a64b09de8e
Use container: directive per job instead of nested podman run. Each job specifies its execution image directly: - test: python:3.13-alpine - secrets: ghcr.io/gitleaks/gitleaks:latest - build: quay.io/podman/stable (--privileged for nested builds) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>