts,    vmm: stratovirt       },
+  #         { containerd_version: lts,    vmm: cloud-hypervisor },
+  #         { containerd_version: lts,    vmm: qemu-runtime-rs  },
+  #         { containerd_version: active, vmm: clh              },
+  #         { containerd_version: active, vmm: dragonball       },
+  #         { containerd_version: active, vmm: qemu             },
+  #         { containerd_version: active, vmm: stratovirt       },
+  #         { containerd_version: active, vmm: cloud-hypervisor },
+  #         { containerd_version: active, vmm: qemu-runtime-rs  },
+  #        ]
+  #   uses: ./.github/workflows/run-cri-containerd-tests.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: ubuntu-22.04
+  #     arch: amd64
+  #     containerd_version: ${{ matrix.params.containerd_version }}
+  #     vmm: ${{ matrix.params.vmm }}

-  run-cri-containerd-s390x:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-s390x
-    strategy:
-      fail-fast: false
-      matrix:
-        params: [
-          { containerd_version: active, vmm: qemu            },
-          { containerd_version: active, vmm: qemu-runtime-rs },
-         ]
-    uses: ./.github/workflows/run-cri-containerd-tests.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: s390x-large
-      arch: s390x
-      containerd_version: ${{ matrix.params.containerd_version }}
-      vmm: ${{ matrix.params.vmm }}
+  # run-cri-containerd-s390x:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-s390x
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       params: [
+  #         { containerd_version: active, vmm: qemu            },
+  #         { containerd_version: active, vmm: qemu-runtime-rs },
+  #        ]
+  #   uses: ./.github/workflows/run-cri-containerd-tests.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: s390x-large
+  #     arch: s390x
+  #     containerd_version: ${{ matrix.params.containerd_version }}
+  #     vmm: ${{ matrix.params.vmm }}

-  run-cri-containerd-tests-ppc64le:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-ppc64le
-    strategy:
-      fail-fast: false
-      matrix:
-        params: [
-          { containerd_version: active, vmm: qemu },
-         ]
-    uses: ./.github/workflows/run-cri-containerd-tests.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: ppc64le
-      arch: ppc64le
-      containerd_version: ${{ matrix.params.containerd_version }}
-      vmm: ${{ matrix.params.vmm }}
+  # run-cri-containerd-tests-ppc64le:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-ppc64le
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       params: [
+  #         { containerd_version: active, vmm: qemu },
+  #        ]
+  #   uses: ./.github/workflows/run-cri-containerd-tests.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: ppc64le
+  #     arch: ppc64le
+  #     containerd_version: ${{ matrix.params.containerd_version }}
+  #     vmm: ${{ matrix.params.vmm }}

