Skip to content

Deploy demo via GitHub Actions to support fork PR previews#44

Merged
kaisugi merged 1 commit into
mainfrom
ci/cloudflare-pages-actions
Jun 11, 2026
Merged

Deploy demo via GitHub Actions to support fork PR previews#44
kaisugi merged 1 commit into
mainfrom
ci/cloudflare-pages-actions

Conversation

@kaisugi

@kaisugi kaisugi commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Why

Cloudflare Pages' native Git integration does not create preview deployments for PRs from forks (a deliberate security restriction so fork code never receives build secrets). As a result, external contributors' PRs never got a preview URL — see the discussion in #43.

What

Move deploys to GitHub Actions using the safe pull_request + workflow_run pattern:

  • preview-build.yml — runs on every PR (including forks) with no secrets and contents: read only, so it is safe to execute untrusted fork code. Builds the demo (exampleSite) with --baseURL "/" (root-relative URLs resolve under any preview domain) and uploads the output as an artifact.
  • preview-deploy.yml — triggered by workflow_run, so it always runs from the trusted main context with access to secrets, without ever executing fork code. Downloads the artifact, deploys to Cloudflare Pages under a per-PR branch (pr-<n>), and comments the preview URL on the PR.
  • deploy-production.yml — publishes hugotex.pages.dev on push to main, replacing the Cloudflare Git integration.

Required before merge

  1. Repo secrets: CLOUDFLARE_API_TOKEN (Pages: Edit) and CLOUDFLARE_ACCOUNT_ID. ✅ added
  2. Disconnect the Cloudflare Pages Git integration so the project becomes Direct Upload (do this right before merge to avoid a production deploy gap).

After merge, existing fork PRs (e.g. #43) will get a preview once rebased/re-pushed onto the new main.

🤖 Generated with Claude Code

Cloudflare's native Git integration does not build preview deployments
for PRs from forks, so external contributors never got a preview URL
(see #43). Migrate deploys to GitHub Actions:

- preview-build.yml: builds the demo on every PR with no secrets and
  read-only permissions, so it is safe to run on untrusted fork code,
  and uploads the output as an artifact.
- preview-deploy.yml: runs via workflow_run from the trusted main
  context, publishes the artifact to Cloudflare Pages under a per-PR
  branch, and comments the preview URL on the PR.
- deploy-production.yml: publishes hugotex.pages.dev on push to main,
  replacing the Cloudflare Git integration.

Requires CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID secrets, and
the Pages project switched to Direct Upload.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying hugotex with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3058ddc
Status: ✅  Deploy successful!
Preview URL: https://57ae0d80.hugotex.pages.dev
Branch Preview URL: https://ci-cloudflare-pages-actions.hugotex.pages.dev

View logs

@kaisugi kaisugi merged commit 0d79ad0 into main Jun 11, 2026
2 checks passed
@catap

catap commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants