diff --git a/.cirrus.yml b/.cirrus.yml
deleted file mode 100644
index db7d2dd91..000000000
--- a/.cirrus.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-# Cirrus CI gives open-source projects free 16.0 CPUs,
-# we use 4 CPUs x 3 tasks = 12 CPUs.
-# https://cirrus-ci.org/faq/#are-there-any-limits
-#
-# Undocumented constraints;
-# - The maximum memory limit is 4G times the number of CPUs.
-# - The number of CPUs should be multiple of 2.
-
-task:
-  name: Vagrant
-
-  compute_engine_instance:
-    image_project: cirrus-images
-    image: family/docker-kvm
-    platform: linux
-    nested_virtualization: true
-    cpu: 4
-    memory: 16G
-
-  env:
-    GOTEST: gotestsum --
-    # By default, Cirrus CI doesn't have HOME defined
-    HOME: /root
-    matrix:
-      BOX: fedora/37-cloud-base
-      # v7.0.0 does not boot. v6.0.0 was not released.
-      BOX: rockylinux/8@5.0.0
-  install_libvirt_vagrant_script: |
-    # if another process is keeping a lock, wait for 60 seconds for it to release the lock.
-    apt-get -o DPkg::Lock::Timeout=60 update
-    apt-get -o DPkg::Lock::Timeout=60 install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
-    systemctl enable --now libvirtd
-
-  vagrant_cache:
-    folder: /root/.vagrant.d
-    fingerprint_script: uname --kernel-release --kernel-version && cat Vagrantfile
-
-  vagrant_up_script: |
-    vagrant up --no-tty
-
-  integration_script: |
-    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration
-
-  cri_integration_script: |
-    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration
-
-  cri_test_script: |
-    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
-
-task:
-  name: CGroupsV2 - rootless CRI test
-
-  env:
-    HOME: /root
-
-  compute_engine_instance:
-    image_project: cirrus-images
-    image: family/docker-kvm
-    platform: linux
-    nested_virtualization: true
-    cpu: 4
-    memory: 16G
-
-  install_libvirt_vagrant_script: |
-    # if another process is keeping a lock, wait for 60 seconds for it to release the lock.
-    apt-get -o DPkg::Lock::Timeout=60 update
-    apt-get -o DPkg::Lock::Timeout=60 install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
-    systemctl enable --now libvirtd
-
-  vagrant_cache:
-    folder: /root/.vagrant.d
-    fingerprint_script: uname -a; cat Vagrantfile
-
-  vagrant_up_script: |
-    vagrant up --provision-with=install-rootless-podman --no-tty
-
-  podman_build_script: |
-    # Execute rootless podman to create the UserNS env
-    vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant
-
-  test_script: |
-    vagrant ssh -- podman run --rm --privileged cri-in-userns
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 043caab57..714bbeeea 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -518,6 +518,75 @@ jobs:
             ${{github.workspace}}/report/*.xml
             ${{github.workspace}}/report/*.log
 
+  integration-vagrant:
+    name: Vagrant integration
+    # "Larger" runner is needed for nested virtualization
+    # https://github.com/organizations/containerd/settings/actions/runners
+    runs-on: ubuntu-latest-4-cores
+    timeout-minutes: 60
+    needs: [project, linters, protos, man]
+
+    strategy:
+      fail-fast: false
+      matrix:
+        box:
+          - fedora/37-cloud-base
+          # v7.0.0 does not boot. v6.0.0 was not released.
+          - rockylinux/8@5.0.0
+    env:
+      BOX: ${{ matrix.box }}
+
+    steps:
+      - name: Show the host info
+        run: |
+          set -x
+          uname -a
+          cat /etc/os-release
+          cat /proc/cpuinfo
+          free -mt
+      - uses: actions/checkout@v3
+      - uses: actions/cache@v3
+        with:
+          path: /root/.vagrant.d
+          key: vagrant-${{ matrix.box }}
+      - name: Set up vagrant
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
+          sudo systemctl enable --now libvirtd
+      - name: Boot VM
+        run: sudo BOX=$BOX vagrant up --no-tty
+      - name: test-integration
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration
+      - name: test-cri-integration
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration
+      - name: test-cri
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
+
+  tests-cri-in-userns:
+    name: "CRI-in-UserNS"
+
+    runs-on: ubuntu-22.04
+    timeout-minutes: 40
+    needs: [project, linters, protos, man]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up cgroup v2 delegation
+        run: |
+          sudo mkdir -p /etc/systemd/system/user@.service.d
+          cat <<EOF | sudo tee /etc/systemd/system/user@.service.d/delegate.conf
+          [Service]
+          Delegate=cpu cpuset io memory pids
+          EOF
+          sudo systemctl daemon-reload
+      - name: Build cri-in-userns image
+        run: podman build --target cri-in-userns -t cri-in-userns -f ./contrib/Dockerfile.test .
+      - name: Run cri-in-userns image
+        # Rootless Podman is used for testing CRI-in-UserNS
+        # (We could use rootless Docker or rootless nerdctl, but we are using Podman here because it is preinstalled)
+        run: podman run --rm --privileged cri-in-userns
+
   tests-mac-os:
     name: MacOS unit tests
     runs-on: macos-12
diff --git a/Vagrantfile b/Vagrantfile
index 8f182aad3..b3f20669c 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -325,29 +325,4 @@ EOF
     SHELL
   end
 
-  # Rootless Podman is used for testing CRI-in-UserNS
-  # (We could use rootless nerdctl, but we are using Podman here because it is available in dnf)
-  config.vm.provision "install-rootless-podman", type: "shell", run: "never" do |sh|
-    sh.upload_path = "/tmp/vagrant-install-rootless-podman"
-    sh.inline = <<~SHELL
-        #!/usr/bin/env bash
-        set -eux -o pipefail
-        # Delegate cgroup v2 controllers to rootless
-        mkdir -p /etc/systemd/system/user@.service.d
-        cat > /etc/systemd/system/user@.service.d/delegate.conf << EOF
-[Service]
-Delegate=yes
-EOF
-        systemctl daemon-reload
-        # Install Podman
-        dnf install -y podman
-        # Configure Podman to resolve `golang` to `docker.io/library/golang`
-        mkdir -p /etc/containers
-        cat > /etc/containers/registries.conf <<EOF
-[registries.search]
-registries = ['docker.io']
-EOF
-    SHELL
-  end
-
 end