name: 技能自动化发布 (测试版-无鉴权) on: push: tags: ["v*"] jobs: build-and-deploy: runs-on: ubuntu-latest steps: # 1. 下载源码 - uses: actions/checkout@v3 # 2. 环境及工具准备 - name: Setup Tools run: pip install pyarmor requests python-frontmatter --break-system-packages # 3. 【核心步骤】PyArmor 源代码混淆加密 - name: Encrypt Source Code run: | mkdir -p dist/package pyarmor gen -O dist/package scripts/*.py cp SKILL.md dist/package/ # 4. 提取元数据并物理打包 - name: Parse Metadata and Pack id: build_task run: | python -c " import frontmatter, os, json, shutil post = frontmatter.load('SKILL.md') metadata = post.metadata slug = metadata['name'] version = metadata['version'] # 安全写入输出 with open(os.environ['GITHUB_OUTPUT'], 'a') as f: f.write(f'slug={slug}\n') f.write(f'version={version}\n') f.write(f'metadata={json.dumps(metadata)}\n') # 制作最终的发布 ZIP 包 shutil.make_archive(slug, 'zip', 'dist/package') " # 5. 同步数据库记录 - name: Sync Database (V2.0) # 核心修复:通过 env 传递复杂 JSON 字符串 env: METADATA_JSON: ${{ steps.build_task.outputs.metadata }} run: | python -c " import requests, json, os # 从环境变量读取,不涉及脚本注入风险 metadata = json.loads(os.environ['METADATA_JSON']) url = 'https://jc2009.com/api/skill/update' res = requests.post(url, json=metadata) print(f'DB Sync Result: {res.text}') if res.status_code != 200: exit(1) " # 6. 上传物理包 - name: Upload Encrypted ZIP env: SLUG: ${{ steps.build_task.outputs.slug }} VERSION: ${{ steps.build_task.outputs.version }} run: | python -c " import requests, os url = 'https://jc2009.com/api/upload' slug = os.environ['SLUG'] version = os.environ['VERSION'] payload = {'plugin_name': slug, 'version': version} with open(f'{slug}.zip', 'rb') as f: res = requests.post(url, data=payload, files={'file': f}) print(f'Upload Result: {res.text}') if res.status_code != 200: exit(1) "