diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index f8b097d..65af900 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,15 +1,14 @@
-# Gitea Actions：需开启 Actions 并注册 act_runner。
-# Runner 建议：GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:22-bookworm（Job 内自带 Node，避免 setup-node 重复下载）
-# 需挂载 /var/run/docker.sock。
+# 公共工作流：https://git.alboped.com/platform/workflow/src/branch/main/ci/web-spa-deploy.yml
 #
-# 说明：NODEJS_ORG_MIRROR 在 act_runner 中常被忽略/不生效；用镜像自带 Node 即可绕过。
+# 本仓库「工作流 → 变量」：DEPLOY_PATH、DEPLOY_HOST、DEPLOY_USER
+# 本仓库「工作流 → 密钥」：SSH_PRIVATE_KEY（secrets: inherit）
 #
-# 不依赖 GitHub：不使用 actions/checkout、actions/cache，仅从当前 Gitea 实例 git fetch（需 Runner 能访问 Gitea）。
+# 若 uses 无法解析 ci/ 下工作流，请在 platform/workflow 仓库中把文件放到
+#   .gitea/workflows/web-spa-deploy.yml
+# 并把下面 uses 改为：
+#   platform/workflow/.gitea/workflows/web-spa-deploy.yml@main
 #
-# 部署（推送到 main/master 时）：在仓库「工作流 → 密钥」中配置
-#   SSH_PRIVATE_KEY  DEPLOY_HOST  DEPLOY_USER  DEPLOY_PATH
-# DEPLOY_PATH 为站点父目录；实际发布目录为 ${DEPLOY_PATH}/chat.alboped.com（与 Nginx root 一致）。
-# 使用 tar|ssh 推送，远端无需安装 rsync（rsync 会要求在服务器上也存在 rsync 命令）。
+# 若 platform/workflow 为私有仓库且拉取失败，可使用带 token 的绝对地址（见 Gitea 文档）。
 
 name: CI
 
@@ -25,93 +24,9 @@ concurrency:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
-
-    steps:
-      # 从本 Gitea 拉代码（github.* 为 Actions 兼容上下文；token 由 Gitea 注入）
-      - name: Checkout
-        env:
-          TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          export GIT_TERMINAL_PROMPT=0
-          if ! command -v git >/dev/null 2>&1; then
-            export DEBIAN_FRONTEND=noninteractive
-            shopt -s nullglob
-            for f in /etc/apt/sources.list /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list.d/*.sources /etc/apt/sources.list.d/*.list; do
-              [ -f "$f" ] || continue
-              sed -i \
-                -e 's/deb.debian.org/mirrors.aliyun.com/g' \
-                -e 's/security.debian.org/mirrors.aliyun.com/g' \
-                "$f"
-            done
-            apt-get -o Acquire::http::Timeout=30 -o Acquire::https::Timeout=30 -o Acquire::Retries=2 update
-            apt-get install -y --no-install-recommends git
-          fi
-          SERVER="${{ github.server_url }}"
-          SERVER="${SERVER%/}"
-          REPO="${{ github.repository }}"
-          ORIGIN="${SERVER/https:\/\//https:\/\/oauth2:${TOKEN}@}"
-          ORIGIN="${ORIGIN/http:\/\//http:\/\/oauth2:${TOKEN}@}/${REPO}.git"
-          git init
-          git remote add origin "$ORIGIN"
-          git fetch --depth 1 origin "${{ github.sha }}"
-          git checkout -f "${{ github.sha }}"
-
-      # 使用 Job 镜像（node:22-bookworm）自带的 Node，不再使用 actions/setup-node，避免重复下载 Node
-      - name: Setup Yarn
-        run: |
-          corepack enable
-          corepack prepare yarn@1.22.22 --activate
-          echo "node -v: $(node -v); yarn -v: $(yarn -v)"
-          echo "yarn config get registry: $(yarn config get registry)"
-
-      - name: Install
-        run: yarn install --frozen-lockfile
-
-      - name: Prettier check
-        run: yarn format:check
-
-      - name: ESLint
-        run: yarn lint
-
-      - name: Build
-        run: yarn build
-
-      # 仅需 SSH 客户端；直连 deb.debian.org 在国内 Runner 上常极慢，换镜像并限制超时
-      - name: Install OpenSSH client
-        if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
-        run: |
-          set -e
-          export DEBIAN_FRONTEND=noninteractive
-          shopt -s nullglob
-          for f in /etc/apt/sources.list /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list.d/*.sources /etc/apt/sources.list.d/*.list; do
-            [ -f "$f" ] || continue
-            sed -i \
-              -e 's/deb.debian.org/mirrors.aliyun.com/g' \
-              -e 's/security.debian.org/mirrors.aliyun.com/g' \
-              "$f"
-          done
-          apt-get -o Acquire::http::Timeout=30 -o Acquire::https::Timeout=30 -o Acquire::Retries=2 update
-          apt-get install -y --no-install-recommends openssh-client
-
-      - name: Deploy to Nginx (tar over SSH)
-        if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          DEPLOY_HOST: ${{ vars.DEPLOY_HOST }}
-          DEPLOY_USER: ${{ vars.DEPLOY_USER }}
-          DEPLOY_PATH: ${{ vars.DEPLOY_PATH }}
-        run: |
-          set -e
-          : "${DEPLOY_PATH:?DEPLOY_PATH is not set}"
-          REMOTE_ROOT="${DEPLOY_PATH}/chat-one-web"
-          mkdir -p ~/.ssh
-          chmod 700 ~/.ssh
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_deploy
-          chmod 600 ~/.ssh/id_deploy
-          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
-          SSH=(ssh -i ~/.ssh/id_deploy -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes)
-          # 清空发布目录再解压，效果类似 rsync --delete；远端只需 tar，无需 rsync
-          "${SSH[@]}" "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p '${REMOTE_ROOT}' && find '${REMOTE_ROOT}' -mindepth 1 -delete"
-          tar czf - -C dist . | "${SSH[@]}" "${DEPLOY_USER}@${DEPLOY_HOST}" "tar xzf - -C '${REMOTE_ROOT}'"
+    uses: platform/workflow/ci/web-spa-deploy.yml@main
+    with:
+      node_version: "22.14.0"
+      yarn_version: "1.22.22"
+      project_dir: "chat-one-web"
+    secrets: inherit