-  run-cri-containerd-tests-arm64:
-    if: ${{ inputs.skip-test != 'yes' }}
-    needs: build-kata-static-tarball-arm64
-    strategy:
-      fail-fast: false
-      matrix:
-        params: [
-          { containerd_version: active, vmm: qemu },
-         ]
-    uses: ./.github/workflows/run-cri-containerd-tests.yaml
-    with:
-      tarball-suffix: -${{ inputs.tag }}
-      commit-hash: ${{ inputs.commit-hash }}
-      target-branch: ${{ inputs.target-branch }}
-      runner: arm64-non-k8s
-      arch: arm64
-      containerd_version: ${{ matrix.params.containerd_version }}
-      vmm: ${{ matrix.params.vmm }}
+  # run-cri-containerd-tests-arm64:
+  #   if: ${{ inputs.skip-test != 'yes' }}
+  #   needs: build-kata-static-tarball-arm64
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       params: [
+  #         { containerd_version: active, vmm: qemu },
+  #        ]
+  #   uses: ./.github/workflows/run-cri-containerd-tests.yaml
+  #   with:
+  #     tarball-suffix: -${{ inputs.tag }}
+  #     commit-hash: ${{ inputs.commit-hash }}
+  #     target-branch: ${{ inputs.target-branch }}
+  #     runner: arm64-non-k8s
+  #     arch: arm64
+  #     containerd_version: ${{ matrix.params.containerd_version }}
+  #     vmm: ${{ matrix.params.vmm }}
--- a/.github/workflows/run-k8s-tests-on-aks.yaml
+++ b/.github/workflows/run-k8s-tests-on-aks.yaml
@@ -2,6 +2,11 @@ name: CI | Run kubernetes tests on AKS
 on:
  workflow_call:
    inputs:
+      artifact-run-id:
+        description: "The run id where the artifact was uploaded"
+        required: false
+        type: string
+        default: ${{ github.run_id }}
      tarball-suffix:
        required: false
        type: string
@@ -32,6 +37,41 @@ on:
       required: true
      AZ_SUBSCRIPTION_ID:
        required: true
+  workflow_dispatch:
+    inputs:
+      artifact-run-id:
+        description: "The workflow run id where the artifact was uploaded"
+        required: true
+        type: string
+      tarball-suffix:
+        description: "The suffix of the kata tarball to use"
+        required: false
+        type: string
+      registry:
+        description: "The oci container registry to install kata-deploy from"
+        required: true
+        type: string
+      repo:
+        description: "The oci container repository/image to install kata-deploy from"
+        required: true
+        type: string
+      tag:
+        description: "The oci container image tag to install kata-deploy using"
+        required: true
+        type: string
+      pr-number:
+        description: "Identifier used to distinguish between PRs/dev/nightly tests"
+        required: true
+        type: string
+      commit-hash:
+        description: "The code to checkout for testing"
+        required: false
+        type: string
+      target-branch:
+        description: "The target branch to rebase on and ensure the tests are up-to-date"
+        required: false
+        type: string
+        default: ""


 permissions:
@@ -101,6 +141,9 @@ jobs:
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
+          run-id: ${{ inputs.artifact-run-id }}
+          github-token: ${{ github.token }}
+          repository: ${{ github.repository}}
          path: kata-artifacts

      - name: Install kata
--- a/.github/workflows/run-kata-coco-tests.yaml
+++ b/.github/workflows/run-kata-coco-tests.yaml
@@ -2,6 +2,11 @@ name: CI | Run kata coco tests
 on:
  workflow_call:
    inputs:
+      artifact-run-id:
+        description: "The run id where the artifact was uploaded"
+        required: false
+        type: string
+        default: ${{ github.run_id }}
      tarball-suffix:
        required: false
        type: string
@@ -35,181 +40,216 @@ on:
        required: true
      ITA_KEY:
        required: true
+  workflow_dispatch:
+    inputs:
+      artifact-run-id:
+        description: "The workflow run id where the artifact was uploaded"
+        required: true
+        type: string
+      tarball-suffix:
+        description: "The suffix of the kata tarball to use"
+        required: false
+        type: string
+      registry:
+        description: "The oci container registry to install kata-deploy from"
+        required: true
+        type: string
+      repo:
+        description: "The oci container repository/image to install kata-deploy from"
+        required: true
+        type: string
+      tag:
+        description: "The oci container image tag to install kata-deploy using"
+        required: true
+        type: string
+      pr-number:
+        description: "Identifier used to distinguish between PRs/dev/nightly tests"
+        required: true
+        type: string
+      commit-hash:
+        description: "The code to checkout for testing"
+        required: false
+        type: string
+      target-branch:
+        description: "The target branch to rebase on and ensure the tests are up-to-date"
+        required: false
+        type: string
+        default: ""

