diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 28c74bd..222aa68 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -49,44 +49,44 @@ jobs:
            apk add --no-cache nodejs npm curl
            npm install -g sonarqube-scanner
 
-       - name: SonarQube Scan
-        env:
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
-        run: |
-          WORKDIR=${GITHUB_WORKSPACE:-$PWD}
-          HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
-          BRANCH_NAME=${GITEA_REF#refs/heads/}
-          PROJECT_KEY=${SONAR_PROJECT_KEY:-}
-          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
-            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
-          fi
-          if [ -z "$PROJECT_KEY" ]; then
-            echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
-            exit 1
-          fi
-          echo "Sonar project key: $PROJECT_KEY"
-          echo "Listing workspace:"
-          ls -la
-          echo "Sample files:"
-          find . -maxdepth 2 -type f | head -n 20
-          echo "Running local sonar-scanner..."
-          set -- \
-            -Dsonar.host.url="$HOST_URL" \
-            -Dsonar.token="$SONAR_TOKEN" \
-            -Dsonar.projectKey="$PROJECT_KEY" \
-            -Dsonar.sources=. \
-            -Dsonar.scm.disabled=true \
-            -Dsonar.projectBaseDir="$WORKDIR"
+        - name: SonarQube Scan
+          env:
+            SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+            SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
+          run: |
+            WORKDIR=${GITHUB_WORKSPACE:-$PWD}
+            HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
+            BRANCH_NAME=${GITEA_REF#refs/heads/}
+            PROJECT_KEY=${SONAR_PROJECT_KEY:-}
+            if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
+              PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
+            fi
+            if [ -z "$PROJECT_KEY" ]; then
+              echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
+              exit 1
+            fi
+            echo "Sonar project key: $PROJECT_KEY"
+            echo "Listing workspace:"
+            ls -la
+            echo "Sample files:"
+            find . -maxdepth 2 -type f | head -n 20
+            echo "Running local sonar-scanner..."
+            set -- \
+              -Dsonar.host.url="$HOST_URL" \
+              -Dsonar.token="$SONAR_TOKEN" \
+              -Dsonar.projectKey="$PROJECT_KEY" \
+              -Dsonar.sources=. \
+              -Dsonar.scm.disabled=true \
+              -Dsonar.projectBaseDir="$WORKDIR"
 
-          if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then
-            set -- "$@" -Dsonar.branch.name="$BRANCH_NAME"
-          else
-            echo "Branch analysis disabled (requires SonarQube Developer Edition)"
-          fi
+            if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then
+              set -- "$@" -Dsonar.branch.name="$BRANCH_NAME"
+            else
+              echo "Branch analysis disabled (requires SonarQube Developer Edition)"
+            fi
 
-          sonar-scanner "$@"
+            sonar-scanner "$@"
 
   docker:
     needs: [lint, sonar]