diff --git a/.gitea/workflows/build-and-push.yml b/.gitea/workflows/build-and-push.yml
index 684b4f8..398d928 100644
--- a/.gitea/workflows/build-and-push.yml
+++ b/.gitea/workflows/build-and-push.yml
@@ -51,18 +51,12 @@ jobs:
         run: |
           set -euo pipefail
 
-          # 0) 强校验 Secret 是否非空
-          if [ -z "${V2RAY_JSON:-}" ]; then
-            echo "ERROR: V2RAY_JSON is empty or not set." >&2
-            exit 1
-          fi
+          # 0) Secret 非空
+          [ -n "${V2RAY_JSON:-}" ] || { echo "V2RAY_JSON is empty"; exit 1; }
 
-          # 1) 写配置
+          # 1) 先在 runner 容器里修正端口（可选但推荐）
           mkdir -p "${GITHUB_WORKSPACE}/v2ray"
           printf '%s' "$V2RAY_JSON" > "${GITHUB_WORKSPACE}/v2ray/config.json"
-          command -v jq >/dev/null 2>&1 && jq . "${GITHUB_WORKSPACE}/v2ray/config.json" >/dev/null
-
-          # 2) 强制端口为 11080/18080（与 BuildKit http_proxy 保持一致）
           if command -v jq >/dev/null 2>&1; then
             jq --argjson sp "$SOCKS_PORT" --argjson hp "$HTTP_PORT" \
               '.inbounds |= map(
@@ -73,31 +67,33 @@ jobs:
               > "${GITHUB_WORKSPACE}/v2ray/config.tmp" && mv "${GITHUB_WORKSPACE}/v2ray/config.tmp" "${GITHUB_WORKSPACE}/v2ray/config.json"
           fi
 
-          # 3) 容器内可见性检查（注意：去掉了 ,z）
-          docker run --rm \
-            --network host \
-            --mount type=bind,src=${GITHUB_WORKSPACE}/v2ray,dst=/etc/v2ray,readonly \
-            --entrypoint sh \
-            v2fly/v2fly-core:latest \
-            -lc 'echo "== inside container =="; ls -l /etc/v2ray; echo "---"; head -n2 /etc/v2ray/config.json || true'
+          # 2) base64 编码（兼容不同 base64 实现）
+          if base64 --help 2>&1 | grep -q -- '-w'; then
+            CONF_B64="$(base64 -w0 < "${GITHUB_WORKSPACE}/v2ray/config.json")"
+          else
+            CONF_B64="$(base64 < "${GITHUB_WORKSPACE}/v2ray/config.json" | tr -d '\n')"
+          fi
 
-          # 4) 启动（注意：去掉了 ,z）
+          # 3) 启动容器：用 entrypoint 写入配置再 exec v2ray；不再做 bind-mount
           docker rm -f v2ray-client >/dev/null 2>&1 || true
           docker run -d --name v2ray-client \
             --network host \
-            --mount type=bind,src=${GITHUB_WORKSPACE}/v2ray,dst=/etc/v2ray,readonly \
+            -e CONF_B64="${CONF_B64}" \
             v2fly/v2fly-core:latest \
-            run -c /etc/v2ray/config.json
+            sh -lc 'set -euo pipefail;
+                    mkdir -p /etc/v2ray;
+                    printf "%s" "$CONF_B64" | base64 -d > /etc/v2ray/config.json;
+                    exec v2ray run -c /etc/v2ray/config.json'
 
-          # 5) 健康检查 + 日志
+          # 4) 健康检查 + 日志打印
           sleep 1
           if [ "$(docker inspect -f '{{.State.Running}}' v2ray-client 2>/dev/null)" != "true" ]; then
             echo "== v2ray-client exited; logs =="
             docker logs v2ray-client || true
             exit 1
           fi
+          echo "v2ray-client is running."
 
-          docker inspect -f '{{range .Mounts}}{{println .Type " " .Source "->" .Destination}}{{end}}' v2ray-client
 
 
       - name: Build Docker Image (host network; no Dockerfile change)