Fix CI: run makepkg in Arch container with non-root user

The act_runner now uses docker mode with archlinux:base-devel.
Install git/curl and create a builder user since makepkg refuses
to run as root.

.gitea/workflows/build-and-publish.yaml

@@ -11,12 +11,21 @@ on:
       - '*/PKGBUILD'
 
 jobs:
-  detect-changes:
+  build-and-publish:
     runs-on: moonarch
     steps:
-      - name: Detect changed PKGBUILDs
+      - name: Setup build environment
+        run: |
+          pacman -Sy --noconfirm git curl
+
+          # makepkg refuses to run as root — create a build user
+          useradd -m builder
+          echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+      - name: Build and publish changed packages
         run: |
           git clone http://gitea:3000/nevaforget/moonarch-pkgbuilds.git repo
+          chown -R builder:builder repo
           cd repo
 
           CHANGED=$(git diff --name-only HEAD~1 HEAD | grep '/PKGBUILD$' | sed 's|/PKGBUILD||' || true)
@@ -32,8 +41,8 @@ jobs:
             echo "==> Building $pkg"
             cd "$pkg"
 
-            # Build package (skip dep checks — deps are already installed or in optdepends)
-            makepkg -sfd --noconfirm
+            # Build package as non-root user
+            su builder -c "makepkg -sfd --noconfirm"
 
             # Find the built package file
             PKG_FILE=$(ls -t *.pkg.tar.zst 2>/dev/null | head -1)