diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
index fc959d8..9f39947 100644
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@@ -1,5 +1,7 @@
 name: CI/CD Pipeline with Secure Ephemeral PiP
 
+x-podman-client: &podman_client quay.io/podman/stable@sha256:482bce3a829893f0dc3bf497c9a7609341fca11b34e35a92d308eb971ad61adb
+
 on:
   push:
     branches: [main]
@@ -23,14 +25,17 @@ env:
   RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}         # e.g., docker.io/library/rust@sha256:...
   NODE_IMG_DIGEST: ${{ secrets.NODE_IMG_DIGEST }}         # e.g., docker.io/library/node@sha256:...
   POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }} # e.g., docker.io/library/postgres@sha256:...
-  PODMAN_CLIENT_IMG_DIGEST: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }} # e.g., quay.io/podman/stable@sha256:...
   PODMAN_SOCK: /run/user/999/podman/podman.sock
 
 jobs:
   test-backend:
     runs-on: [ci]
 
-    container: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }}
+    container:
+      image: *podman_client 
+
+    env:
+      PODMAN_CLIENT_IMG_DIGEST: *podman_client
 
     steps:
       - uses: actions/checkout@v4
@@ -55,7 +60,7 @@ jobs:
 
       - name: Setup ephemeral PiP container
         env:
-          PODMAN_CLIENT_IMG_DIGEST: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }}
+          PODMAN_CLIENT_IMG_DIGEST: quay.io/podman/stable@sha256:482bce3a829893f0dc3bf497c9a7609341fca11b34e35a92d308eb971ad61adb
           SOCKET_PATH: ${{ env.PODMAN_SOCK }}
         run: |
           chmod +x ./secure_pip_setup.sh
@@ -136,7 +141,11 @@ jobs:
     runs-on: [ci]
     needs: test-backend
 
-    container: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }}
+    container:
+      image: *podman_client
+
+    env:
+      PODMAN_CLIENT_IMG_DIGEST: *podman_client
 
     steps:
       - uses: actions/checkout@v4
@@ -194,7 +203,11 @@ jobs:
     runs-on: [ci]
     needs: test-frontend
 
-    container: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }}
+    container:
+      image: *podman_client
+
+    env:
+      PODMAN_CLIENT_IMG_DIGEST: *podman_client
 
     steps:
       - uses: actions/checkout@v4
@@ -261,7 +274,11 @@ jobs:
     runs-on: [ci]
     needs: test-frontend
 
-    container: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }}
+    container:
+      image: *podman_client
+
+    env:
+      PODMAN_CLIENT_IMG_DIGEST: *podman_client
 
     steps:
       - uses: actions/checkout@v4
@@ -328,7 +345,12 @@ jobs:
     runs-on: [prod]
     needs: [build-backend, build-frontend]
     if: success()
-    container: ${{ secrets.PODMAN_CLIENT_IMG_DIGEST }}
+
+    container:
+      image: *podman_client
+
+    env:
+      PODMAN_CLIENT_IMG_DIGEST: *podman_client
 
     steps:
       - uses: actions/checkout@v4