 permissions:
  contents: read
  id-token: write

 jobs:
-  run-k8s-tests-on-tdx:
-    strategy:
-      fail-fast: false
-      matrix:
-        vmm:
-          - qemu-tdx
-        snapshotter:
-          - nydus
-        pull-type:
-          - guest-pull
-    runs-on: tdx
-    env:
-      DOCKER_REGISTRY: ${{ inputs.registry }}
-      DOCKER_REPO: ${{ inputs.repo }}
-      DOCKER_TAG: ${{ inputs.tag }}
-      GH_PR_NUMBER: ${{ inputs.pr-number }}
-      KATA_HYPERVISOR: ${{ matrix.vmm }}
-      KUBERNETES: "vanilla"
-      USING_NFD: "true"
-      KBS: "true"
-      K8S_TEST_HOST_TYPE: "baremetal"
-      KBS_INGRESS: "nodeport"
-      SNAPSHOTTER: ${{ matrix.snapshotter }}
-      PULL_TYPE: ${{ matrix.pull-type }}
-      AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
-      AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      ITA_KEY: ${{ secrets.ITA_KEY }}
-      AUTO_GENERATE_POLICY: "yes"
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{ inputs.commit-hash }}
-          fetch-depth: 0
-          persist-credentials: false
+  # run-k8s-tests-on-tdx:
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       vmm:
+  #         - qemu-tdx
+  #       snapshotter:
+  #         - nydus
+  #       pull-type:
+  #         - guest-pull
+  #   runs-on: tdx
+  #   env:
+  #     DOCKER_REGISTRY: ${{ inputs.registry }}
+  #     DOCKER_REPO: ${{ inputs.repo }}
+  #     DOCKER_TAG: ${{ inputs.tag }}
+  #     GH_PR_NUMBER: ${{ inputs.pr-number }}
+  #     KATA_HYPERVISOR: ${{ matrix.vmm }}
+  #     KUBERNETES: "vanilla"
+  #     USING_NFD: "true"
+  #     KBS: "true"
+  #     K8S_TEST_HOST_TYPE: "baremetal"
+  #     KBS_INGRESS: "nodeport"
+  #     SNAPSHOTTER: ${{ matrix.snapshotter }}
+  #     PULL_TYPE: ${{ matrix.pull-type }}
+  #     AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
+  #     AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
+  #     ITA_KEY: ${{ secrets.ITA_KEY }}
+  #     AUTO_GENERATE_POLICY: "yes"
+  #   steps:
+  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+  #       with:
+  #         ref: ${{ inputs.commit-hash }}
+  #         fetch-depth: 0
+  #         persist-credentials: false

-      - name: Rebase atop of the latest target branch
-        run: |
-          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
-        env:
-          TARGET_BRANCH: ${{ inputs.target-branch }}
+  #     - name: Rebase atop of the latest target branch
+  #       run: |
+  #         ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
+  #       env:
+  #         TARGET_BRANCH: ${{ inputs.target-branch }}

-      - name: Deploy Snapshotter
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
+  #     - name: Deploy Snapshotter
+  #       timeout-minutes: 5
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter

-      - name: Deploy Kata
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx
+  #     - name: Deploy Kata
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx

-      - name: Uninstall previous `kbs-client`
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
+  #     - name: Uninstall previous `kbs-client`
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client

-      - name: Deploy CoCo KBS
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
+  #     - name: Deploy CoCo KBS
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs

-      - name: Install `kbs-client`
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
+  #     - name: Install `kbs-client`
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client

-      - name: Deploy CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
+  #     - name: Deploy CSI driver
+  #       timeout-minutes: 5
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver

-      - name: Run tests
-        timeout-minutes: 100
-        run: bash tests/integration/kubernetes/gha-run.sh run-tests
+  #     - name: Run tests
+  #       timeout-minutes: 100
+  #       run: bash tests/integration/kubernetes/gha-run.sh run-tests

-      - name: Delete kata-deploy
-        if: always()
-        run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx
+  #     - name: Delete kata-deploy
+  #       if: always()
+  #       run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx

-      - name: Delete Snapshotter
-        if: always()
-        run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
+  #     - name: Delete Snapshotter
+  #       if: always()
+  #       run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter

-      - name: Delete CoCo KBS
-        if: always()
-        run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
+  #     - name: Delete CoCo KBS
+  #       if: always()
+  #       run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs

-      - name: Delete CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
+  #     - name: Delete CSI driver
+  #       timeout-minutes: 5
+  #       run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver

