38 lines
1.2 KiB
Markdown
38 lines
1.2 KiB
Markdown
# Cloudflare Deploy (Forgejo Actions)
|
|
|
|
This repo deploys `https://every.channel` via Wrangler.
|
|
The deploy workflow is intended to run on the primary Forgejo host (not Codeberg/GitHub mirrors).
|
|
|
|
## Prereqs
|
|
|
|
- Forgejo Actions enabled on the repo.
|
|
- Preferred: Forgejo Actions secret `CLOUDFLARE_API_TOKEN` set to a scoped Cloudflare API token.
|
|
- Fallback: Forgejo Actions secret `AGE_FORGE_SSH_KEY` set to a dedicated CI SSH private key that can decrypt `secrets/cloudflare-api-token.age`.
|
|
|
|
Do not put a personal SSH or encryption key in Forgejo Actions. Use a scoped Cloudflare token or a dedicated CI identity.
|
|
|
|
CI and deploy workflows:
|
|
|
|
- PR/main checks: `.forgejo/workflows/ci-gates.yml`
|
|
- Deploy (main only, depends on checks): `.forgejo/workflows/deploy-cloudflare.yml`
|
|
|
|
Mirror behavior:
|
|
|
|
- Workflow jobs are guarded to skip execution on `https://codeberg.org`.
|
|
|
|
## Manual deploy (local)
|
|
|
|
```sh
|
|
./scripts/deploy-workers.sh
|
|
```
|
|
|
|
## Set Forgejo token secret
|
|
|
|
With Forgejo API auth configured for `fj`, set the direct Cloudflare token secret without storing an
|
|
SSH decrypt key in Forgejo:
|
|
|
|
```sh
|
|
CLOUDFLARE_API_TOKEN=... ./scripts/fj-set-cloudflare-token-secret.sh
|
|
```
|
|
|
|
The helper also accepts a token file path or token on stdin.
|