diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index 1854c117..85bbab74 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -21,7 +21,7 @@ jobs:
             ~/.cache/go-build
           key: go-integration-conmon-${{ hashFiles('**/go.mod') }}
           restore-keys: go-integration-conmon-
-      - run: hack/github-actions-setup
+      - run: sudo hack/github-actions-setup
       - name: Run conmon integration tests
         run: |
           sudo make vendor
@@ -42,11 +42,12 @@ jobs:
             ~/.cache/go-build
           key: go-integration-cri-o-${{ hashFiles('**/go.mod') }}
           restore-keys: go-integration-cri-o-
-      - run: hack/github-actions-setup
+      - run: sudo hack/github-actions-setup
       - name: Run CRI-O integration tests
         run: |
-          cd $(go env GOPATH)/src/github.com/cri-o/cri-o
-          make all test-binaries
+          GOPATH=$(sudo go env GOPATH)
+          sudo cd "$GOPATH"/src/github.com/cri-o/cri-o
+          sudo make all test-binaries
           # skip seccomp tests because they have permission denied issues in a container and accept signed image as they don't use conmon
           sudo -E test/test_runner.sh $(ls test/ | grep bats | grep -E -v seccomp\|image\|policy)
         env: