diff --git a/.gitea/workflows/main.yml b/.gitea/workflows/main.yml
index d86df36..b3c82bc 100644
--- a/.gitea/workflows/main.yml
+++ b/.gitea/workflows/main.yml
@@ -51,8 +51,6 @@ jobs:
           POSTGRES_USER: basil
           POSTGRES_PASSWORD: basil
           POSTGRES_DB: basil_test
-        ports:
-          - 5432:5432
         options: >-
           --health-cmd pg_isready
           --health-interval 10s
@@ -80,12 +78,12 @@ jobs:
       - name: Run database migrations
         run: cd packages/api && npm run prisma:migrate
         env:
-          DATABASE_URL: postgresql://basil:basil@localhost:5432/basil_test?schema=public
+          DATABASE_URL: postgresql://basil:basil@postgres:5432/basil_test?schema=public
 
       - name: Run API tests
         run: cd packages/api && npm run test
         env:
-          DATABASE_URL: postgresql://basil:basil@localhost:5432/basil_test?schema=public
+          DATABASE_URL: postgresql://basil:basil@postgres:5432/basil_test?schema=public
           NODE_ENV: test
 
       - name: Upload coverage
@@ -179,8 +177,9 @@ jobs:
           echo "Scanning for hardcoded secrets..."
           if grep -r -E "(password|secret|api[_-]?key|token)\s*=\s*['\"][^'\"]+['\"]" \
             --include="*.ts" --include="*.js" \
-            --exclude-dir=node_modules --exclude-dir=dist .; then
-            echo "⚠️ Potential hardcoded secrets found!"
+            --exclude-dir=node_modules --exclude-dir=dist --exclude-dir=e2e \
+            --exclude="*.test.ts" --exclude="*.spec.ts" .; then
+            echo "⚠️ Potential hardcoded secrets found in non-test files!"
             exit 1
           fi
           echo "✓ No hardcoded secrets detected"
@@ -240,8 +239,6 @@ jobs:
           POSTGRES_USER: basil
           POSTGRES_PASSWORD: basil
           POSTGRES_DB: basil
-        ports:
-          - 5432:5432
         options: >-
           --health-cmd pg_isready
           --health-interval 10s
@@ -269,12 +266,12 @@ jobs:
       - name: Run database migrations
         run: cd packages/api && npm run prisma:migrate
         env:
-          DATABASE_URL: postgresql://basil:basil@localhost:5432/basil?schema=public
+          DATABASE_URL: postgresql://basil:basil@postgres:5432/basil?schema=public
 
       - name: Run E2E tests
         run: npm run test:e2e
         env:
-          DATABASE_URL: postgresql://basil:basil@localhost:5432/basil?schema=public
+          DATABASE_URL: postgresql://basil:basil@postgres:5432/basil?schema=public
 
       - name: Upload test results
         if: always()