diff --git a/.github/workflows/release_skill.yaml b/.github/workflows/release_skill.yaml index 372443c..e70bfd2 100644 --- a/.github/workflows/release_skill.yaml +++ b/.github/workflows/release_skill.yaml @@ -12,7 +12,6 @@ jobs: # 2. 环境及工具准备 - name: Setup Tools - # 修复:添加 --break-system-packages 参数 run: pip install pyarmor requests python-frontmatter --break-system-packages # 3. 【核心步骤】PyArmor 源代码混淆加密 @@ -32,7 +31,7 @@ jobs: metadata = post.metadata slug = metadata['name'] version = metadata['version'] - # 修复:使用新的 $GITHUB_OUTPUT 方式设置变量,兼容性更好 + # 安全写入输出 with open(os.environ['GITHUB_OUTPUT'], 'a') as f: f.write(f'slug={slug}\n') f.write(f'version={version}\n') @@ -44,11 +43,14 @@ jobs: # 5. 同步数据库记录 - name: Sync Database (V2.0) + # 核心修复:通过 env 传递复杂 JSON 字符串 + env: + METADATA_JSON: ${{ steps.build_task.outputs.metadata }} run: | python -c " import requests, json, os - # 修复:从环境变量读取 metadata - metadata = json.loads('''${{ steps.build_task.outputs.metadata }}''') + # 从环境变量读取,不涉及脚本注入风险 + metadata = json.loads(os.environ['METADATA_JSON']) url = 'https://jc2009.com/api/skill/update' res = requests.post(url, json=metadata) print(f'DB Sync Result: {res.text}') @@ -57,14 +59,17 @@ jobs: # 6. 上传物理包 - name: Upload Encrypted ZIP + env: + SLUG: ${{ steps.build_task.outputs.slug }} + VERSION: ${{ steps.build_task.outputs.version }} run: | - SLUG=${{ steps.build_task.outputs.slug }} - VERSION=${{ steps.build_task.outputs.version }} python -c " - import requests + import requests, os url = 'https://jc2009.com/api/upload' - payload = {'plugin_name': '$SLUG', 'version': '$VERSION'} - with open(f'$SLUG.zip', 'rb') as f: + slug = os.environ['SLUG'] + version = os.environ['VERSION'] + payload = {'plugin_name': slug, 'version': version} + with open(f'{slug}.zip', 'rb') as f: res = requests.post(url, data=payload, files={'file': f}) print(f'Upload Result: {res.text}') if res.status_code != 200: exit(1)