提交修改

.github/workflows/reusable-release-skill.yaml

@@ -3,6 +3,11 @@ name: Reusable Skill Release
 on:
   workflow_call:
     inputs:
+      runs_on:
+        description: "Runner label; must match a registered runner (use host runner for pip/python on same machine as Node frontend)"
+        required: false
+        type: string
+        default: ubuntu-latest
       artifact_platform:
         required: false
         type: string
@@ -30,11 +35,17 @@ on:
 
 jobs:
   build-and-deploy:
-    runs-on: ubuntu-latest
+    runs-on: ${{ inputs.runs_on }}
+    defaults:
+      run:
+        shell: bash
     env:
       ARTIFACT_PLATFORM: ${{ inputs.artifact_platform }}
       PYARMOR_PLATFORM: ${{ inputs.pyarmor_platform }}
       PIP_BREAK_SYSTEM_PACKAGES: "1"
+      # Prefer self-built Python 3.12 under /usr/local (Alibaba Cloud Linux host); keep system paths as fallback.
+      # 显式前缀，避免部分 Runner 未注入 env.PATH 时丢失系统路径
+      PATH: /usr/local/bin:/usr/local/python3.12/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin
       # PyArmor 交叉平台加密时会内部执行 pip 安装 pyarmor.cli.core.* 等包；不设则默认走 files.pythonhosted.org，国内 CI 易超时。
       PIP_INDEX_URL: https://pypi.tuna.tsinghua.edu.cn/simple
       PIP_EXTRA_INDEX_URL: https://mirrors.aliyun.com/pypi/simple https://mirrors.cloud.tencent.com/pypi/simple https://mirrors.huaweicloud.com/repository/pypi/simple
@@ -45,8 +56,9 @@ jobs:
 
       # Pin PyArmor 8.5.3 — matches desktop bundles; 9.x trial is stricter in CI。
       # 镜像由 job env（PIP_INDEX_URL / PIP_EXTRA_INDEX_URL）统一指定，与 Encrypt 步骤中 PyArmor 内部 pip 一致。
+      # 使用 python3.12 -m pip，避免仅存在 python3(3.6) 或裸 pip 不在 PATH 的宿主机/容器。
       - name: Setup Tools
-        run: pip install "pyarmor==8.5.3" requests python-frontmatter --break-system-packages
+        run: python3.12 -m pip install "pyarmor==8.5.3" requests python-frontmatter --break-system-packages
 
       - name: Register PyArmor (optional)
         env:
@@ -55,7 +67,7 @@ jobs:
           if [ -z "${PYARMOR_REG_B64}" ]; then
             echo "PyArmor: no PYARMOR_REG_B64 secret — trial mode (very large single .py modules may fail to obfuscate)."
           else
-            python -c "import os,base64,pathlib,subprocess; p=pathlib.Path('/tmp/pyarmor-reg.zip'); p.write_bytes(base64.standard_b64decode(os.environ['PYARMOR_REG_B64'])); subprocess.run(['pyarmor','reg',str(p)],check=True); p.unlink(missing_ok=True)"
+            python3.12 -c "import os,base64,pathlib,subprocess; p=pathlib.Path('/tmp/pyarmor-reg.zip'); p.write_bytes(base64.standard_b64decode(os.environ['PYARMOR_REG_B64'])); subprocess.run(['pyarmor','reg',str(p)],check=True); p.unlink(missing_ok=True)"
           fi
 
       # 递归加密整个 scripts/（含 cli、service、db、util 等子包）；产物保留与源码一致的 scripts/ 层级，入口为 scripts/main.py。
@@ -72,7 +84,7 @@ jobs:
       - name: Parse Metadata and Pack
         id: build_task
         run: |
-          python -c "
+          python3.12 -c "
           import frontmatter, os, json, shutil
           post = frontmatter.load('SKILL.md')
           metadata = dict(post.metadata or {})
@@ -121,7 +133,7 @@ jobs:
           METADATA_JSON: ${{ steps.build_task.outputs.metadata }}
           SYNC_URL: ${{ inputs.sync_url }}
         run: |
-          python -c "
+          python3.12 -c "
           import requests, json, os
           metadata = json.loads(os.environ['METADATA_JSON'])
           res = requests.post(os.environ['SYNC_URL'], json=metadata)
@@ -140,7 +152,7 @@ jobs:
           ARTIFACT_PLATFORM: ${{ steps.build_task.outputs.artifact_platform }}
           UPLOAD_URL: ${{ inputs.upload_url }}
         run: |
-          python -c "
+          python3.12 -c "
           import requests, os
           slug = os.environ['SLUG']
           version = os.environ['VERSION']
@@ -167,7 +179,7 @@ jobs:
           VERSION: ${{ steps.build_task.outputs.version }}
           PRUNE_URL: ${{ inputs.prune_url }}
         run: |
-          python -c "
+          python3.12 -c "
           import requests, os
           payload = {
             'name': os.environ['SLUG'],