diff --git a/ci/Dockerfile.ci-git-node-podman b/ci/Dockerfile.ci-git-node-podman
new file mode 100644
index 0000000..769d87f
--- /dev/null
+++ b/ci/Dockerfile.ci-git-node-podman
@@ -0,0 +1,17 @@
+FROM alpine:3.20
+
+# Node 20 + git + podman + tini + bash
+RUN apk add --no-cache nodejs-current npm git podman ca-certificates tini bash
+
+# Non-root user 1001:1001 to match your setup
+RUN addgroup -g 1001 ci \
+ && adduser -D -u 1001 -G ci -h /home/ci ci \
+ && mkdir -p /home/ci/.config && chown -R 1001:1001 /home/ci
+
+ENV HOME=/home/ci SHELL=/bin/bash
+USER 1001:1001
+WORKDIR /workspace
+
+ENTRYPOINT ["/sbin/tini","--"]
+CMD ["tail","-f","/dev/null"]
+
diff --git a/ci/Dockerfile.ci-node-podman b/ci/Dockerfile.ci-node-podman
deleted file mode 100644
index 8e4ea9d..0000000
--- a/ci/Dockerfile.ci-node-podman
+++ /dev/null
@@ -1,28 +0,0 @@
-FROM node:20-bookworm-slim
-
-# Basics your CI uses
-RUN set -eux; \
-  apt-get update; \
-  apt-get install -y --no-install-recommends ca-certificates curl git jq; \
-  rm -rf /var/lib/apt/lists/*
-
-# Install the Podman **remote** client and expose it as "podman"
-ARG PODMAN_REMOTE_VERSION=5.2.3
-RUN set -eux; \
-  arch="$(dpkg --print-architecture)"; \
-  case "$arch" in amd64) goarch=amd64;; arm64) goarch=arm64;; *) echo "unsupported arch: $arch"; exit 1;; esac; \
-  url="https://github.com/containers/podman/releases/download/v${PODMAN_REMOTE_VERSION}/podman-remote-static-linux_${goarch}.tar.gz"; \
-  curl -fsSL -o /tmp/podman-remote.tgz "$url"; \
-  mkdir -p /tmp/podman-remote; \
-  tar -xzf /tmp/podman-remote.tgz -C /tmp/podman-remote; \
-  cand="/tmp/podman-remote/bin/podman-remote-static-linux_${goarch}"; \
-  if [ ! -f "$cand" ]; then cand="$(find /tmp/podman-remote -type f -name 'podman*' -print -quit)"; fi; \
-  test -f "$cand"; \
-  install -m0755 "$cand" /usr/local/bin/podman-remote; \
-  ln -sf /usr/local/bin/podman-remote /usr/local/bin/podman; \
-  /usr/local/bin/podman --version; \
-  rm -rf /tmp/podman-remote /tmp/podman-remote.tgz
-
-# Defaults for your runner’s rootless socket
-ENV XDG_RUNTIME_DIR=/run/user/999
-ENV CONTAINER_HOST=unix:///run/user/999/podman/podman.sock