diff --git a/.gitea/workflows/build-and-push.yml b/.gitea/workflows/build-and-push.yml
index 131fefb..a9fc9de 100644
--- a/.gitea/workflows/build-and-push.yml
+++ b/.gitea/workflows/build-and-push.yml
@@ -19,12 +19,25 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to ACR
+      - name: Login to Aliyun ACR (non-interactive)
+        env:
+          ACR_REGISTRY:  ${{ secrets.ACR_REGISTRY }}   # 例：registry.cn-hangzhou.aliyuncs.com 或 <实例>.registry.cn-hangzhou.aliyuncs.com
+          ACR_USERNAME:  ${{ secrets.ACR_USERNAME }}   # 例：ze***@qq.com（主账号/子账号）或 命名空间Token名
+          ACR_PASSWORD:  ${{ secrets.ACR_PASSWORD }}   # 例：固定密码 / 命名空间Token值
         run: |
-          echo "${{ secrets.ACR_PASSWORD }}" | docker login \
-            ${{ secrets.ACR_REGISTRY }} \
-            -u "${{ secrets.ACR_USERNAME }}" \
-            --password-stdin
+          set -euo pipefail
+          # 1) 注册表只能是“纯域名”，不能带 https:// 或路径
+          case "$ACR_REGISTRY" in
+            http://*|https://*) echo "ACR_REGISTRY 不能带协议(http/https)，只填域名"; exit 1;;
+            */*)                echo "ACR_REGISTRY 不能带路径"; exit 1;;
+          esac
+
+          # 2) 联通性探测（返回 401 属于正常，说明 /v2/ 可达）
+          curl -sSIL "https://${ACR_REGISTRY}/v2/" || true
+
+          # 3) 非交互式登录
+          echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" \
+            --username "$ACR_USERNAME" --password-stdin
 
       - name: Build Docker Image
         run: |