diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 00000000000..14b0dbc3184
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,88 @@
+name: test
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  test:
+    name: ""
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: [1.14.x, 1.15.x]
+        systemd: ["systemd", ""]
+        rootless: ["rootless", ""]
+        exclude:
+          # rootless + systemd is only supported with cgroupv2
+          - systemd: systemd
+            rootless: rootless
+
+    steps:
+
+    - name: checkout
+      uses: actions/checkout@v2
+
+    - name: install deps
+      run: |
+        # scopeo repo
+        echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+        wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O- | sudo apt-key add -
+        # criu repo
+        sudo add-apt-repository -y ppa:criu/ppa
+        # apt-add-repository runs apt update so we don't have to
+        sudo apt -q install libseccomp-dev criu scopeo
+
+    - name: install go ${{ matrix.go-version }}
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go-version }}
+
+    - name: build
+      run: sudo -E PATH="$PATH" make all
+
+    - name: install umoci
+      run: |
+        mkdir ~/bin
+        echo "PATH=$HOME/bin:$PATH" >> $GITHUB_ENV
+        curl -o ~/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.6/umoci.amd64
+        chmod +x ~/bin/umoci
+
+    - name: install bats
+      uses: mig4/setup-bats@v1
+      with:
+        bats-version: 1.2.1
+
+    - name: get images
+      # no rootless unit tests
+      if: matrix.rootless != 'rootless'
+      run: |
+        mkdir /busybox /debian
+        . tests/integration/multi-arch.bash
+        curl -fsSL `get_busybox` | tar xfJC - /busybox
+        get_and_extract_debian /debian
+
+    - name: add rootless user
+      if: matrix.rootless == 'rootless'
+      run: |
+        sudo useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
+        # Allow root to execute `ssh rootless@localhost` in tests/rootless.sh
+        ssh-keygen -t ecdsa -N "" -f $HOME/rootless.key
+        sudo mkdir -m 0700 -p /home/rootless/.ssh
+        sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys
+        sudo chown -R rootless.rootless /home/rootless
+
+    - name: enable systemd cgroup driver
+      if: matrix.systemd == 'systemd'
+      run: echo "RUNC_USE_SYSTEMD=yes" >> $GITHUB_ENV
+
+    - name: unit test
+      if: matrix.rootless != 'rootless'
+      run: sudo -E PATH="$PATH" script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm make localunittest'
+
+    - name: integration test
+      run: sudo -E PATH="$PATH" script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm make local${{ matrix.rootless }}integration'