CI relies on pre built kernels for testing. Those kernels live in the https://github.com/cilium/ci-kernels repository and are stored in large file storage. Right now adding a new kernel is a manual process:

1. Edit make.sh
2. Run make
3. Commit the resulting .tgz into the repo
4. Push, PR, merge

We should automate this and store the result as a container image on ghcr.io. The current build process already uses Docker behind the scenes, with the appropriate image targets.

Rough idea for a workflow:

1. Edit make.sh
2. Commit, Push
3. GHA builds kernel via existing Dockerfiles
4. Merge
5. GHA builds and pushes images from main (vmlinux, selftests)

This will require modifying run-tests.sh to pull kernel + selftests from ghcr.io instead of the .tgz. @tb says that containers are just tars, so maybe we can get away with some additional bash magic to go from an image url to a tgz we can use. If that is too complicated we can maybe reuse docker somehow to just do an image download for us?

This new workflow has one downside: images created from a branch build are not available anywhere, so executing ./run-tests.sh against them isn't straight forward. One solution I can think of is to just move the build tooling into the ebpf repo itself. ci-kernels really exists to hold the .tgz so once we stop doing that there is no need to keep it around anymore. We already have docker stuff in testdata/docker after all.