diff --git a/.gitea/workflows/build-feature.yml b/.gitea/workflows/build-feature.yml
index 63c0297..1b14ff7 100644
--- a/.gitea/workflows/build-feature.yml
+++ b/.gitea/workflows/build-feature.yml
@@ -2,18 +2,24 @@ name: Build Feature
 on:
   workflow_call:
     inputs:
-      env_json:
-        required: true
-        type: string
       bats-image:
         required: true
         type: string
       cucumber-node-image:
         required: true
         type: string
+    secrets:
+      GITEA_TOKEN:
+        required: true
+      GIT_PAGES_PUBLISH_TOKEN:
+        required: true
+
+env:
+  GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+  GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }}
 
 jobs:
-  bats:
+  validate:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -25,6 +31,19 @@ jobs:
       - name: Validate CI config
         run: bash .ci/scripts/ci-validate.sh
 
+  bats:
+    runs-on: ubuntu-latest
+    needs: validate
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          repository: niko/gitea-ci-library
+          path: .ci
+
+      - name: Load env
+        run: grep -v '^#' .gitea/workflows/feature-env.conf >> "$GITHUB_ENV"
+
       - name: Run bats tests
         id: bats-tests
         shell: bash
@@ -46,13 +65,10 @@ jobs:
 
       - name: Publish bats reports
         if: always()
-        shell: bash
-        run: |
-          bash .ci/scripts/publish-git-pages.sh bats
+        run: bash .ci/scripts/publish-git-pages.sh bats
 
       - name: Set bats commit status
         if: always()
-        shell: bash
         run: |
           if [ "${BATS_EXIT}" = "0" ]; then
             bash .ci/scripts/report-status.sh success "Bats tests" ci-bats bats
@@ -62,6 +78,7 @@ jobs:
 
   cucumber:
     runs-on: ubuntu-latest
+    needs: validate
     container:
       image: ${{ inputs.cucumber-node-image }}
     steps:
@@ -71,8 +88,8 @@ jobs:
           repository: niko/gitea-ci-library
           path: .ci
 
-      - name: Validate CI config
-        run: bash .ci/scripts/ci-validate.sh
+      - name: Load env
+        run: grep -v '^#' .gitea/workflows/feature-env.conf >> "$GITHUB_ENV"
 
       - name: Prepare cucumber
         id: prepare-cucumber
@@ -106,7 +123,6 @@ jobs:
 
       - name: Publish cucumber reports
         if: always()
-        shell: bash
         run: |
           if [ "${TOOL_OK}" = "true" ]; then
             bash .ci/scripts/publish-git-pages.sh cucumber
@@ -114,7 +130,6 @@ jobs:
 
       - name: Set cucumber commit status
         if: always()
-        shell: bash
         run: |
           if [ "${TOOL_OK}" != "true" ]; then
             bash .ci/scripts/report-status.sh failure "Cucumber tool unavailable" ci-cucumber
@@ -134,13 +149,11 @@ jobs:
           repository: niko/gitea-ci-library
           path: .ci
 
-      - name: Validate CI config
-        run: bash .ci/scripts/ci-validate.sh
+      - name: Load env
+        run: grep -v '^#' .gitea/workflows/feature-env.conf >> "$GITHUB_ENV"
 
       - name: Generate report index
-        shell: bash
         run: bash .ci/.gitea/scripts/generate-report-index.sh
 
       - name: Set build commit status
-        run: |
-          bash .ci/scripts/report-status.sh success "Build complete" ci-build
+        run: bash .ci/scripts/report-status.sh success "Build complete" ci-build
diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index b9146e2..436b897 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -5,28 +5,18 @@ on:
   workflow_dispatch:
 
 jobs:
-  load-config:
-    uses: niko/gitea-ci-library/.gitea/workflows/config-provider.yml@feature/pipeline-cleanup
-    secrets: inherit
-    with:
-      config_path: .gitea/workflows/feature-env.conf
-
   feature:
     if: github.ref != 'refs/heads/main'
-    needs: [load-config]
     uses: niko/gitea-ci-library/.gitea/workflows/build-feature.yml@feature/pipeline-cleanup
     secrets: inherit
     with:
-      env_json: ${{ needs.load-config.outputs.env_json }}
       bats-image: bats/bats:latest
       cucumber-node-image: node:22
 
