Deploy demo via GitHub Actions to support fork PR previews#44
Merged
Conversation
Cloudflare's native Git integration does not build preview deployments for PRs from forks, so external contributors never got a preview URL (see #43). Migrate deploys to GitHub Actions: - preview-build.yml: builds the demo on every PR with no secrets and read-only permissions, so it is safe to run on untrusted fork code, and uploads the output as an artifact. - preview-deploy.yml: runs via workflow_run from the trusted main context, publishes the artifact to Cloudflare Pages under a per-PR branch, and comments the preview URL on the PR. - deploy-production.yml: publishes hugotex.pages.dev on push to main, replacing the Cloudflare Git integration. Requires CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID secrets, and the Pages project switched to Direct Upload. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Deploying hugotex with
|
| Latest commit: |
3058ddc
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://57ae0d80.hugotex.pages.dev |
| Branch Preview URL: | https://ci-cloudflare-pages-actions.hugotex.pages.dev |
Contributor
|
Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Cloudflare Pages' native Git integration does not create preview deployments for PRs from forks (a deliberate security restriction so fork code never receives build secrets). As a result, external contributors' PRs never got a preview URL — see the discussion in #43.
What
Move deploys to GitHub Actions using the safe
pull_request+workflow_runpattern:preview-build.yml— runs on every PR (including forks) with no secrets andcontents: readonly, so it is safe to execute untrusted fork code. Builds the demo (exampleSite) with--baseURL "/"(root-relative URLs resolve under any preview domain) and uploads the output as an artifact.preview-deploy.yml— triggered byworkflow_run, so it always runs from the trustedmaincontext with access to secrets, without ever executing fork code. Downloads the artifact, deploys to Cloudflare Pages under a per-PR branch (pr-<n>), and comments the preview URL on the PR.deploy-production.yml— publisheshugotex.pages.devon push tomain, replacing the Cloudflare Git integration.Required before merge
CLOUDFLARE_API_TOKEN(Pages: Edit) andCLOUDFLARE_ACCOUNT_ID. ✅ addedAfter merge, existing fork PRs (e.g. #43) will get a preview once rebased/re-pushed onto the new
main.🤖 Generated with Claude Code