@deftai/directive-content 0.55.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/deft/SKILL.md +6 -0
- package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
- package/.agents/skills/deft-directive-build/SKILL.md +10 -0
- package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
- package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
- package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
- package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
- package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
- package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
- package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
- package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
- package/.agents/skills/deft-directive-release/SKILL.md +12 -0
- package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
- package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
- package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
- package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
- package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
- package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
- package/LICENSE.md +22 -0
- package/QUICK-START.md +167 -0
- package/UPGRADING.md +517 -0
- package/coding/build-output.md +28 -0
- package/coding/coding.md +235 -0
- package/coding/debugging.md +110 -0
- package/coding/holzmann.md +96 -0
- package/coding/hygiene.md +127 -0
- package/coding/security.md +158 -0
- package/coding/testing.md +162 -0
- package/coding/toolchain.md +44 -0
- package/commands.md +300 -0
- package/context/context.md +57 -0
- package/context/deterministic-split.md +67 -0
- package/context/examples.md +26 -0
- package/context/fractal-summaries.md +69 -0
- package/context/long-horizon.md +46 -0
- package/context/spec-deltas.md +177 -0
- package/context/tool-design.md +34 -0
- package/context/working-memory.md +62 -0
- package/contracts/boundary-maps.md +65 -0
- package/contracts/deterministic-questions.md +59 -0
- package/contracts/hierarchy.md +77 -0
- package/conventions/content-manifest.json +399 -0
- package/conventions/machine-generated-banner.md +130 -0
- package/conventions/references.md +120 -0
- package/conventions/rule-ownership.json +382 -0
- package/conventions/task-caching.md +43 -0
- package/conventions/vbrief-filenames.md +70 -0
- package/deployments/README.md +37 -0
- package/deployments/agentuity/README.md +138 -0
- package/deployments/agentuity/via-cli.md +380 -0
- package/deployments/agentuity/via-cloud.md +425 -0
- package/deployments/agentuity/via-github-actions.md +664 -0
- package/deployments/agentuity/via-gravity-network.md +606 -0
- package/deployments/agentuity/via-vpc.md +607 -0
- package/deployments/aws/README.md +38 -0
- package/deployments/aws/via-app-runner.md +612 -0
- package/deployments/aws/via-ecs-fargate.md +561 -0
- package/deployments/aws/via-elastic-beanstalk.md +628 -0
- package/deployments/aws/via-lambda.md +649 -0
- package/deployments/azure/README.md +37 -0
- package/deployments/azure/via-aks.md +390 -0
- package/deployments/azure/via-app-service.md +564 -0
- package/deployments/azure/via-container-apps.md +599 -0
- package/deployments/azure/via-functions.md +552 -0
- package/deployments/cloud-gov/README.md +63 -0
- package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
- package/deployments/cloud-gov/agents.md +39 -0
- package/deployments/cloud-gov/cicd.md +64 -0
- package/deployments/cloud-gov/deployment.md +150 -0
- package/deployments/cloud-gov/logging.md +43 -0
- package/deployments/cloud-gov/manifest.md +121 -0
- package/deployments/cloud-gov/overview.md +58 -0
- package/deployments/cloud-gov/security.md +46 -0
- package/deployments/cloud-gov/services.md +72 -0
- package/deployments/cloud-gov/upstream/README.md +18 -0
- package/deployments/cloudflare/README.md +33 -0
- package/deployments/cloudflare/via-dashboard.md +83 -0
- package/deployments/cloudflare/via-git.md +90 -0
- package/deployments/cloudflare/via-github-actions.md +185 -0
- package/deployments/cloudflare/via-terraform.md +157 -0
- package/deployments/cloudflare/via-wrangler.md +165 -0
- package/deployments/fly-io/README.md +37 -0
- package/deployments/fly-io/via-dockerfile.md +648 -0
- package/deployments/fly-io/via-flyctl.md +653 -0
- package/deployments/fly-io/via-github-actions.md +695 -0
- package/deployments/fly-io/via-multi-region.md +598 -0
- package/deployments/google/README.md +34 -0
- package/deployments/google/via-app-engine.md +42 -0
- package/deployments/google/via-cloud-functions.md +23 -0
- package/deployments/google/via-cloud-run.md +330 -0
- package/deployments/google/via-gke.md +23 -0
- package/deployments/netlify/README.md +99 -0
- package/deployments/netlify/via-cli.md +17 -0
- package/deployments/netlify/via-functions.md +19 -0
- package/deployments/netlify/via-git.md +25 -0
- package/deployments/vercel/README.md +90 -0
- package/deployments/vercel/via-api.md +16 -0
- package/deployments/vercel/via-cli.md +17 -0
- package/deployments/vercel/via-git.md +24 -0
- package/docs/BROWNFIELD.md +179 -0
- package/docs/getting-started.md +137 -0
- package/docs/good-agents-md.md +137 -0
- package/events/README.md +89 -0
- package/events/event-record.schema.json +26 -0
- package/events/registry.json +166 -0
- package/events/registry.schema.json +71 -0
- package/glossary.md +145 -0
- package/incidents/README.md +81 -0
- package/incidents/_template.md +38 -0
- package/interfaces/cli.md +104 -0
- package/interfaces/rest.md +212 -0
- package/interfaces/tui.md +242 -0
- package/interfaces/web.md +123 -0
- package/languages/6502-DASM.md +132 -0
- package/languages/c.md +235 -0
- package/languages/commands.md +23 -0
- package/languages/cpp.md +132 -0
- package/languages/csharp.md +259 -0
- package/languages/dart.md +183 -0
- package/languages/delphi.md +218 -0
- package/languages/elixir.md +208 -0
- package/languages/go.md +78 -0
- package/languages/java.md +278 -0
- package/languages/javascript.md +163 -0
- package/languages/julia.md +175 -0
