We've been using a pull request (PR) workflow with GitHub Actions for public OpenEmbedded layers such as meta-rauc, meta-labgrid and the LXA TAC BSP for years. This approach enhances visibility via GitHub, simplifies onboarding for new contributors, and provides automated feedback through CI, reducing maintainer workload.

Due to concerns with build-testing untrusted code, we were using GitHub's hosted runners with regular SSTATE pre-building on a separate server. This limited performance, especially for PRs changing global config variables, and made the PR workflow less smooth than it could be. To address this, we implemented a custom runner which uses QEMU on self-hosted hardware to run ephemeral VMs. SSTATE and DL_DIR can be read from the host, balancing build speed with security.