diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 3f8fc5b..165f85e 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -48,6 +48,53 @@ jobs:
         run: |
           echo "${{ env.CR_PASSWORD_ACTIVE }}" | docker login --username "${{ env.CR_USERNAME_ACTIVE }}" --password-stdin ${{ env.CR_SERVER_ACTIVE }}
 
+      - name: Ensure CR Repositories Exist
+        run: |
+          REGISTRY_NAME=$(echo "${{ env.CR_SERVER_ACTIVE }}" | sed 's/.cr.volces.com//')
+          python3 << PYEOF
+          import hashlib, hmac, json, os, sys
+          from datetime import datetime, timezone
+          from urllib.request import Request, urlopen
+          from urllib.parse import urlencode
+
+          def create_repo(ak, sk, registry, ns, name, region='cn-shanghai'):
+              service, host = 'cr', 'open.volcengineapi.com'
+              t = datetime.now(timezone.utc)
+              ds, amz = t.strftime('%Y%m%d'), t.strftime('%Y%m%dT%H%M%SZ')
+              body = json.dumps({'Registry': registry, 'Namespace': ns, 'Name': name})
+              qs = urlencode(sorted({'Action': 'CreateRepository', 'Version': '2022-05-12'}.items()))
+              ph = hashlib.sha256(body.encode()).hexdigest()
+              sh = 'content-type;host;x-content-sha256;x-date'
+              cr = 'POST\n/\n%s\ncontent-type:application/json\nhost:%s\nx-content-sha256:%s\nx-date:%s\n\n%s\n%s' % (qs, host, ph, amz, sh, ph)
+              cs = '%s/%s/%s/request' % (ds, region, service)
+              sts = 'HMAC-SHA256\n%s\n%s\n%s' % (amz, cs, hashlib.sha256(cr.encode()).hexdigest())
+              k = sk.encode()
+              for p in [ds, region, service, 'request']:
+                  k = hmac.new(k, p.encode(), hashlib.sha256).digest()
+              sig = hmac.new(k, sts.encode(), hashlib.sha256).hexdigest()
+              auth = 'HMAC-SHA256 Credential=%s/%s, SignedHeaders=%s, Signature=%s' % (ak, cs, sh, sig)
+              req = Request('https://%s?%s' % (host, qs), data=body.encode(), headers={
+                  'Content-Type': 'application/json', 'Host': host,
+                  'X-Date': amz, 'X-Content-Sha256': ph, 'Authorization': auth
+              }, method='POST')
+              try:
+                  urlopen(req)
+                  print('Created %s/%s' % (ns, name))
+              except Exception as e:
+                  err = e.read().decode() if hasattr(e, 'read') else str(e)
+                  if 'Exist' in err:
+                      print('%s/%s already exists, skip' % (ns, name))
+                  else:
+                      print('Warning: %s/%s: %s' % (ns, name, err))
+
+          ak = '${{ secrets.VOLC_ACCESS_KEY }}'
+          sk = '${{ secrets.VOLC_SECRET_KEY }}'
+          registry = '${REGISTRY_NAME}'
+          ns = '${{ env.CR_ORG }}'
+          for repo in ['lty-backend', 'lty-admin']:
+              create_repo(ak, sk, registry, ns, repo)
+          PYEOF
+
       - name: Build and Push Backend
         id: build_backend
         run: |