- package/languages/kotlin.md +193 -0
- package/languages/markdown.md +168 -0
- package/languages/mermaid.md +146 -0
- package/languages/officejs.md +392 -0
- package/languages/python.md +209 -0
- package/languages/r.md +163 -0
- package/languages/rust.md +216 -0
- package/languages/sql.md +216 -0
- package/languages/swift.md +153 -0
- package/languages/typescript.md +132 -0
- package/languages/vba.md +279 -0
- package/languages/vhdl.md +180 -0
- package/languages/visual-basic.md +151 -0
- package/languages/zig.md +196 -0
- package/meta/SOUL.md +27 -0
- package/meta/code-field.md +44 -0
- package/meta/morals.md +40 -0
- package/meta/philosophy.md +39 -0
- package/meta/project.md +49 -0
- package/meta/ralph.md +223 -0
- package/meta/security.md +80 -0
- package/meta/versioning.md +326 -0
- package/package.json +22 -0
- package/packs/lessons/lessons-pack-0.1.json +553 -0
- package/packs/patterns/patterns-pack-0.1.json +57 -0
- package/packs/rules/rules-pack-0.1.json +4767 -0
- package/packs/skills/skills-pack-0.1.json +262 -0
- package/packs/strategies/strategies-pack-0.1.json +167 -0
- package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
- package/patterns/executor-layer-credentials.md +227 -0
- package/patterns/llm-app.md +156 -0
- package/patterns/multi-agent.md +278 -0
- package/patterns/prompt-assembly-layer-ordering.md +154 -0
- package/patterns/role-as-overlay.md +179 -0
- package/platforms/2600.md +137 -0
- package/platforms/unity.md +329 -0
- package/references/composer-skill-porting.md +152 -0
- package/references/cost-models.md +163 -0
- package/references/ip-risk.md +246 -0
- package/references/plain-english-ux.md +275 -0
- package/resilience/context-pruning.md +67 -0
- package/resilience/continue-here.md +62 -0
- package/scm/changelog.md +276 -0
- package/scm/git.md +139 -0
- package/scm/github.md +265 -0
- package/secrets/.gitkeep +0 -0
- package/skills/deft-build/SKILL.md +20 -0
- package/skills/deft-directive-article-review/SKILL.md +156 -0
- package/skills/deft-directive-build/SKILL.md +302 -0
- package/skills/deft-directive-cost/SKILL.md +201 -0
- package/skills/deft-directive-debug/SKILL.md +140 -0
- package/skills/deft-directive-decompose/SKILL.md +96 -0
- package/skills/deft-directive-gh-arch/SKILL.md +160 -0
- package/skills/deft-directive-gh-slice/SKILL.md +199 -0
- package/skills/deft-directive-glossary/SKILL.md +118 -0
- package/skills/deft-directive-interview/SKILL.md +528 -0
- package/skills/deft-directive-pre-pr/SKILL.md +131 -0
- package/skills/deft-directive-probe/SKILL.md +127 -0
- package/skills/deft-directive-refinement/SKILL.md +403 -0
- package/skills/deft-directive-release/SKILL.md +266 -0
- package/skills/deft-directive-review-cycle/SKILL.md +401 -0
- package/skills/deft-directive-setup/SKILL.md +717 -0
- package/skills/deft-directive-swarm/SKILL.md +989 -0
- package/skills/deft-directive-sync/SKILL.md +288 -0
- package/skills/deft-directive-triage/SKILL.md +137 -0
- package/skills/deft-directive-write-skill/SKILL.md +169 -0
- package/skills/deft-interview/SKILL.md +16 -0
- package/skills/deft-pre-pr/SKILL.md +16 -0
- package/skills/deft-review-cycle/SKILL.md +16 -0
- package/skills/deft-roadmap-refresh/SKILL.md +16 -0
- package/skills/deft-setup/SKILL.md +20 -0
- package/skills/deft-swarm/SKILL.md +16 -0
- package/skills/deft-sync/SKILL.md +16 -0
- package/strategies/README.md +83 -0
- package/strategies/artifact-guards.md +85 -0
- package/strategies/bdd.md +115 -0
- package/strategies/brownfield.md +7 -0
- package/strategies/discuss.md +129 -0
- package/strategies/emit-hints.md +69 -0
- package/strategies/enterprise.md +193 -0
- package/strategies/interview.md +551 -0
- package/strategies/map.md +179 -0
- package/strategies/probe.md +151 -0
- package/strategies/rapid.md +155 -0
- package/strategies/research.md +155 -0
- package/strategies/roadmap.md +9 -0
- package/strategies/speckit.md +437 -0
- package/strategies/v0-20-contract.md +134 -0
- package/strategies/yolo.md +169 -0
- package/swarm/swarm.md +300 -0
- package/templates/COST-ESTIMATE.md +114 -0
- package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
- package/templates/agent-prompt-preamble.md +409 -0
- package/templates/agents-entry.md +211 -0
- package/templates/agents-entry.placeholders.md +75 -0
- package/templates/embed.go +20 -0
- package/templates/embed_test.go +36 -0
- package/templates/make-spec-example.md +9 -0
- package/templates/make-spec.md +246 -0
- package/templates/project.md.template +52 -0
- package/templates/specification.md +1 -0
- package/templates/swarm-greptile-poller-prompt.md +556 -0
- package/templates/user.md.template +31 -0
- package/tools/RWLDL.md +80 -0
- package/tools/greptile.md +141 -0
- package/tools/installer.md +23 -0
- package/tools/taskfile-migration.md +32 -0
- package/tools/taskfile.md +185 -0
- package/tools/telemetry.md +285 -0
- package/vbrief/schemas/cache-meta.schema.json +137 -0
- package/vbrief/schemas/candidates.schema.json +130 -0
- package/vbrief/schemas/codebase-map.schema.json +213 -0
- package/vbrief/schemas/lessons-pack.schema.json +134 -0
- package/vbrief/schemas/patterns-pack.schema.json +84 -0
- package/vbrief/schemas/rules-pack.schema.json +105 -0
- package/vbrief/schemas/skills-pack.schema.json +94 -0
- package/vbrief/schemas/slices.schema.json +87 -0
- package/vbrief/schemas/strategies-pack.schema.json +89 -0
- package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
- package/vbrief/schemas/vbrief-core.schema.json +1022 -0
- package/vbrief/vbrief.md +684 -0
- package/verification/integration.md +76 -0
- package/verification/plan-checking.md +85 -0
- package/verification/uat.md +60 -0
- package/verification/verification.md +117 -0
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
---
|
|
2
|
+
applyTo: "**/*.py,**/*.js,**/*.ts,**/*.rb,**/*.java,**/*.go,**/manifest*.yml"
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Cloud.gov Services Instructions (Deft)
|
|
6
|
+
|
|
7
|
+
Guidance for provisioning and using cloud.gov managed services.
