Migrate docs site from Netlify to Cloudflare Workers#14025
Conversation
- Replace Netlify build script with wrangler deploy - Update preview site URL to use Workers CI branch previews - Add wrangler.jsonc configuration for static asset serving - Add .assetsignore to exclude _worker.js and _routes.json - Update .gitignore to ignore .wrangler instead of .netlify - Add wrangler as a dev dependency
- Production: wrangler deploy on push to main - PRs: wrangler versions upload with branch-name alias - Comments preview URL on PRs - Enable preview_urls in wrangler config
|
Preview deployment ✅ Deployment complete! |
❌ Deploy Preview for astro-docs-2 failed. Why did it fail? →
|
❌ Deploy Preview for astro-docs-2 failed. Why did it fail? →
|
❌ Deploy Preview for astro-docs-2 failed. Why did it fail? →
|
❌ Deploy Preview for astro-docs-2 failed. Why did it fail? →
|
astro-og-canvas caches rendered images in node_modules/.astro-og-canvas. Without caching this directory, every build regenerates thousands of OG images (~300ms each), adding ~10 minutes to the build.
…4 Worker - Remove .assetsignore (only needed for SSR sites) - Remove deploy script from package.json (CI calls wrangler directly) - Remove observability from wrangler.jsonc (static site) - Add worker.js for serving localized 404 pages - Remove commented-out 404 redirect from _redirects
|
This uses a worker to do the localized 404 pages. Examples: |
| - name: Comment deployment complete | ||
| if: github.event_name == 'pull_request' | ||
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | ||
| with: | ||
| script: | | ||
| const previewUrl = '${{ steps.preview-url.outputs.url }}'; | ||
| const body = `**Preview deployment**\n\n✅ Deployment complete!\n\n${previewUrl}`; | ||
| const { data: comments } = await github.rest.issues.listComments({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: context.issue.number, | ||
| }); | ||
| const existing = comments.find(c => c.body.includes('**Preview deployment**')); | ||
| if (existing) { | ||
| await github.rest.issues.updateComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| comment_id: existing.id, | ||
| body, | ||
| }); | ||
| } |
There was a problem hiding this comment.
This won’t work for PRs from forks will it? They aren’t allowed the issues.write permission (otherwise a fork could open a PR and delete all our issues/PRs for example).
There was a problem hiding this comment.
No, forks get downgraded permissions and don't have access to secrets. We're not using pull_request_target. Still, I added a gate so that these parts don't run on forks. The build will still run be there isn't a preview release.
There was a problem hiding this comment.
Right, but we need deploy previews and comments for forks, many of our contributors use forks and we rely on being able to easily check their changes.
There was a problem hiding this comment.
Ok, I think I have a good solution for this:
- In the pull request it doesn't do a deployment, it just builds and uploads the artifact.
- A separate workflow runs in the context of
mainand is triggered by theDeployworkflow finishing. This has access to secrets since it runs from the main repo, not the fork, it downloads the artifacts, deploys the preview, and adds the comment.
- Replace manual wrangler commands with cloudflare/wrangler-action@v3 - Add JSDoc comment to worker.js explaining localized 404 behavior - Addresses review feedback from delucis
Split preview deployment into a separate workflow_run-triggered workflow so fork PRs get deploy previews without exposing secrets. - deploy.yml: builds for all PRs, uploads build output + PR metadata as artifacts, only uses secrets for production deploys on main - deploy-preview.yml: triggered by workflow_run, downloads artifacts, deploys preview to Cloudflare, and comments on the PR with write permissions from the base repo context Fork code never executes with access to secrets. The workflow_run job only deploys pre-built static artifacts. Also pins cloudflare/wrangler-action to exact commit SHA.
delucis
left a comment
delucis
left a comment
There was a problem hiding this comment.
This seems like a smart way to do it!
Do you think we could test the workflow somehow before merging? Or are we at the mercy of merging to main to figure out if it works? The code looks fine to me though.
Left some feedback, but getting the comment template tuned just as we want it doesn’t have to be blocking, I don’t think.
I’d encourage @withastro/maintainers-docs to take a look too as they might be even more directly impacted than me.
- Add comment explaining ALIAS subdomain sanitization - Add concurrency control to prevent race conditions between preview runs - Check comment author (github-actions[bot]) before updating PR comments - Include commit SHA, preview URL, and workflow run link in all PR comments
ArmandPhilippot
left a comment
ArmandPhilippot
left a comment
There was a problem hiding this comment.
Well, I come after the battle... this seems good to me! Great job to both of you! 🙌🏽
I left a question on the deploy workflow. IIUC, I think we need to add v7 there (and remove that once released).
Trigger the deploy workflow on pushes to version branches and allow deploys from those refs. Each version branch will need its own wrangler.jsonc with a unique Worker name (cherry-picked after merge).
3 participants
Migrates the Astro docs site from Netlify to Cloudflare Workers.
Changes
wrangler deploywrangler.jsoncconfiguration for static asset serving.assetsignoreto exclude_worker.jsand_routes.jsonfrom assets.gitignoreto ignore.wranglerinstead of.netlifywrangleras a dev dependencyworkerdbuild script inpnpm-workspace.yaml