-  run-k8s-tests-sev-snp:
-    strategy:
-      fail-fast: false
-      matrix:
-        vmm:
-          - qemu-snp
-        snapshotter:
-          - nydus
-        pull-type:
-          - guest-pull
-    runs-on: sev-snp
-    env:
-      DOCKER_REGISTRY: ${{ inputs.registry }}
-      DOCKER_REPO: ${{ inputs.repo }}
-      DOCKER_TAG: ${{ inputs.tag }}
-      GH_PR_NUMBER: ${{ inputs.pr-number }}
-      KATA_HYPERVISOR: ${{ matrix.vmm }}
-      KUBECONFIG: /home/kata/.kube/config
-      KUBERNETES: "vanilla"
-      USING_NFD: "false"
-      KBS: "true"
-      KBS_INGRESS: "nodeport"
-      K8S_TEST_HOST_TYPE: "baremetal"
-      SNAPSHOTTER: ${{ matrix.snapshotter }}
-      PULL_TYPE: ${{ matrix.pull-type }}
-      AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
-      AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AUTO_GENERATE_POLICY: "yes"
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{ inputs.commit-hash }}
-          fetch-depth: 0
-          persist-credentials: false
+  # run-k8s-tests-sev-snp:
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       vmm:
+  #         - qemu-snp
+  #       snapshotter:
+  #         - nydus
+  #       pull-type:
+  #         - guest-pull
+  #   runs-on: sev-snp
+  #   env:
+  #     DOCKER_REGISTRY: ${{ inputs.registry }}
+  #     DOCKER_REPO: ${{ inputs.repo }}
+  #     DOCKER_TAG: ${{ inputs.tag }}
+  #     GH_PR_NUMBER: ${{ inputs.pr-number }}
+  #     KATA_HYPERVISOR: ${{ matrix.vmm }}
+  #     KUBECONFIG: /home/kata/.kube/config
+  #     KUBERNETES: "vanilla"
+  #     USING_NFD: "false"
+  #     KBS: "true"
+  #     KBS_INGRESS: "nodeport"
+  #     K8S_TEST_HOST_TYPE: "baremetal"
+  #     SNAPSHOTTER: ${{ matrix.snapshotter }}
+  #     PULL_TYPE: ${{ matrix.pull-type }}
+  #     AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
+  #     AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
+  #     AUTO_GENERATE_POLICY: "yes"
+  #   steps:
+  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+  #       with:
+  #         ref: ${{ inputs.commit-hash }}
+  #         fetch-depth: 0
+  #         persist-credentials: false

-      - name: Rebase atop of the latest target branch
-        run: |
-          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
-        env:
-          TARGET_BRANCH: ${{ inputs.target-branch }}
+  #     - name: Rebase atop of the latest target branch
+  #       run: |
+  #         ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
+  #       env:
+  #         TARGET_BRANCH: ${{ inputs.target-branch }}

-      - name: Deploy Snapshotter
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
+  #     - name: Deploy Snapshotter
+  #       timeout-minutes: 5
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter

-      - name: Deploy Kata
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp
+  #     - name: Deploy Kata
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp

-      - name: Uninstall previous `kbs-client`
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
+  #     - name: Uninstall previous `kbs-client`
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client

-      - name: Deploy CoCo KBS
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
+  #     - name: Deploy CoCo KBS
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs

-      - name: Install `kbs-client`
-        timeout-minutes: 10
-        run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
+  #     - name: Install `kbs-client`
+  #       timeout-minutes: 10
+  #       run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client

-      - name: Deploy CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
+  #     - name: Deploy CSI driver
+  #       timeout-minutes: 5
+  #       run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver

-      - name: Run tests
-        timeout-minutes: 50
-        run: bash tests/integration/kubernetes/gha-run.sh run-tests
+  #     - name: Run tests
+  #       timeout-minutes: 50
+  #       run: bash tests/integration/kubernetes/gha-run.sh run-tests

-      - name: Delete kata-deploy
-        if: always()
-        run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp
+  #     - name: Delete kata-deploy
+  #       if: always()
+  #       run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp

-      - name: Delete Snapshotter
-        if: always()
-        run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
+  #     - name: Delete Snapshotter
+  #       if: always()
+  #       run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter

-      - name: Delete CoCo KBS
-        if: always()
-        run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
+  #     - name: Delete CoCo KBS
+  #       if: always()
+  #       run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs

-      - name: Delete CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
+  #     - name: Delete CSI driver
+  #       timeout-minutes: 5
+  #       run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver

  # Generate jobs for testing CoCo on non-TEE environments
  run-k8s-tests-coco-nontee:
@@ -263,6 +303,9 @@ jobs:
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
+          run-id: ${{ inputs.artifact-run-id }}
+          github-token: ${{ github.token }}
+          repository: ${{ github.repository}}
          path: kata-artifacts