|
|
8
|
+
|
|
9
|
+
## Core Rules
|
|
10
|
+
|
|
11
|
+
- ! Never hardcode credentials
|
|
12
|
+
- ! Read credentials from `VCAP_SERVICES`
|
|
13
|
+
- ~ Prefer bound services over service keys
|
|
14
|
+
- ~ Document services in `manifest.yml`
|
|
15
|
+
|
|
16
|
+
## Service Lifecycle
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
cf marketplace
|
|
20
|
+
cf create-service <SERVICE> <PLAN> <INSTANCE_NAME>
|
|
21
|
+
cf bind-service <APP_NAME> <INSTANCE_NAME>
|
|
22
|
+
cf restage <APP_NAME>
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
## VCAP_SERVICES (Python example)
|
|
26
|
+
|
|
27
|
+
```python
|
|
28
|
+
import json, os
|
|
29
|
+
|
|
30
|
+
vcap_services = json.loads(os.environ.get("VCAP_SERVICES", "{}"))
|
|
31
|
+
db_credentials = vcap_services.get("aws-rds", [{}])[0].get("credentials", {})
|
|
32
|
+
|
|
33
|
+
DATABASE_URL = db_credentials.get("uri")
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Relational Databases (RDS)
|
|
37
|
+
|
|
38
|
+
- ~ Use redundant plans for production
|
|
39
|
+
- ~ Rotate credentials regularly
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
cf create-service aws-rds micro-psql my-database
|
|
43
|
+
cf create-service aws-rds small-psql-redundant my-database
|
|
44
|
+
cf update-service my-database -c '{"rotate_credentials": true}'
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
## S3 Storage
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
cf create-service s3 basic my-s3-bucket
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
## Redis
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
cf create-service aws-elasticache-redis redis-dev my-redis
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
## Service Keys
|
|
60
|
+
|
|
61
|
+
- ~ Use only when necessary (CI/CD, external access)
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
cf create-service-key my-s3-bucket external-access
|
|
65
|
+
cf service-key my-s3-bucket external-access
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
## References
|
|
69
|
+
|
|
70
|
+
- https://docs.cloud.gov/platform/deployment/managed-services/
|
|
71
|
+
- https://docs.cloud.gov/platform/services/relational-database/
|
|
72
|
+
- https://docs.cloud.gov/platform/services/s3/
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Upstream Snapshot (cloud-gov-instructions)
|
|
2
|
+
|
|
3
|
+
This directory stores the pinned upstream release used for translation.
|
|
4
|
+
|
|
5
|
+
## Current Pin
|
|
6
|
+
|
|
7
|
+
- Repository: `adhocteam/cloud-gov-instructions`
|
|
8
|
+
- Version: `v1.1.0`
|
|
9
|
+
|
|
10
|
+
## Sync
|
|
11
|
+
|
|
12
|
+
Use:
|
|
13
|
+
|
|
14
|
+
```
|
|
15
|
+
task cloudgov:sync
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
This downloads the release tarball and extracts it here for reference.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# Cloudflare Deployment Module
|
|
2
|
+
|
|
3
|
+
Deft guidance for deploying to Cloudflare Pages and Workers.
|
|
4
|
+
|
|
5
|
+
## Status
|
|
6
|
+
|
|
7
|
+
- ! Optional module
|
|
8
|
+
- ~ Good for Deft usage
|
|
9
|
+
|
|
10
|
+
## Deployment Methods
|
|
11
|
+
|
|
12
|
+
| File | Method | Best For |
|
|
13
|
+
|------|--------|----------|
|
|
14
|
+
| `via-git.md` | Git Integration (GitHub/GitLab) | Teams wanting automated deploy-on-push |
|
|
15
|
+
| `via-wrangler.md` | Wrangler CLI | Local deploys, CI pipelines, Workers |
|
|
16
|
+
| `via-dashboard.md` | Dashboard Direct Upload | Quick one-off deploys, non-developers |
|
|
17
|
+
| `via-github-actions.md` | GitHub Actions CI/CD | Automated pipelines with custom build steps |
|
|
18
|
+
| `via-terraform.md` | Terraform IaC | Infrastructure-as-code, multi-resource management |
|
|
19
|
+
|
|
20
|
+
## Important Note
|
|
21
|
+
|
|
22
|
+
Cloudflare deprecated Pages as a standalone product in April 2025, pushing toward
|
|
23
|
+
a unified Workers platform. The `wrangler deploy` and Workers-based workflows are
|
|
24
|
+
the recommended path forward. Git integration and direct upload still work but
|
|
25
|
+
now operate under the Workers & Pages umbrella in the dashboard.
