diff --git a/apps/api/src/api/v1/gitea_webhook.py b/apps/api/src/api/v1/gitea_webhook.py
index 39892647..bc0fff9d 100644
--- a/apps/api/src/api/v1/gitea_webhook.py
+++ b/apps/api/src/api/v1/gitea_webhook.py
@@ -169,10 +169,12 @@ async def verify_gitea_signature(
         logger.warning("gitea_signature_missing")
         raise GiteaSignatureError("Missing X-Gitea-Signature header")
 
-    if not x_gitea_signature.startswith("sha256="):
-        raise GiteaSignatureError("Invalid signature format (expected sha256=...)")
-
-    provided_signature = x_gitea_signature[7:]  # 移除 "sha256=" 前綴
+    # Gitea 送出純 hex（無 "sha256=" 前綴），GitHub 才有前綴
+    # 2026-04-05 ogt: 修正 Gitea 實際格式為純 hex
+    if x_gitea_signature.startswith("sha256="):
+        provided_signature = x_gitea_signature[7:]
+    else:
+        provided_signature = x_gitea_signature
 
     body = await request.body()