diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000000..0336e94528
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,56 @@
+name: Run TUF tests and linter
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      # Run regular TUF tests on each OS/Python combination, plus special tests
+      # (sslib master) and linters on Linux/Python3.x only.
+      matrix:
+        python-version: [2.7, 3.6, 3.7, 3.8, 3.9]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        toxenv: [py]
+        include:
+          - python-version: 3.x
+            os: ubuntu-latest
+            toxenv: with-sslib-master
+            experimental: true
+          # TODO: Change to 3.x once pylint fully supports Python 3.9
+          - python-version: 3.8
+            os: ubuntu-latest
+            toxenv: lint
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout TUF
+        uses: actions/checkout@v2
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Find pip cache dir
+        id: pip-cache
+        run: echo "::set-output name=dir::$(pip cache dir)"
+
+      - name: pip cache
+        uses: actions/cache@v2
+        with:
+          # Use the os dependent pip cache directory found above
+          path: ${{ steps.pip-cache.outputs.dir }}
+          # A match with 'key' counts as cache hit
+          key: ${{ runner.os }}-pip-${{ hashFiles('requirements*.txt') }}
+          # A match with 'restore-keys' is used as fallback
+          restore-keys: ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install tox
+
+      - name: Run tox
+        run: tox -e ${{ matrix.toxenv }}
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 6e29de0959..0000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-dist: xenial
-language: python
-cache: pip
-
-
-env:
-  global:
-    # NOTE: Public push only token (can't be used to read or edit project info)
-    - FOSSA_API_KEY=cbc317812661645ea400ab9ee6c7616a
-
-matrix:
-  include:
-    - python: "2.7"
-      env: TOXENV=py27
-    - python: "3.6"
-      env: TOXENV=py36
-    - python: "3.7"
-      env: TOXENV=py37
-    - python: "3.8"
-      env: TOXENV=py38
-    - python: "3.9"
-      env: TOXENV=py39
-    - python: "3.8"
-      env: TOXENV=with-sslib-master
-    - python: "3.8"
-      env: TOXENV=lint
-      before_script: skip
-      after_success: skip
-
-  allow_failures:
-    - python: "3.8"
-      env: TOXENV=with-sslib-master
-
-install:
-  - pip install tox coveralls
-
-before_script:
-  - "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | sudo bash"
-
-script:
-  - tox
-
-after_success:
-  - fossa
-  # Workaround to get coverage reports with relative paths.
-  # FIXME: Consider refactoring the tests to not require the test aggregation
-  # script being invoked from the `tests` directory, so that `.coverage` is
-  # written to and .coveragrc can also reside in the project root directory, as
-  # is the convention.
-  - cp tests/.coverage .
-  - coveralls --rcfile=tests/.coveragerc
diff --git a/README.md b/README.md
index 6934b10390..3c77c031f1 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,7 @@
 # <img src="https://cdn.rawgit.com/theupdateframework/artwork/3a649fa6/tuf-logo.svg" height="100" valign="middle" alt="TUF"/> A Framework for Securing Software Update Systems
 
-[![Travis-CI](https://travis-ci.com/theupdateframework/tuf.svg?branch=develop)](https://travis-ci.com/theupdateframework/tuf)
-[![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop)
+![Build](https://github.com/theupdateframework/tuf/workflows/Run%20TUF%20tests%20and%20linter/badge.svg)
 ![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=theupdateframework/tuf)
-[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield)
 [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351)
 [![PyPI](https://img.shields.io/pypi/v/tuf)](https://pypi.org/project/tuf/)
 
diff --git a/appveyor.yml b/appveyor.yml
deleted file mode 100644
index 769dc58f8d..0000000000
--- a/appveyor.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-environment:
-  matrix:
-    - PYTHON: "C:\\Python38"
-      PYTHON_VERSION: 3.8
-      PYTHON_ARCH: 32
-
-    - PYTHON: "C:\\Python37"
-      PYTHON_VERSION: 3.7
-      PYTHON_ARCH: 32
-
-    - PYTHON: "C:\\Python36"
-      PYTHON_VERSION: 3.6
-      PYTHON_ARCH: 32
-
-    - PYTHON: "C:\\Python27"
-      PYTHON_VERSION: 2.7
-      PYTHON_ARCH: 32
-
-init:
-  - ECHO %PYTHON% %PYTHON_VERSION% %PYTHON_ARCH%
-
-install:
-  - set PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%
-  - python -m pip install -U pip setuptools
-  - pip install -e .
-  - pip install securesystemslib[crypto,pynacl] python-dateutil
-  - if %PYTHON_VERSION%==2.7 pip install mock
-
-build: false
-
-test_script:
-  - cd tests
-  - python aggregate_tests.py
diff --git a/docs/GOVERNANCE.md b/docs/GOVERNANCE.md
index 23f82ea8d0..e21db3f394 100644
--- a/docs/GOVERNANCE.md
+++ b/docs/GOVERNANCE.md
@@ -27,7 +27,7 @@ guidelines](https://github.com/secure-systems-lab/code-style-guidelines), and
 must unit test any new software feature or change.  Submitted pull requests
 undergo review and automated testing, including, but not limited to:
 
-* Unit and build testing via [Travis CI](https://travis-ci.com/) and
+* Unit and build testing via [GitHub Actions](https://github.com/theupdateframework/tuf/actions) and
 [Tox](https://tox.readthedocs.io/en/latest/).
 * Static code analysis via [Pylint](https://www.pylint.org/) and
 [Bandit](https://wiki.openstack.org/wiki/Security/Projects/Bandit).
diff --git a/tests/test_updater.py b/tests/test_updater.py
index f8d6379d0f..69c67044ea 100755
--- a/tests/test_updater.py
+++ b/tests/test_updater.py
@@ -1344,10 +1344,12 @@ def test_6_download_target(self):
       self.repository_updater.download_target(targetinfo, bad_destination_directory)
 
     except OSError as e:
-      self.assertTrue(e.errno == errno.ENAMETOOLONG or e.errno == errno.ENOENT)
+      self.assertTrue(
+          e.errno in [errno.ENAMETOOLONG, errno.ENOENT, errno.EINVAL],
+          "wrong errno: " + str(e.errno))
 
     else:
-      self.fail('Expected an OSError of type ENAMETOOLONG or ENOENT')
+      self.fail('No OSError raised')
 
 
     # Test: Invalid arguments.
diff --git a/tox.ini b/tox.ini
index 23ee0026b0..a86fba4faa 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,7 +23,8 @@ deps =
     # installation (see `skipsdist`), to get relative paths in coverage reports
     --editable {toxinidir}
 
-install_command = pip install --pre {opts} {packages}
+# FIXME: use legacy resolver because https://github.com/pypa/pip/issues/9215
+install_command = pip install --use-deprecated=legacy-resolver --pre {opts} {packages}
 
 
 # Develop test env to run tests against securesystemslib's master branch