ci: Remove shellcheck, run deploy in container with host network

- Remove shellcheck job (no shell scripts)
- Deploy job now uses espressif/idf container with --network=host
- Install git, curl, jq, netcat in deploy container

.gitea/workflows/lint.yml

@@ -20,7 +20,7 @@ on:
 jobs:
   build:
     name: Build Firmware
-    needs: [cppcheck, flawfinder, gitleaks, shellcheck]
+    needs: [cppcheck, flawfinder, gitleaks]
     runs-on: anvil
     container:
       image: docker.io/espressif/idf:v5.3
@@ -89,21 +89,25 @@ jobs:
     runs-on: anvil
     needs: build
     if: github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'true' || startsWith(github.ref, 'refs/tags/v')
-    # Run directly on host (no container) to access local network
+    container:
+      image: docker.io/espressif/idf:v5.3
+      options: --network=host
     steps:
+      - name: Install tools
+        run: apt-get update && apt-get install -y --no-install-recommends git curl jq netcat-openbsd
+
       - name: Checkout
         run: |
-          mkdir -p workspace
-          curl -sL -H "Authorization: token ${{ github.token }}" \
-            "https://git.mymx.me/api/v1/repos/${{ github.repository }}/archive/${{ github.ref_name }}.tar.gz" \
-            | tar -xz --strip-components=1 -C workspace
+          git clone --depth=1 --branch=${{ github.ref_name }} \
+            https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
 
       - name: Build firmware
         run: |
-          cd workspace && . $HOME/esp/esp-idf/export.sh && cd get-started/csi_recv_router && idf.py build
+          . /opt/esp/idf/export.sh
+          cd get-started/csi_recv_router
+          idf.py build
 
       - name: Validate version tag
-        working-directory: workspace
         run: |
           TAG="${{ github.ref_name }}"
           # Extract version from binary metadata
@@ -119,7 +123,6 @@ jobs:
       - name: Create release and upload firmware
         env:
           GITEA_TOKEN: ${{ github.token }}
-        working-directory: workspace
         run: |
           TAG="${{ github.ref_name }}"
           REPO="${{ github.repository }}"
@@ -152,7 +155,6 @@ jobs:
             "$API_URL/repos/$REPO/releases/$RELEASE_ID/assets?name=csi_recv_router.bin"
 
       - name: Deploy via OTA
-        working-directory: workspace
         run: |
           SENSORS="muddy-storm:192.168.129.29 amber-maple:192.168.129.30 hollow-acorn:192.168.129.31"
           OTA_PORT=8899
@@ -292,27 +294,3 @@ jobs:
 
       - name: Run gitleaks
         run: gitleaks detect --source . --verbose --redact
-
-  shellcheck:
-    name: Shell Script Analysis
-    runs-on: anvil
-    container:
-      image: docker.io/koalaman/shellcheck-alpine:stable
-    steps:
-      - name: Install git
-        run: apk add --no-cache git
-
-      - name: Checkout
-        run: |
-          git clone --depth=1 --branch=${{ github.ref_name }} \
-            https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
-
-      - name: Find and check shell scripts
-        run: |
-          SCRIPTS=$(find . -name "*.sh" -type f 2>/dev/null || true)
-          if [ -n "$SCRIPTS" ]; then
-            echo "Checking: $SCRIPTS"
-            echo "$SCRIPTS" | xargs shellcheck --severity=warning
-          else
-            echo "No shell scripts found, skipping"
-          fi