|
|
26
|
+
|
|
27
|
+
## Quick Decision Guide
|
|
28
|
+
|
|
29
|
+
- **Simplest path**: `via-git.md` — connect repo, push, done
|
|
30
|
+
- **Most control**: `via-wrangler.md` — CLI deploys with full config
|
|
31
|
+
- **CI/CD pipelines**: `via-github-actions.md` — automated with `wrangler-action`
|
|
32
|
+
- **IaC teams**: `via-terraform.md` — manage Cloudflare alongside other infra
|
|
33
|
+
- **One-off / non-dev**: `via-dashboard.md` — drag and drop in browser
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
# Deploy to Cloudflare via Dashboard Direct Upload
|
|
2
|
+
|
|
3
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
4
|
+
|
|
5
|
+
**⚠️ See also**: [README.md](./README.md) | [via-git.md](./via-git.md) | [via-wrangler.md](./via-wrangler.md)
|
|
6
|
+
|
|
7
|
+
## Overview
|
|
8
|
+
|
|
9
|
+
Upload pre-built static assets directly to Cloudflare Pages through the web
|
|
10
|
+
dashboard using drag-and-drop. No CLI, Git, or build pipeline required.
|
|
11
|
+
|
|
12
|
+
**Best for**: Quick one-off deploys, non-developers, prototypes, or teams without CI/CD.
|
|
13
|
+
|
|
14
|
+
## Prerequisites
|
|
15
|
+
|
|
16
|
+
- Cloudflare account
|
|
17
|
+
- Pre-built static site files (HTML, CSS, JS, images) ready on local disk
|
|
18
|
+
|
|
19
|
+
## Setup
|
|
20
|
+
|
|
21
|
+
### First Deployment
|
|
22
|
+
|
|
23
|
+
1. Go to the Cloudflare dashboard → **Workers & Pages**
|
|
24
|
+
2. Select **Create application** → **Pages** tab → **Upload assets**
|
|
25
|
+
3. Enter a **Project name** (becomes `<name>.pages.dev`)
|
|
26
|
+
4. Drag and drop your build output directory into the upload frame
|
|
27
|
+
5. Select **Save and Deploy**
|
|
28
|
+
|
|
29
|
+
### Subsequent Deployments
|
|
30
|
+
|
|
31
|
+
1. Go to your Pages project in the dashboard
|
|
32
|
+
2. Select **Create a new deployment**
|
|
33
|
+
3. Choose **Production** or **Preview** environment
|
|
34
|
+
4. If preview, specify a branch name (for the preview URL alias)
|
|
35
|
+
5. Drag and drop the updated build directory
|
|
36
|
+
6. Select **Save and Deploy**
|
|
37
|
+
|
|
38
|
+
## Standards
|
|
39
|
+
|
|
40
|
+
### Project Structure
|
|
41
|
+
- ! Include a top-level `index.html` in the uploaded directory
|
|
42
|
+
- ! Ensure all asset paths are relative (not absolute filesystem paths)
|
|
43
|
+
- ~ Include `_redirects` and/or `_headers` files for routing and header configuration
|
|
44
|
+
- ~ Verify the build output locally before uploading
|
|
45
|
+
|
|
46
|
+
### Deployment
|
|
47
|
+
- ! Understand that each deployment replaces the entire site — there is no partial/incremental upload
|
|
48
|
+
- ! Verify the deployment at `<project>.pages.dev` after upload
|
|
49
|
+
- ~ Use preview deployments for testing before deploying to production
|
|
50
|
+
- ? Use the Wrangler CLI for repeated deployments (more efficient than dashboard)
|
|
51
|
+
|
|
52
|
+
### Custom Domains
|
|
53
|
+
- ! Configure custom domains via project **Custom Domains** settings after the first deploy
|
|
54
|
+
- ~ Use Cloudflare DNS for automatic CNAME configuration
|
|
55
|
+
|
|
56
|
+
### Limits
|
|
57
|
+
- ! Be aware that individual file upload size is limited (25 MB per file on free plan)
|
|
58
|
+
- ! Stay within the 500 deploys/month limit on the free plan
|
|
59
|
+
- ~ Check for red warning icons next to files that failed to upload due to size limits
|
|
60
|
+
|
|
61
|
+
## 🔧 Patterns
|
|
62
|
+
|
|
63
|
+
**Simple static site**:
|
|
64
|
+
- Build locally → drag the `dist/` or `build/` folder → deploy
|
|
65
|
+
|
|
66
|
+
**Preview before production**:
|
|
67
|
+
- Create new deployment → select **Preview** → upload → verify at preview URL → redeploy to Production
|
|
68
|
+
|
|
69
|
+
## Anti-Patterns
|
|
70
|
+
|
|
71
|
+
- ⊗ Upload source code (e.g. `node_modules/`, `.git/`) — upload only the build output directory
|
|
72
|
+
- ⊗ Expect to switch a Direct Upload project to Git integration later (not supported — must create a new project)
|
|
73
|
+
- ⊗ Use dashboard uploads as a primary production workflow for active projects
|
|
74
|
+
- ≉ Rely on drag-and-drop for team workflows — use Git integration or Wrangler for repeatability
|
|
75
|
+
- ≉ Upload without building first — the dashboard does not run build commands
|
|
76
|
+
- ≉ Re-upload individual files to "patch" a deployment — each deployment is a complete replacement
|
|
77
|
+
|
|
78
|
+
## Compliance Checklist
|
|
79
|
+
|
|
80
|
+
- ! Build output verified locally before upload
|
|
81
|
+
- ! `index.html` present at top level
|
|
82
|
+
- ! No secrets, source code, or `node_modules` in the uploaded directory
|
|
83
|
+
- ~ Custom domain configured after first successful deploy
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
# Deploy to Cloudflare via Git Integration
|
|
2
|
+
|
|
3
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
4
|
+
|
|
5
|
+
**⚠️ See also**: [README.md](./README.md) | [via-wrangler.md](./via-wrangler.md) | [via-github-actions.md](./via-github-actions.md)
|
|
6
|
+
|
|
7
|
+
## Overview
|
|
8
|
+
|
|
9
|
+
Connect a GitHub or GitLab repository to Cloudflare Pages. Every push to the
|
|
10
|
+
configured branch triggers an automatic build and deploy on Cloudflare's edge
|
|
11
|
+
network. Preview deployments are created for pull requests.
