From d5588360f97a36d91e775a3bd3281dbcb9c81f7a Mon Sep 17 00:00:00 2001 From: Conrad Kramer Date: Wed, 10 Jun 2026 04:10:12 -0700 Subject: [PATCH] Allow direct Cloudflare deploy token --- .forgejo/workflows/deploy-cloudflare.yml | 23 ++++++++++++++--------- apps/web/index.html | 12 ++++++------ 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/.forgejo/workflows/deploy-cloudflare.yml b/.forgejo/workflows/deploy-cloudflare.yml index e22f4e6..7c2b379 100644 --- a/.forgejo/workflows/deploy-cloudflare.yml +++ b/.forgejo/workflows/deploy-cloudflare.yml @@ -153,16 +153,28 @@ jobs: "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \ -d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null - - name: Configure CI Age identity + - name: Configure Cloudflare credentials env: + DIRECT_CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }} GITHUB_TOKEN: ${{ github.token }} shell: bash run: | set -euo pipefail cd .repo + if [[ -n "${DIRECT_CLOUDFLARE_API_TOKEN:-}" ]]; then + echo "::add-mask::${DIRECT_CLOUDFLARE_API_TOKEN}" + echo "CLOUDFLARE_API_TOKEN=${DIRECT_CLOUDFLARE_API_TOKEN}" >> "$GITHUB_ENV" + + curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \ + -H "content-type: application/json" \ + "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \ + -d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"direct token ok"}' >/dev/null + exit 0 + fi + if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then - echo "error: missing Actions secret AGE_FORGE_SSH_KEY" + echo "error: missing Actions secret CLOUDFLARE_API_TOKEN or AGE_FORGE_SSH_KEY" exit 2 fi install -d -m 700 "$HOME/.ssh" @@ -178,13 +190,6 @@ jobs: "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \ -d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null - - name: Decrypt CI secrets from repo - env: - GITHUB_TOKEN: ${{ github.token }} - shell: bash - run: | - set -euo pipefail - cd .repo key_file="$HOME/.ssh/age_forge_ed25519" secret_file="secrets/cloudflare-api-token.age" if [[ ! -f "$secret_file" ]]; then diff --git a/apps/web/index.html b/apps/web/index.html index bdc254f..5b8918c 100644 --- a/apps/web/index.html +++ b/apps/web/index.html @@ -125,42 +125,42 @@ "title": "KCBS Los Angeles", "relay_url": "https://relay.every.channel/anon", "broadcast_name": "la-kcbs", - "track_name": "0.m4s" + "track_name": "video0.m4s" }, { "stream_id": "la-ktla", "title": "KTLA", "relay_url": "https://relay.every.channel/anon", "broadcast_name": "la-ktla", - "track_name": "0.m4s" + "track_name": "video0.m4s" }, { "stream_id": "la-kcet", "title": "KCET", "relay_url": "https://relay.every.channel/anon", "broadcast_name": "la-kcet", - "track_name": "0.m4s" + "track_name": "video0.m4s" }, { "stream_id": "la-pbs-socal", "title": "PBS SoCal", "relay_url": "https://relay.every.channel/anon", "broadcast_name": "la-pbs-socal", - "track_name": "0.m4s" + "track_name": "video0.m4s" }, { "stream_id": "la-nbc4", "title": "NBC4 Los Angeles", "relay_url": "https://relay.every.channel/anon", "broadcast_name": "la-nbc4", - "track_name": "0.m4s" + "track_name": "video0.m4s" }, { "stream_id": "la-kcop", "title": "KCOP", "relay_url": "https://relay.every.channel/anon", "broadcast_name": "la-kcop", - "track_name": "0.m4s" + "track_name": "video0.m4s" } ] }