From 50397c05d834ee5bf4205836481236c2d1db6922 Mon Sep 17 00:00:00 2001
From: Sodawyx <sodawyx@126.com>
Date: Tue, 21 Apr 2026 18:02:24 +0800
Subject: [PATCH] fix(release): build Linux binaries on native runners, drop
 manylinux

manylinux_2_28 ships CPython built without --enable-shared (no
libpython3.11.so), which PyInstaller needs to embed into its bootloader
-- so the build aborted with "Python was built without a shared
library". manylinux is designed for producing wheels, not frozen apps.

Switch the linux-amd64 / linux-arm64 targets to ubuntu-22.04 /
ubuntu-22.04-arm runners and rely on actions/setup-python, which
provides a shared-libpython CPython. The glibc 2.35 floor still covers
Ubuntu 22.04+, Debian 12+, RHEL 9+, and all current modern distros.

This also makes the previous safe.directory workaround moot (no more
root-owned container vs runner-UID workspace), so the
container-specific steps are removed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Signed-off-by: Sodawyx <sodawyx@126.com>
---
 .github/workflows/release.yml | 34 +++++++---------------------------
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a97dc60..93fa605 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -71,34 +71,32 @@ jobs:
     name: Build ${{ matrix.target }}
     needs: verify-version
     runs-on: ${{ matrix.runner }}
-    container: ${{ matrix.container }}
     strategy:
       fail-fast: false
       matrix:
         include:
+          # Linux builds use ubuntu-22.04 (glibc 2.35) rather than a manylinux
+          # container: manylinux ships a static CPython without libpython*.so,
+          # which PyInstaller cannot embed. The glibc-2.35 floor still covers
+          # Ubuntu 22.04+, Debian 12+, RHEL 9+, and all current modern distros.
           - target: linux-amd64
-            runner: ubuntu-latest
-            container: quay.io/pypa/manylinux_2_28_x86_64
+            runner: ubuntu-22.04
             ext: ''
             archive: tar.gz
           - target: linux-arm64
-            runner: ubuntu-24.04-arm
-            container: quay.io/pypa/manylinux_2_28_aarch64
+            runner: ubuntu-22.04-arm
             ext: ''
             archive: tar.gz
           - target: darwin-amd64
             runner: macos-13
-            container: ''
             ext: ''
             archive: tar.gz
           - target: darwin-arm64
             runner: macos-latest
-            container: ''
             ext: ''
             archive: tar.gz
           - target: windows-amd64
             runner: windows-latest
-            container: ''
             ext: '.exe'
             archive: zip
 
@@ -108,25 +106,7 @@ jobs:
           ref: ${{ needs.verify-version.outputs.tag }}
           fetch-depth: 0  # setuptools-scm needs full history + tags
 
-      # Inside the manylinux container the workspace is owned by a different
-      # UID than root, so git refuses to read it ("dubious ownership") and
-      # setuptools-scm version resolution fails during pip install.
-      - name: Mark workspace as safe for git (container)
-        if: matrix.container != ''
-        shell: bash
-        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
-
-      # manylinux images ship multiple Pythons under /opt/python; expose one.
-      - name: Configure Python (manylinux container)
-        if: matrix.container != ''
-        shell: bash
-        run: |
-          PY=/opt/python/cp311-cp311/bin
-          echo "$PY" >> "$GITHUB_PATH"
-          "$PY/python" -m pip install --upgrade pip
-
-      - name: Setup Python (host runner)
-        if: matrix.container == ''
+      - name: Setup Python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}