diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index f1710c7..3f5b0f4 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -9,44 +9,40 @@ on:
 jobs:
   lint:
     runs-on: linux
+    container:
+      image: python:3.12-alpine
     steps:
       - uses: actions/checkout@v4
+      - name: Install ruff
+        run: pip install --no-cache-dir -q ruff
       - name: Lint
-        run: |
-          podman run --rm \
-            -v "$PWD:/app:ro" \
-            -w /app \
-            python:3.12-alpine \
-            sh -c "pip install --no-cache-dir -q ruff && \
-                   ruff check src/ tests/"
+        run: ruff check src/ tests/
 
   test:
     runs-on: linux
     needs: [lint]
+    container:
+      image: python:3.12-alpine
     steps:
       - uses: actions/checkout@v4
-      - name: Test
+      - name: Install deps
         run: |
-          podman run --rm \
-            -v "$PWD:/app:ro" \
-            -w /app \
-            python:3.12-alpine \
-            sh -c "pip install --no-cache-dir -q -r requirements.txt && \
-                   pip install --no-cache-dir -q pytest pytest-asyncio && \
-                   PYTHONPATH=src pytest tests/ -v"
+          pip install --no-cache-dir -q -r requirements.txt
+          pip install --no-cache-dir -q pytest pytest-asyncio
+      - name: Test
+        run: PYTHONPATH=src pytest tests/ -v
 
   secrets:
     runs-on: linux
+    container:
+      image: ghcr.io/gitleaks/gitleaks:latest
+      options: --entrypoint ""
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Scan for secrets
-        run: |
-          podman run --rm \
-            -v "$PWD:/scan:ro" \
-            ghcr.io/gitleaks/gitleaks:latest \
-            detect --source /scan -v
+        run: gitleaks detect --source . -v
 
   build:
     runs-on: linux