|
|
12
|
+
|
|
13
|
+
**Best for**: Teams that want zero-config continuous deployment with preview URLs on every PR.
|
|
14
|
+
|
|
15
|
+
## Prerequisites
|
|
16
|
+
|
|
17
|
+
- Cloudflare account
|
|
18
|
+
- GitHub or GitLab repository with your project
|
|
19
|
+
- Build command and output directory known (e.g. `npm run build` → `dist/`)
|
|
20
|
+
|
|
21
|
+
## Setup
|
|
22
|
+
|
|
23
|
+
1. In the Cloudflare dashboard, go to **Workers & Pages**
|
|
24
|
+
2. Select **Create application** → **Pages** tab → **Import an existing Git repository**
|
|
25
|
+
3. Authorize GitHub/GitLab and select the repository
|
|
26
|
+
4. Configure the build settings:
|
|
27
|
+
- **Project name**: defaults to repo name (becomes `<name>.pages.dev`)
|
|
28
|
+
- **Production branch**: typically `main`
|
|
29
|
+
- **Build command**: e.g. `npm run build` (use `exit 0` for pre-built static HTML)
|
|
30
|
+
- **Build output directory**: e.g. `dist/`, `build/`, `public/`
|
|
31
|
+
5. Select **Save and Deploy**
|
|
32
|
+
|
|
33
|
+
## Standards
|
|
34
|
+
|
|
35
|
+
### Configuration
|
|
36
|
+
- ! Set the production branch to match your team's trunk branch (`main`, `master`, etc.)
|
|
37
|
+
- ! Configure the correct build output directory for your framework
|
|
38
|
+
- ~ Use `exit 0` as the build command if deploying pre-built static assets
|
|
39
|
+
- ~ Pin the Node.js version via environment variable `NODE_VERSION` if builds require it
|
|
40
|
+
|
|
41
|
+
### Preview Deployments
|
|
42
|
+
- ! Understand that preview URLs (`<hash>.<project>.pages.dev`) are public by default
|
|
43
|
+
- ~ Enable Cloudflare Access on preview deployments for private projects
|
|
44
|
+
- ~ Use branch deployment controls to exclude noisy branches (e.g. `dependabot/*`)
|
|
45
|
+
- ? Limit preview branches to specific patterns (e.g. `feature/*`, `staging`)
|
|
46
|
+
|
|
47
|
+
### Custom Domains
|
|
48
|
+
- ! Add custom domains via the Pages project **Custom Domains** settings
|
|
49
|
+
- ! Use a CNAME record pointing to `<project>.pages.dev` for external DNS
|
|
50
|
+
- ~ Let Cloudflare auto-configure DNS if the domain is already on Cloudflare
|
|
51
|
+
|
|
52
|
+
### Environment Variables & Secrets
|
|
53
|
+
- ! Set sensitive values (API keys, tokens) as encrypted environment variables in the dashboard
|
|
54
|
+
- ! Configure separate values for Production and Preview environments
|
|
55
|
+
- ⊗ Commit secrets to the repository
|
|
56
|
+
|
|
57
|
+
### Build Settings
|
|
58
|
+
- ~ Use framework presets when available (React, Vue, Hugo, Next.js, etc.)
|
|
59
|
+
- ~ Set `NODE_VERSION` and `NPM_VERSION` environment variables for reproducible builds
|
|
60
|
+
- ? Add a `_redirects` or `_headers` file in the output directory for routing/header rules
|
|
61
|
+
|
|
62
|
+
## 🔧 Patterns
|
|
63
|
+
|
|
64
|
+
**Static HTML (no build)**:
|
|
65
|
+
- Build command: `exit 0`
|
|
66
|
+
- Output directory: `/` (or whichever folder contains `index.html`)
|
|
67
|
+
|
|
68
|
+
**Monorepo with subdirectory**:
|
|
69
|
+
- Set **Root directory** in build settings to the subdirectory path
|
|
70
|
+
- Build command and output are relative to that root
|
|
71
|
+
|
|
72
|
+
**Branch-based environments**:
|
|
73
|
+
- Production branch → `<project>.pages.dev` + custom domains
|
|
74
|
+
- All other branches → `<branch>.<project>.pages.dev` preview URLs
|
|
75
|
+
|
|
76
|
+
## Anti-Patterns
|
|
77
|
+
|
|
78
|
+
- ⊗ Switch a Direct Upload project to Git integration (not supported — must create a new project)
|
|
79
|
+
- ⊗ Leave preview deployments public for projects containing sensitive content
|
|
80
|
+
- ⊗ Use different build tooling locally vs. in Cloudflare's build environment without pinning versions
|
|
81
|
+
- ≉ Store environment-specific config in the repo — use Cloudflare's environment variable settings
|
|
82
|
+
- ≉ Rely on Cloudflare's build cache for reproducibility — pin all dependency versions explicitly
|
|
83
|
+
|
|
84
|
+
## Compliance Checklist
|
|
85
|
+
|
|
86
|
+
- ! Build output directory correctly configured
|
|
87
|
+
- ! Production branch matches team convention
|
|
88
|
+
- ! Secrets stored as encrypted environment variables (not in repo)
|
|
89
|
+
- ! Preview access controls reviewed
|
|
90
|
+
- ~ `_redirects` / `_headers` files present for SPA routing
|
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
# Deploy to Cloudflare via GitHub Actions
|
|
2
|
+
|
|
3
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
4
|
+
|
|
5
|
+
**⚠️ See also**: [README.md](./README.md) | [via-wrangler.md](./via-wrangler.md) | [via-git.md](./via-git.md)
|
|
6
|
+
|
|
7
|
+
## Overview
|
|
8
|
+
|
|
9
|
+
Use the official `cloudflare/wrangler-action` GitHub Action to deploy Workers
|
|
10
|
+
and Pages projects as part of a GitHub Actions CI/CD pipeline. This gives you
|
|
11
|
+
full control over the build process while automating deployments on push/merge.
|
|
12
|
+
|
|
13
|
+
**Best for**: Teams that need custom build steps, test gates, or multi-step pipelines before deploying.
|
|
14
|
+
|
|
15
|
+
## Prerequisites
|
|
16
|
+
|
|
17
|
+
- Cloudflare account with API token
|
|
18
|
+
- GitHub repository
|
|
19
|
+
- `wrangler.toml` or `wrangler.jsonc` in the project (for Workers)
|
|
20
|
+
|
|
21
|
+
## Secrets Setup
|
|
22
|
+
|
|
23
|
+
In GitHub: **Settings → Secrets and variables → Actions**, add:
|
|
24
|
+
|
|
25
|
+
- `CLOUDFLARE_API_TOKEN` — API token with Workers/Pages edit permissions
|
|
26
|
+
- `CLOUDFLARE_ACCOUNT_ID` — your Cloudflare account ID
|
|
27
|
+
|
|
28
|
+
## Workflow Examples
|
|
29
|
+
|
|
30
|
+
### Workers Deploy on Push to Main
|
|
31
|
+
|
|
32
|
+
```yaml
|
|
33
|
+
name: Deploy Worker
|
|
34
|
+
on:
|
|
35
|
+
push:
|
|
36
|
+
branches: [main]
|
|
37
|
+
|
|
38
|
+
jobs:
|
|
39
|
+
deploy:
|
|
40
|
+
runs-on: ubuntu-latest
|
|
41
|
+
steps:
|
|
42
|
+
- uses: actions/checkout@v4
|
|
43
|
+
- name: Deploy
|
|
44
|
+
uses: cloudflare/wrangler-action@v3
|
|
45
|
+
with:
|
|
46
|
+
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
47
|
+
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
### Pages Deploy with Build Step
|
|
51
|
+
|
|
52
|
+
```yaml
|
|
53
|
+
name: Deploy Pages
|
|
54
|
+
on:
|
|
55
|
+
push:
|
|
56
|
+
branches: [main]
|
|
57
|
+
|
|
58
|
+
jobs:
|
|
59
|
+
deploy:
|
|
60
|
+
runs-on: ubuntu-latest
|
|
61
|
+
steps:
|
|
62
|
+
- uses: actions/checkout@v4
|
|
63
|
+
- uses: actions/setup-node@v4
|
|
64
|
+
with:
|
|
65
|
+
node-version: '20'
|
|
66
|
+
- run: npm ci
|
|
67
|
+
- run: npm run build
|
|
68
|
+
- name: Deploy to Pages
|
|
69
|
+
id: deploy
|
|
70
|
+
uses: cloudflare/wrangler-action@v3
|
|
71
|
+
with:
|
|
72
|
+
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
73
|
+
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
|
74
|
+
command: pages deploy dist --project-name=my-site
|
|
75
|
+
- name: Print URL
|
|
76
|
+
run: echo "${{ steps.deploy.outputs.deployment-url }}"
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### Preview Deploy on PR
|
|
80
|
+
|
|
81
|
+
```yaml
|
|
82
|
+
name: Preview Deploy
|
|
83
|
+
on: pull_request
|
|
84
|
+
|
|
85
|
+
jobs:
|
|
86
|
+
preview:
|
|
87
|
+
runs-on: ubuntu-latest
|
|
88
|
+
steps:
|
|
89
|
+
- uses: actions/checkout@v4
|
|
90
|
+
- uses: actions/setup-node@v4
|
|
91
|
+
with:
|
|
92
|
+
node-version: '20'
|
|
93
|
+
- run: npm ci
|
|
94
|
+
- run: npm run build
|
|
95
|
+
- name: Deploy Preview
|
|
96
|
+
uses: cloudflare/wrangler-action@v3
|
|
97
|
+
with:
|
|
98
|
+
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
99
|
+
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
|
100
|
+
command: pages deploy dist --project-name=my-site --branch=${{ github.head_ref }}
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
## Standards
|
|
104
|
+
|
|
105
|
+
### Action Configuration
|
|
106
|
+
- ! Use `cloudflare/wrangler-action@v3` (v3 or later with the `v` prefix)
|
|
107
|
+
- ! Pass `apiToken` and `accountId` via GitHub Secrets — never hardcode
|
|
108
|
+
- ~ Pin the action to a specific version tag (e.g. `@v3.14.0`) for reproducibility
|
|
109
|
+
- ~ Specify `packageManager` if not using npm (e.g. `packageManager: pnpm`)
|
|
110
|
+
|
|
111
|
+
### Secrets Management
|
|
112
|
+
- ! Store `CLOUDFLARE_API_TOKEN` in GitHub Secrets (encrypted, not printed in logs)
|
|
113
|
+
- ! Store `CLOUDFLARE_ACCOUNT_ID` in GitHub Secrets (or as a repository variable)
|
|
114
|
+
- ! Scope the API token to the minimum required permissions
|
|
115
|
+
- ⊗ Use legacy API keys — use API tokens
|
|
116
|
+
- ⊗ Echo or log the API token value in workflow steps
|
|
117
|
+
|
|
118
|
+
### Workflow Design
|
|
119
|
+
- ! Run build and test steps before the deploy step
|
|
120
|
+
- ! Use `actions/checkout@v4` to check out the repository
|
|
121
|
+
- ~ Use `actions/setup-node@v4` with a pinned Node.js version
|
|
122
|
+
- ~ Use `npm ci` (not `npm install`) for deterministic dependency installation
|
|
123
|
+
- ~ Output the deployment URL for PR comments or downstream steps
|
|
124
|
+
- ? Add a test/lint gate job that must pass before the deploy job runs
|
|
125
|
+
|
|
126
|
+
### Workers-Specific
|
|
127
|
+
- ! Ensure `wrangler.toml` includes `account_id` or pass `accountId` in the action
|
|
128
|
+
- ~ Use `--strict` flag in CI to prevent accidental overrides of remote settings
|
|
129
|
+
- ~ Use Wrangler environments for staging vs. production deploys
|
|
130
|
+
|
|
131
|
+
### Pages-Specific
|
|
132
|
+
- ! Use the `command:` input with `pages deploy <dir> --project-name=<name>`
|
|
133
|
+
- ~ Use `--branch=${{ github.head_ref }}` for PR preview deployments
|
|
134
|
+
- ~ Access `deployment-url` and `pages-deployment-alias-url` outputs for downstream use
|
|
135
|
+
|
|
136
|
+
## 🔧 Patterns
|
|
137
|
+
|
|
138
|
+
**Deploy only when tests pass**:
|
|
139
|
+
```yaml
|
|
140
|
+
jobs:
|
|
141
|
+
test:
|
|
142
|
+
runs-on: ubuntu-latest
|
|
143
|
+
steps:
|
|
144
|
+
- uses: actions/checkout@v4
|
|
145
|
+
- run: npm ci
|
|
146
|
+
- run: npm test
|
|
147
|
+
|
|
148
|
+
deploy:
|
|
149
|
+
needs: test
|
|
150
|
+
runs-on: ubuntu-latest
|
|
151
|
+
steps:
|
|
152
|
+
- uses: actions/checkout@v4
|
|
153
|
+
- uses: cloudflare/wrangler-action@v3
|
|
154
|
+
with:
|
|
155
|
+
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
**Comment preview URL on PR**:
|
|
159
|
+
- Use the `deployment-url` output from the action with a PR comment action
|
|
160
|
+
|
|
161
|
+
**Multi-environment deploy**:
|
|
162
|
+
```yaml
|
|
163
|
+
- uses: cloudflare/wrangler-action@v3
|
|
164
|
+
with:
|
|
165
|
+
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
166
|
+
environment: staging
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
## Anti-Patterns
|
|
170
|
+
|
|
171
|
+
- ⊗ Hardcode API tokens or account IDs in workflow files
|
|
172
|
+
- ⊗ Use `wrangler-action@1` or `wrangler-action@2` (Wrangler v1/v2 are EOL)
|
|
173
|
+
- ⊗ Deploy without running tests first in production pipelines
|
|
174
|
+
- ≉ Use `npm install` in CI — use `npm ci` for deterministic installs
|
|
175
|
+
- ≉ Skip the `accountId` input — Wrangler may prompt interactively and hang in CI
|
|
176
|
+
- ≉ Use `uses: cloudflare/wrangler-action@3.x.x` (must use `@v3.x.x` with the `v` prefix)
|
|
177
|
+
|
|
178
|
+
## Compliance Checklist
|
|
179
|
+
|
|
180
|
+
- ! `CLOUDFLARE_API_TOKEN` stored in GitHub Secrets
|
|
181
|
+
- ! `CLOUDFLARE_ACCOUNT_ID` stored in GitHub Secrets or Variables
|
|
182
|
+
- ! `cloudflare/wrangler-action@v3` used with `v` prefix
|
|
183
|
+
- ! Build/test steps precede deploy step
|
|
184
|
+
- ! Node.js version pinned in workflow
|
|
185
|
+
- ~ Deployment URL captured in outputs
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
# Deploy to Cloudflare via Terraform
|
|
2
|
+
|
|
3
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
4
|
+
|
|
5
|
+
**⚠️ See also**: [README.md](./README.md) | [via-wrangler.md](./via-wrangler.md) | [via-github-actions.md](./via-github-actions.md)
|
|
6
|
+
|
|
7
|
+
## Overview
|
|
8
|
+
|
|
9
|
+
Use HashiCorp Terraform with the [Cloudflare provider](https://registry.terraform.io/providers/cloudflare/cloudflare/latest)
|
|
10
|
+
to manage Pages projects, Workers, DNS records, and other Cloudflare resources as
|
|
11
|
+
infrastructure-as-code. Terraform handles project creation and configuration but
|
|
12
|
+
actual content deployments still require Wrangler or Git integration.
|
|
13
|
+
|
|
14
|
+
**Best for**: Teams managing Cloudflare alongside other infrastructure (DNS, tunnels, WAF rules),
|
|
15
|
+
or organizations requiring versioned, reviewable infrastructure changes.
