diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index d096d828..cb369e49 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -158,11 +158,10 @@ jobs:
     runs-on: docker
     needs: detect-changes
     if: github.event_name == 'pull_request' && needs.detect-changes.outputs.any_python == 'true'
-    container: python:3.12-slim
+    container: python:3.12
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: Lint (ruff) + type-check (mypy)
         run: |
@@ -236,11 +235,10 @@ jobs:
   dep-audit:
     runs-on: docker
     if: github.event_name == 'pull_request'
-    container: python:3.12-slim
+    container: python:3.12
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git curl > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: Install Node.js + Go
         run: |
@@ -316,7 +314,7 @@ jobs:
 
   iace-gt-coverage:
     runs-on: docker
-    container: python:3.12-slim
+    container: python:3.12
     needs: detect-changes
     if: needs.detect-changes.outputs.sdk == 'true'
     env:
@@ -326,7 +324,6 @@ jobs:
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: GT-Bremse measure-coverage report
         run: |
@@ -350,7 +347,7 @@ jobs:
 
   test-python-backend:
     runs-on: docker
-    container: python:3.12-slim
+    container: python:3.12
     needs: detect-changes
     if: needs.detect-changes.outputs.backend == 'true'
     env:
@@ -358,7 +355,6 @@ jobs:
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: Test backend-compliance
         run: |
@@ -371,7 +367,7 @@ jobs:
 
   test-python-document-crawler:
     runs-on: docker
-    container: python:3.12-slim
+    container: python:3.12
     needs: detect-changes
     if: needs.detect-changes.outputs.crawler == 'true'
     env:
@@ -379,7 +375,6 @@ jobs:
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: Test document-crawler
         run: |
@@ -392,7 +387,7 @@ jobs:
 
   test-python-dsms-gateway:
     runs-on: docker
-    container: python:3.12-slim
+    container: python:3.12
     needs: detect-changes
     if: needs.detect-changes.outputs.dsms_gateway == 'true'
     env:
@@ -400,7 +395,6 @@ jobs:
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: Test dsms-gateway
         run: |
@@ -458,11 +452,10 @@ jobs:
   # ── OpenAPI contract validation (always) ─────────────────────────────────
   validate-canonical-controls:
     runs-on: docker
-    container: python:3.12-slim
+    container: python:3.12
     steps:
       - name: Checkout
         run: |
-          apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
           git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
       - name: Validate controls
         run: python scripts/validate-controls.py