diff --git a/.gitea/workflows/master.yml b/.gitea/workflows/master.yml
index a42605c6..4f918a5a 100644
--- a/.gitea/workflows/master.yml
+++ b/.gitea/workflows/master.yml
@@ -10,6 +10,9 @@ jobs:
     name: 构建并推送镜像到仓库注册表
     runs-on: ubuntu
     timeout-minutes: 30  # 设置超时时间，防止无限等待
+    permissions:
+      packages: write  # 明确请求包管理权限
+      contents: read   # 读取代码权限
 
     steps:
       - name: 拉取代码
@@ -21,20 +24,34 @@ jobs:
         run: |
           echo "===== 开始Maven构建 ====="
           /maven/apache-maven-3.9.11/bin/mvn clean package -DskipTests
+          echo "===== 验证构建结果 ====="
+          if [ ! -d "./target" ] || [ -z "$(ls -A ./target/*.jar 2>/dev/null)" ]; then
+            echo "错误：Maven构建未生成有效JAR包"
+            exit 1
+          fi
           echo "===== Maven构建完成 ====="
+
       - name: 构建并推送Docker镜像
         env:
-          # Gitea容器注册表地址（请确认是否正确）
+          # Gitea容器注册表地址
           GITEA_REGISTRY: 172.100.10.45:3000
-          # 仓库路径（组织/仓库名，严格区分大小写）
+          # 仓库路径（严格区分大小写）
           REPO_PATH: by2025/dockerimage
-          # Gitea内置认证令牌
-          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          # 使用手动创建的专用推送令牌（推荐）
+          GITEA_TOKEN: ${{ secrets.DOCKER_PUSH_TOKEN }}
+          # 当前仓库信息（用于调试）
+          CURRENT_REPO: ${{ github.repository }}
         run: |
+          echo "===== 环境信息验证 ====="
+          echo "当前仓库: $CURRENT_REPO"
+          echo "目标仓库路径: $REPO_PATH"
+          echo "镜像仓库地址: $GITEA_REGISTRY"
+
           echo "===== 登录到Gitea容器注册表 ====="
           # 登录并检查结果
           if ! echo "$GITEA_TOKEN" | docker login $GITEA_REGISTRY -u ${{ github.actor }} --password-stdin; then
             echo "错误：登录到容器注册表失败"
+            echo "请检查令牌权限和仓库地址是否正确"
             exit 1
           fi
 
@@ -52,25 +69,35 @@ jobs:
 
             docker_context=$(dirname "$dockerfile")
             # 生成镜像标签（基于目录名，转换为小写并替换斜杠）
-            image_tag=$(echo "$docker_context" | sed 's|./||g' | tr '/' '-' | tr '[:upper:]' '[:lower:]')
-            # 完整镜像名称
+            image_tag=$(echo "$docker_context" | sed 's|./||g' | tr '/' '-' | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9_-]//g')
+            # 完整镜像名称（确保符合Docker规范）
             full_image_name="$GITEA_REGISTRY/$REPO_PATH:$image_tag-${{ github.sha }}"
+            echo "镜像名称: $full_image_name"
 
-            echo "构建镜像: $full_image_name"
+            echo "===== 构建镜像 ====="
             if ! docker build -t "$full_image_name" -f "$dockerfile" "$docker_context"; then
               echo "错误：构建镜像 $full_image_name 失败"
               exit 1
             fi
 
-            echo "推送镜像: $full_image_name"
+            echo "===== 测试镜像 ====="
+            if ! docker images "$full_image_name" | grep -q "$full_image_name"; then
+              echo "错误：镜像构建后未找到 $full_image_name"
+              exit 1
+            fi
+
+            echo "===== 推送镜像 ====="
             if ! docker push "$full_image_name"; then
               echo "错误：推送镜像 $full_image_name 失败"
+              echo "可能原因：令牌无write:packages权限、仓库不存在或网络问题"
+              # 尝试获取详细错误信息
+              curl -u ${{ github.actor }}:$GITEA_TOKEN $GITEA_REGISTRY/v2/_catalog
               exit 1
             fi
 
             # 推送latest标签
             latest_image="$GITEA_REGISTRY/$REPO_PATH:$image_tag-latest"
-            echo "推送最新标签: $latest_image"
+            echo "===== 推送最新标签: $latest_image ====="
             docker tag "$full_image_name" "$latest_image"
             if ! docker push "$latest_image"; then
               echo "错误：推送最新标签 $latest_image 失败"
@@ -80,5 +107,6 @@ jobs:
 
           echo "===== 清理操作 ====="
           docker logout $GITEA_REGISTRY
+          # 可选：清理构建的镜像释放空间
+          docker system prune -f
           echo "===== 所有操作完成 ====="
-