   main:
     if: github.ref == 'refs/heads/main'
-    needs: [load-config]
     uses: niko/gitea-ci-library/.gitea/workflows/build-feature.yml@feature/pipeline-cleanup
     secrets: inherit
     with:
-      env_json: ${{ needs.load-config.outputs.env_json }}
       bats-image: bats/bats:latest
       cucumber-node-image: node:22
diff --git a/.gitea/workflows/config-provider.yml b/.gitea/workflows/config-provider.yml
index ea93c8f..af4ad80 100644
--- a/.gitea/workflows/config-provider.yml
+++ b/.gitea/workflows/config-provider.yml
@@ -5,22 +5,10 @@ on:
       config_path:
         required: true
         type: string
-    secrets:
-      GITEA_TOKEN:
-        required: true
-      GIT_PAGES_PUBLISH_TOKEN:
-        required: true
     outputs:
       env_json:
         value: ${{ jobs.parse-config.outputs.json_data }}
 
-env:
-  GITEA_API_URL: ${{ fromJson(jobs.parse-config.outputs.json_data).GITEA_API_URL }}
-  PAGES_HOST: ${{ fromJson(jobs.parse-config.outputs.json_data).PAGES_HOST }}
-  GIT_PAGES_PUBLISH_URL: ${{ fromJson(jobs.parse-config.outputs.json_data).GIT_PAGES_PUBLISH_URL }}
-  GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
-  GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }}
-
 jobs:
   parse-config:
     runs-on: ubuntu-latest
diff --git a/scripts/ci-validate.sh b/scripts/ci-validate.sh
index aff4b7f..cf5cb06 100644
--- a/scripts/ci-validate.sh
+++ b/scripts/ci-validate.sh
@@ -1,35 +1,31 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+CONF_FILE=".gitea/workflows/feature-env.conf"
 ERRORS=0
 
-check_var() {
-  local name="$1"
-  local value="${!name:-}"
-  if [ -z "$value" ]; then
-    echo "ERROR: CI_ENV_MISSING $name is not set or empty. See docs/readme.md for required configuration." >&2
+[ -f "$CONF_FILE" ] || { echo "ERROR: $CONF_FILE not found — checkout missing?" >&2; exit 1; }
+
+echo "Reading $CONF_FILE..."
+
+while IFS='=' read -r key value || [ -n "$key" ]; do
+  key=$(echo "$key" | xargs)
+  value=$(echo "$value" | xargs)
+  [ -z "$key" ] && continue
+  [[ "$key" == "#"* ]] && continue
+  [ -z "$value" ] && echo "ERROR: $key is empty in $CONF_FILE" >&2 && ERRORS=1
+  if [ -n "$value" ] && [[ "$key" == *"URL"* ]] && [[ "$value" != http://* ]] && [[ "$value" != https://* ]]; then
+    echo "ERROR: $key should be a URL (http/https), got: $value" >&2
     ERRORS=1
   fi
-}
+done < "$CONF_FILE"
 
-check_url() {
-  local name="$1"
-  local value="${!name:-}"
-  check_var "$name"
-  if [ -n "$value" ] && [[ "$value" != http://* ]] && [[ "$value" != https://* ]]; then
-    echo "ERROR: CI_ENV_FORMAT $name should be a URL (starting with http:// or https://), got: $value" >&2
-    ERRORS=1
-  fi
-}
+[ -z "${GITEA_TOKEN:-}" ] && echo "ERROR: GITEA_TOKEN secret is not set" >&2 && ERRORS=1
+[ -z "${GIT_PAGES_PUBLISH_TOKEN:-}" ] && echo "ERROR: GIT_PAGES_PUBLISH_TOKEN secret is not set" >&2 && ERRORS=1
 
-check_url "GITEA_API_URL"
-check_var "GITEA_TOKEN"
-check_var "PAGES_HOST"
-check_url "GIT_PAGES_PUBLISH_URL"
-check_var "GIT_PAGES_PUBLISH_TOKEN"
-
-if [ "$ERRORS" -eq 0 ]; then
-  echo "OK: all CI env vars validated"
+if [ "$ERRORS" -ne 0 ]; then
+  echo "FATAL: CI config validation failed" >&2
+  exit 1
 fi
 
-exit $ERRORS
+echo "OK: all CI env vars validated"