Allow direct Cloudflare deploy token
Some checks failed
deploy-cloudflare / checks (push) Successful in 1m48s
deploy-cloudflare/breadcrumb bootstrap ok
deploy-cloudflare / deploy (push) Failing after 23s
ci-gates / checks (push) Successful in 6m22s

This commit is contained in:
Conrad Kramer 2026-06-10 04:10:12 -07:00
parent d94a48594e
commit d5588360f9
No known key found for this signature in database
2 changed files with 20 additions and 15 deletions

View file

@ -153,16 +153,28 @@ jobs:
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null
- name: Configure CI Age identity
- name: Configure Cloudflare credentials
env:
DIRECT_CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }}
GITHUB_TOKEN: ${{ github.token }}
shell: bash
run: |
set -euo pipefail
cd .repo
if [[ -n "${DIRECT_CLOUDFLARE_API_TOKEN:-}" ]]; then
echo "::add-mask::${DIRECT_CLOUDFLARE_API_TOKEN}"
echo "CLOUDFLARE_API_TOKEN=${DIRECT_CLOUDFLARE_API_TOKEN}" >> "$GITHUB_ENV"
curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \
-H "content-type: application/json" \
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"direct token ok"}' >/dev/null
exit 0
fi
if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then
echo "error: missing Actions secret AGE_FORGE_SSH_KEY"
echo "error: missing Actions secret CLOUDFLARE_API_TOKEN or AGE_FORGE_SSH_KEY"
exit 2
fi
install -d -m 700 "$HOME/.ssh"
@ -178,13 +190,6 @@ jobs:
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null
- name: Decrypt CI secrets from repo
env:
GITHUB_TOKEN: ${{ github.token }}
shell: bash
run: |
set -euo pipefail
cd .repo
key_file="$HOME/.ssh/age_forge_ed25519"
secret_file="secrets/cloudflare-api-token.age"
if [[ ! -f "$secret_file" ]]; then