The gitleaks image lacks a shell compatible with the runner's
script injection. Use podman run with volume mount on the host
instead, matching the proven s5p pattern.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Multiline run with backslash continuation gets corrupted inside
the gitleaks container. Collapse to single line.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The alpine and gitleaks container images lack Node.js, which
actions/checkout@v4 requires. Use manual git clone instead.
Build job stays on host where actions/checkout works natively.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual podman run invocations with the runner's container:
directive for lint, test, and secrets jobs. Cleaner step definitions,
no volume mounts needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Lint, test, secrets scan, and Harbor build/push jobs running
on linux runner using ephemeral podman containers. Adds
requirements.txt for container-based pip installs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
