diff --git a/.gitea/workflows/apk-publish.yml b/.gitea/workflows/apk-publish.yml
index 2ed438e..cc448b6 100644
--- a/.gitea/workflows/apk-publish.yml
+++ b/.gitea/workflows/apk-publish.yml
@@ -13,20 +13,24 @@ jobs:
     steps:
       - name: Install build dependencies
         run: |
-          apk add --no-cache git go abuild make nodejs curl openssl
+          apk add --no-cache git go abuild make nodejs curl openssl sudo
+      
+      - name: Create build user
+        run: |
+          adduser -D -G abuild build
+          echo "build ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+          chown -R build:abuild .
       
       - name: Checkout repository
         uses: actions/checkout@v4
       
       - name: Setup abuild for package signing
         run: |
-          mkdir -p ~/.abuild
-          echo "PACKAGER_PRIVKEY=$HOME/.abuild/private_key.rsa" > ~/.abuild/abuild.conf
-          echo "PACKAGER_PUBKEY=$HOME/.abuild/private_key.rsa.pub" >> ~/.abuild/abuild.conf
-          openssl genrsa -out ~/.abuild/private_key.rsa 2048
-          openssl rsa -pubout -in ~/.abuild/private_key.rsa -out ~/.abuild/private_key.rsa.pub
-          cp ~/.abuild/private_key.rsa.pub /etc/apk/keys/
-          abuild-keygen -a -n
+          su build -c "mkdir -p ~/.abuild"
+          su build -c "openssl genrsa -out ~/.abuild/private_key.rsa 2048"
+          su build -c "openssl rsa -pubout -in ~/.abuild/private_key.rsa -out ~/.abuild/private_key.rsa.pub"
+          cp ~build/.abuild/private_key.rsa.pub /etc/apk/keys/
+          su build -c "abuild-keygen -a -n"
       
       - name: Prepare source
         run: |
@@ -34,26 +38,27 @@ jobs:
           pkgver=$(echo "${{ github.ref_name }}" | sed 's/^v//')
           sed -i "s/pkgver=.*/pkgver=$pkgver/" APKBUILD
           sed -i "s|source=.*|source=\"\$pkgname-\$pkgver.tar.gz::${{ github.server_url }}/${{ github.repository }}/archive/\$pkgver.tar.gz\"|" APKBUILD
+          chown -R build:abuild .
       
       - name: Generate checksums
         run: |
           cd packaging/alpine
-          abuild checksum
+          su build -c "abuild checksum"
       
       - name: Build package
         run: |
           cd packaging/alpine
-          abuild -r
+          su build -c "abuild -r"
       
       - name: Find built package
         id: find_package
         run: |
-          find "$HOME/packages" -name "*.apk" -type f > packages.txt
+          find ~build/packages -name "*.apk" -type f > packages.txt
           echo "package_path=$(head -1 packages.txt)" >> $GITHUB_OUTPUT
       
       - name: Publish to Gitea Registry
         run: |
-          apk_file=$(find "$HOME/packages" -name "*.apk" -type f | head -1)
+          apk_file=$(find ~build/packages -name "*.apk" -type f | head -1)
           branch=$(echo "${{ github.ref_name }}" | sed 's/^v//')
           curl -X PUT \
             -H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \