diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b871174..fe1832b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,7 +24,7 @@ env:
 
 jobs:
   lint:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -38,7 +38,7 @@ jobs:
         run: npx tsc --noEmit
 
   test:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -50,7 +50,7 @@ jobs:
         run: npx vitest run
 
   audit:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -62,7 +62,7 @@ jobs:
         run: npm audit --audit-level=high
 
   e2e:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -74,7 +74,7 @@ jobs:
       - run: npx playwright test
 
   lighthouse:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     needs: [test]
     steps:
       - uses: actions/checkout@v4
@@ -99,7 +99,7 @@ jobs:
           CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
 
   build-and-push:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     if: github.event_name == 'push'
     needs: [lint, test, e2e]
     outputs:
@@ -175,11 +175,7 @@ jobs:
           only-fixed: "true"
           output-format: sarif
 
-      - name: Upload frontend scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
+      
 
       - name: Push Docker image
         if: github.event_name == 'push'
@@ -199,7 +195,7 @@ jobs:
           git push origin "v${{ steps.calver.outputs.version }}"
 
   build-and-push-receiptwitness:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     if: github.event_name == 'push'
     needs: [lint, test]
     outputs:
@@ -271,11 +267,7 @@ jobs:
           only-fixed: "true"
           output-format: sarif
 
-      - name: Upload receiptwitness scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
+      
 
       - name: Push Docker image
         if: github.event_name == 'push'
@@ -291,7 +283,7 @@ jobs:
           cache-from: type=gha
 
   build-and-push-api:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     if: github.event_name == 'push'
     needs: [lint, test]
     outputs:
@@ -363,11 +355,7 @@ jobs:
           only-fixed: "true"
           output-format: sarif
 
-      - name: Upload api scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
+      
 
       - name: Push Docker image
         if: github.event_name == 'push'
@@ -383,7 +371,7 @@ jobs:
           cache-from: type=gha
 
   build-and-push-auth:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     if: github.event_name == 'push'
     needs: [lint, test]
     outputs:
@@ -455,11 +443,7 @@ jobs:
           only-fixed: "true"
           output-format: sarif
 
-      - name: Upload auth scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
+      
 
       - name: Push Docker image
         if: github.event_name == 'push'
@@ -475,24 +459,15 @@ jobs:
           cache-from: type=gha
 
   deploy-dev:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api, build-and-push-auth]
     if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
     steps:
-      - name: Generate GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
-          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: infra
-
       - name: Checkout infra repo
         uses: actions/checkout@v4
         with:
           repository: cartsnitch/infra
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GITEA_TOKEN }}
           ref: main
           path: infra
 
@@ -574,24 +549,15 @@ jobs:
           git push origin main
 
   deploy-uat:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api, build-and-push-auth]
     if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
     steps:
-      - name: Generate GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
-          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: infra
-
       - name: Checkout infra repo
         uses: actions/checkout@v4
         with:
           repository: cartsnitch/infra
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GITEA_TOKEN }}
           ref: main
           path: infra