      - name: Install kata
--- a/.github/workflows/run-kata-monitor-tests.yaml
+++ b/.github/workflows/run-kata-monitor-tests.yaml
@@ -2,6 +2,11 @@ name: CI | Run kata-monitor tests
 on:
  workflow_call:
    inputs:
+      artifact-run-id:
+        description: "The run id where the artifact was uploaded"
+        required: false
+        type: string
+        default: ${{ github.run_id }}
      tarball-suffix:
        required: false
        type: string
@@ -12,6 +17,25 @@ on:
        required: false
        type: string
        default: ""
+  workflow_dispatch:
+    inputs:
+      artifact-run-id:
+        description: "The workflow run id where the artifact was uploaded"
+        required: true
+        type: string
+      tarball-suffix:
+        description: "Identifier used to distinguish between PRs/dev/nightly tests"
+        required: false
+        type: string
+      commit-hash:
+        description: "The code to checkout for testing"
+        required: false
+        type: string
+      target-branch:
+        description: "The target branch to rebase on and ensure the tests are up-to-date"
+        required: false
+        type: string
+        default: ""

 permissions:
  contents: read
@@ -59,6 +83,9 @@ jobs:
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
+          run-id: ${{ inputs.artifact-run-id }}
+          github-token: ${{ github.token }}
+          repository: ${{ github.repository}}
          path: kata-artifacts

      - name: Install kata
--- a/tests/gha-helper.sh
+++ b/tests/gha-helper.sh
@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2025 IBM Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n "${DEBUG:-}" ]] && set -o xtrace
+
+function trigger_and_check_workflow() {
+    workflow=$1
+    ref=$2
+    sha=$3
+    input_json=$4
+
+    trigger_workflow "${workflow}" "${ref}" "${sha}" "${input_json}"
+    wait_for_workflow_result "${workflow}" "${sha}"
+}
+
+function trigger_workflow() {
+    workflow=$1
+    ref=$2
+    sha=$3
+    input_json=$4
+
+    echo "${input_json}" | gh workflow run "${workflow}" --ref "${ref}" --json
+
+    local max_tries=5
+	local interval=15
+	local i=0
+    echo "::group::waiting"
+    while true; do
+        url=$(gh run list --workflow="${workflow}" --json headSha,url \
+            --jq '.[] | select(.headSha == "'"${sha}"'") | .url')
+        [[ -n "${url}" ]] && break
+		i=$((i + 1))
+		[ ${i} -lt ${max_tries} ] && echo "url of workflow not found, retrying in ${interval} seconds" 1>&2 || break
+		sleep "${interval}"
+	done
+    echo "::endgroup::"
+    echo "Triggered workflow: ${url}"
+}
+
+function wait_for_workflow_result() {
+    workflow=$1
+    sha=$2
+
+    local max_tries=60
+	local interval=120
+	local i=0
+            echo "::group::waiting"
+    while true; do
+        conclusion=$(gh run list --workflow="${workflow}" --json headSha,conclusion \
+            --jq '.[] | select(.headSha == "'"${sha}"'") | .conclusion')
+
+        case "${conclusion}" in
+            "success") echo "::endgroup::\nJob finished successfully" && exit 0;;
+            "cancelled") echo "::endgroup::\nJJob cancelled" && exit 4;;
+            "failure") echo "::endgroup::\nJJob failed" && exit 8;;
+            *) ;;
+        esac
+
+		i=$((i + 1))
+		[ ${i} -lt ${max_tries} ] && echo "conclusion of workflow is ${conclusion}, retrying in ${interval} seconds" 1>&2 || break
+		sleep "${interval}"
+	done
+    echo "Waiting for the workflow to succeed timed out"
+    exit 16
+}
+
+function main() {
+    action="${1:-}"
+    case "${action}" in
+        trigger-workflow) trigger_workflow "${@:2}";;
+        trigger-and-check-workflow) trigger_and_check_workflow "${@:2}";;
+        wait-for-workflow-result) wait_for_workflow_result "${@:2}";;
+        *) >&2 echo "Invalid argument"; exit 2 ;;
+    esac
+}
+
+main "$@"