diff --git a/argocd/manifests/forgejo-runner/Dockerfile b/argocd/manifests/forgejo-runner/Dockerfile
index 28d545d..e511440 100644
--- a/argocd/manifests/forgejo-runner/Dockerfile
+++ b/argocd/manifests/forgejo-runner/Dockerfile
@@ -1,8 +1,11 @@
 FROM code.forgejo.org/forgejo/runner:3.5.1
 
-# The base image is Debian-based
+# Switch to root to install packages
+USER root
+
+# The base image is Alpine Linux
 # Install tools needed for GitHub Actions and builds
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apk add --no-cache \
     # Required for actions/checkout and other Node-based actions
     nodejs \
     npm \
@@ -14,10 +17,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     make \
     gcc \
     g++ \
+    musl-dev \
     # For container builds
     ca-certificates \
-    docker.io \
-    && rm -rf /var/lib/apt/lists/*
+    docker-cli
 
 # Verify tools are available
 RUN node --version && npm --version && docker --version
+
+# Switch back to non-root user
+USER 1000
diff --git a/argocd/manifests/forgejo-runner/deployment.yaml b/argocd/manifests/forgejo-runner/deployment.yaml
index d0939de..0848e4a 100644
--- a/argocd/manifests/forgejo-runner/deployment.yaml
+++ b/argocd/manifests/forgejo-runner/deployment.yaml
@@ -16,7 +16,7 @@ spec:
       serviceAccountName: forgejo-runner
       containers:
         - name: runner
-          image: code.forgejo.org/forgejo/runner:3.5.1
+          image: registry.tail8d86e.ts.net/blumeops/forgejo-runner:latest
           env:
             # Use internal k8s service via Tailscale operator egress
             - name: FORGEJO_INSTANCE_URL