diff --git a/.gitea/workflows/publish.yaml b/.gitea/workflows/publish.yaml
index b603561..d3b5c45 100644
--- a/.gitea/workflows/publish.yaml
+++ b/.gitea/workflows/publish.yaml
@@ -117,6 +117,7 @@ jobs:
             /tmp/image.tar
           echo 'FROM scratch' > /tmp/Dockerfile
           echo 'ADD image.tar /' >> /tmp/Dockerfile
+          echo 'USER 65532' >> /tmp/Dockerfile
 
       - name: Build and push with buildx (SBOM + provenance)
         uses: docker/build-push-action@v5
diff --git a/.gitea/workflows/rebuild.yaml b/.gitea/workflows/rebuild.yaml
index dc7852c..e37da6f 100644
--- a/.gitea/workflows/rebuild.yaml
+++ b/.gitea/workflows/rebuild.yaml
@@ -109,6 +109,7 @@ jobs:
             /tmp/image.tar
           echo 'FROM scratch' > /tmp/Dockerfile
           echo 'ADD image.tar /' >> /tmp/Dockerfile
+          echo 'USER 65532' >> /tmp/Dockerfile
 
       - name: Build and push with buildx (SBOM + provenance)
         uses: docker/build-push-action@v5
diff --git a/.gitea/workflows/update-check.yaml b/.gitea/workflows/update-check.yaml
index 1d13d78..a228280 100644
--- a/.gitea/workflows/update-check.yaml
+++ b/.gitea/workflows/update-check.yaml
@@ -199,6 +199,7 @@ jobs:
             /tmp/image.tar
           echo 'FROM scratch' > /tmp/Dockerfile
           echo 'ADD image.tar /' >> /tmp/Dockerfile
+          echo 'USER 65532' >> /tmp/Dockerfile
 
       - name: Build and push with buildx (SBOM + provenance)
         uses: docker/build-push-action@v5