164 lines
8.3 KiB
YAML
164 lines
8.3 KiB
YAML
name: Deploy to Cloudflare
|
|
|
|
on:
|
|
push:
|
|
branches: ['main']
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Setup Terraform
|
|
uses: hashicorp/setup-terraform@v2.0.3
|
|
with:
|
|
terraform_version: 1.6.4
|
|
|
|
- name: Use Node.js 22.x
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 22.x
|
|
cache: 'npm'
|
|
|
|
# Automatically get an account id via the API Token
|
|
# if secrets.CLOUDFLARE_ACCOUNT_ID is not set.
|
|
- name: Fetch Account ID
|
|
id: fetch_account_id
|
|
run: |
|
|
if [[ -n "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}" ]]; then
|
|
ACCOUNT_ID="${{ secrets.CLOUDFLARE_ACCOUNT_ID }}"
|
|
echo "Using provided CLOUDFLARE_ACCOUNT_ID from secrets."
|
|
else
|
|
ACCOUNT_ID=$(curl -X GET "https://api.cloudflare.com/client/v4/accounts" -H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" -H "Content-Type:application/json" | jq ".result[0].id" -r)
|
|
if [[ "$ACCOUNT_ID" == "null" ]]; then
|
|
echo "Failed to get an account id, please make sure you have set up CLOUDFLARE_API_TOKEN correctly!"
|
|
exit 1
|
|
fi
|
|
fi
|
|
echo 'account_id='$ACCOUNT_ID >> $GITHUB_OUTPUT
|
|
|
|
env:
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
|
|
# This is a temporary workaround to fix issue #13
|
|
# On a new Cloudflare account, the terraform apply will fail with `workers.api.error.subdomain_required`
|
|
# This may be due to the account not having a worker subdomain yet, so we create a dummy worker and then delete it.
|
|
# Cloudflare should allocate a worker subdomain after this.
|
|
# https://github.com/cloudflare/terraform-provider-cloudflare/issues/3304
|
|
- name: Create worker subdomain (temporary workaround)
|
|
id: create_dummy_worker
|
|
run: |
|
|
curl --request PUT --fail-with-body \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/dummy-ib4db6ntj5csdef3 \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
--header 'Content-Type: application/javascript' \
|
|
--data 'addEventListener('\''fetch'\'', (event) => event.respondWith(new Response('\''OK'\'')))'\
|
|
|
|
curl --request DELETE --fail-with-body \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/dummy-ib4db6ntj5csdef3 \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
--header 'Content-Type: application/json'
|
|
env:
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
CLOUDFLARE_ACCOUNT_ID: ${{ steps.fetch_account_id.outputs.account_id }}
|
|
|
|
- name: Install packages
|
|
run: |
|
|
npm install
|
|
cd worker
|
|
npm install
|
|
|
|
- name: Build worker
|
|
run: |
|
|
cd worker
|
|
npx wrangler deploy src/index.ts --outdir dist --dry-run
|
|
|
|
- name: Build page
|
|
run: |
|
|
npx @cloudflare/next-on-pages
|
|
|
|
- name: Remove durable objects bindings (temporary workaround)
|
|
continue-on-error: true
|
|
# This is a workaround to fix Cloudflare provider 4.x import crash when there's a durable object binding.
|
|
run: |
|
|
# Get bindings without durable objects
|
|
NEW_BINDINGS=$(curl --request GET --fail-with-body \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/uptimeflare_worker/settings \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
--header 'Content-Type: application/json' | jq '.result.bindings | map(select(.type != "durable_object_namespace"))' -jc)
|
|
echo "New bindings: $NEW_BINDINGS"
|
|
|
|
# Remove durable objects bindings
|
|
curl --request PATCH --fail-with-body \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/uptimeflare_worker/settings \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
-F 'settings={"bindings":'$NEW_BINDINGS'}'
|
|
env:
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
CLOUDFLARE_ACCOUNT_ID: ${{ steps.fetch_account_id.outputs.account_id }}
|
|
|
|
- name: Deploy using Terraform
|
|
# As we don't save terraform state somewhere, we need to import the existing resources
|
|
run: |
|
|
terraform init
|
|
|
|
KV_ID=$(curl https://api.cloudflare.com/client/v4/accounts/$TF_VAR_CLOUDFLARE_ACCOUNT_ID/storage/kv/namespaces\?per_page\=100 --header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN | jq -r '.result[] | select(.title == "uptimeflare_kv") | .id')
|
|
if [ -n "$KV_ID" ]; then
|
|
echo "Importing existing resources..."
