1.2 KiB
1.2 KiB
Cloudflare Deploy (Forgejo Actions)
This repo deploys https://every.channel via Wrangler.
The deploy workflow is intended to run on the primary Forgejo host (not Codeberg/GitHub mirrors).
Prereqs
- Forgejo Actions enabled on the repo.
- Preferred: Forgejo Actions secret
CLOUDFLARE_API_TOKENset to a scoped Cloudflare API token. - Fallback: Forgejo Actions secret
AGE_FORGE_SSH_KEYset to a dedicated CI SSH private key that can decryptsecrets/cloudflare-api-token.age.
Do not put a personal SSH or encryption key in Forgejo Actions. Use a scoped Cloudflare token or a dedicated CI identity.
CI and deploy workflows:
- PR/main checks:
.forgejo/workflows/ci-gates.yml - Deploy (main only, depends on checks):
.forgejo/workflows/deploy-cloudflare.yml
Mirror behavior:
- Workflow jobs are guarded to skip execution on
https://codeberg.org.
Manual deploy (local)
./scripts/deploy-workers.sh
Set Forgejo token secret
With Forgejo API auth configured for fj, set the direct Cloudflare token secret without storing an
SSH decrypt key in Forgejo:
CLOUDFLARE_API_TOKEN=... ./scripts/fj-set-cloudflare-token-secret.sh
The helper also accepts a token file path or token on stdin.