|
|
terraform import cloudflare_workers_kv_namespace.uptimeflare_kv "$TF_VAR_CLOUDFLARE_ACCOUNT_ID/$KV_ID"
|
|
terraform import cloudflare_worker_script.uptimeflare "$TF_VAR_CLOUDFLARE_ACCOUNT_ID/uptimeflare_worker"
|
|
terraform import cloudflare_worker_cron_trigger.uptimeflare_worker_cron "$TF_VAR_CLOUDFLARE_ACCOUNT_ID/uptimeflare_worker"
|
|
terraform import cloudflare_pages_project.uptimeflare "$TF_VAR_CLOUDFLARE_ACCOUNT_ID/uptimeflare"
|
|
else
|
|
echo "KV namespace not found, first-time setup."
|
|
fi
|
|
|
|
terraform apply -auto-approve -input=false
|
|
env:
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
TF_VAR_CLOUDFLARE_ACCOUNT_ID: ${{ steps.fetch_account_id.outputs.account_id }}
|
|
|
|
# Terraform Cloudflare provider 4.x doesn't support durable objects, provider 5.x has unresolved issues blocking the deployment. (cloudflare/terraform-provider-cloudflare#5412)
|
|
# So I have to manually add durable objects bindings here.
|
|
- name: Add durable objects bindings
|
|
run: |
|
|
# Get current bindings
|
|
CURRENT_BINDINGS=$(curl --request GET --fail-with-body \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/uptimeflare_worker/settings \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
--header 'Content-Type: application/json' | jq '.result.bindings' -jc)
|
|
CURRENT_BINDINGS="${CURRENT_BINDINGS:1:-1}"
|
|
echo "Current bindings: $CURRENT_BINDINGS"
|
|
|
|
# Try migration first (required for the new durable object class, ignore failures)
|
|
curl --request PATCH \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/uptimeflare_worker/settings \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
-F 'settings={"bindings":[{"type":"durable_object_namespace","name":"REMOTE_CHECKER_DO","class_name":"RemoteChecker"},'$CURRENT_BINDINGS'],"migrations":{"new_sqlite_classes":["RemoteChecker"],"new_tag":"v1"}}'
|
|
|
|
# Actually add the binding
|
|
curl --request PATCH --fail-with-body \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/uptimeflare_worker/settings \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
-F 'settings={"bindings":[{"type":"durable_object_namespace","name":"REMOTE_CHECKER_DO","class_name":"RemoteChecker"},'$CURRENT_BINDINGS']}'
|
|
|
|
# By the ways enable logs
|
|
curl --request PATCH \
|
|
--url https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts/uptimeflare_worker/script-settings \
|
|
--header 'Authorization: Bearer '$CLOUDFLARE_API_TOKEN \
|
|
--header 'Content-Type: application/json' \
|
|
-d '{"observability":{"enabled":true}}'
|
|
env:
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
CLOUDFLARE_ACCOUNT_ID: ${{ steps.fetch_account_id.outputs.account_id }}
|
|
|
|
# Currently Terraform Cloudflare provider doesn't support direct upload, use wrangler to upload instead.
|
|
- name: Upload pages
|
|
run: |
|
|
npx wrangler pages deploy .vercel/output/static --project-name uptimeflare
|
|
env:
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
CLOUDFLARE_ACCOUNT_ID: ${{ steps.fetch_account_id.outputs.account_id }}
|