|
|
16
|
+
|
|
17
|
+
## Prerequisites
|
|
18
|
+
|
|
19
|
+
- Cloudflare account with API token
|
|
20
|
+
- Terraform CLI installed
|
|
21
|
+
- Cloudflare provider `~> 5`
|
|
22
|
+
|
|
23
|
+
## Authentication
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
# Set via environment variable (recommended)
|
|
27
|
+
export CLOUDFLARE_API_TOKEN=<token>
|
|
28
|
+
|
|
29
|
+
# Or in provider block (less secure)
|
|
30
|
+
provider "cloudflare" {
|
|
31
|
+
api_token = var.cloudflare_api_token
|
|
32
|
+
}
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## Example: Pages Project with Git Integration
|
|
36
|
+
|
|
37
|
+
```hcl
|
|
38
|
+
terraform {
|
|
39
|
+
required_providers {
|
|
40
|
+
cloudflare = {
|
|
41
|
+
source = "cloudflare/cloudflare"
|
|
42
|
+
version = "~> 5"
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
variable "cloudflare_account_id" {}
|
|
48
|
+
variable "cloudflare_api_token" {}
|
|
49
|
+
|
|
50
|
+
provider "cloudflare" {
|
|
51
|
+
api_token = var.cloudflare_api_token
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
resource "cloudflare_pages_project" "my_site" {
|
|
55
|
+
account_id = var.cloudflare_account_id
|
|
56
|
+
name = "my-site"
|
|
57
|
+
production_branch = "main"
|
|
58
|
+
|
|
59
|
+
source {
|
|
60
|
+
type = "github"
|
|
61
|
+
config {
|
|
62
|
+
owner = "my-org"
|
|
63
|
+
repo_name = "my-repo"
|
|
64
|
+
production_branch = "main"
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
build_config {
|
|
69
|
+
build_command = "npm run build"
|
|
70
|
+
destination_dir = "dist"
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
resource "cloudflare_pages_domain" "custom_domain" {
|
|
75
|
+
account_id = var.cloudflare_account_id
|
|
76
|
+
project_name = cloudflare_pages_project.my_site.name
|
|
77
|
+
domain = "www.example.com"
|
|
78
|
+
}
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
## Standards
|
|
82
|
+
|
|
83
|
+
### Provider Configuration
|
|
84
|
+
- ! Use the Cloudflare provider version `~> 5` (latest major)
|
|
85
|
+
- ! Authenticate via `CLOUDFLARE_API_TOKEN` environment variable
|
|
86
|
+
- ! Use API tokens (not legacy API keys)
|
|
87
|
+
- ⊗ Hardcode API tokens in `.tf` files
|
|
88
|
+
|
|
89
|
+
### State Management
|
|
90
|
+
- ! Store Terraform state remotely (Terraform Cloud, S3, GCS, etc.)
|
|
91
|
+
- ! Never commit `terraform.tfstate` to version control
|
|
92
|
+
- ! Add `terraform.tfvars`, `.terraform/`, and `*.tfstate*` to `.gitignore`
|
|
93
|
+
- ~ Use state locking to prevent concurrent modifications
|
|
94
|
+
|
|
95
|
+
### Variables & Secrets
|
|
96
|
+
- ! Define `cloudflare_account_id` and `cloudflare_api_token` as variables
|
|
97
|
+
- ! Pass sensitive values via environment variables or a secrets manager
|
|
98
|
+
- ⊗ Commit `terraform.tfvars` containing secrets to version control
|
|
99
|
+
- ~ Mark sensitive variables with `sensitive = true`
|
|
100
|
+
|
|
101
|
+
### Resource Management
|
|
102
|
+
- ! Use `cloudflare_pages_project` to create and configure Pages projects
|
|
103
|
+
- ! Use `cloudflare_pages_domain` to attach custom domains
|
|
104
|
+
- ~ Use `cloudflare_dns_record` to manage DNS records alongside the Pages project
|
|
105
|
+
- ~ Use `terraform plan` before every `terraform apply`
|
|
106
|
+
- ? Use `cloudflare_worker_script` for Workers deployments (content must be provided inline or from file)
|
|
107
|
+
|
|
108
|
+
### Limitations
|
|
109
|
+
- ! Understand that Terraform creates the Pages project but does **not trigger the first deployment**
|
|
110
|
+
- After `terraform apply`, you must push to the Git repo or manually trigger a deploy
|
|
111
|
+
- ~ Use Wrangler or GitHub Actions for the actual content deployment
|
|
112
|
+
- ~ Use Terraform for the infrastructure layer (project, DNS, domains, WAF rules)
|
|
113
|
+
|
|
114
|
+
## 🔧 Patterns
|
|
115
|
+
|
|
116
|
+
**Pages project + DNS in one config**:
|
|
117
|
+
```hcl
|
|
118
|
+
resource "cloudflare_pages_project" "site" {
|
|
119
|
+
account_id = var.cloudflare_account_id
|
|
120
|
+
name = "my-site"
|
|
121
|
+
production_branch = "main"
|
|
122
|
+
# ... source and build_config
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
resource "cloudflare_dns_record" "site_cname" {
|
|
126
|
+
zone_id = var.cloudflare_zone_id
|
|
127
|
+
name = "www"
|
|
128
|
+
content = "my-site.pages.dev"
|
|
129
|
+
type = "CNAME"
|
|
130
|
+
proxied = true
|
|
131
|
+
}
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
**Separate environments with workspaces**:
|
|
135
|
+
```bash
|
|
136
|
+
terraform workspace new staging
|
|
137
|
+
terraform workspace new production
|
|
138
|
+
terraform apply -var-file=staging.tfvars
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
## Anti-Patterns
|
|
142
|
+
|
|
143
|
+
- ⊗ Store API tokens in `.tf` files or commit `terraform.tfvars` with secrets
|
|
144
|
+
- ⊗ Expect Terraform to deploy site content — it manages infrastructure only
|
|
145
|
+
- ⊗ Run `terraform apply` without `terraform plan` first
|
|
146
|
+
- ⊗ Manage Terraform state locally for team projects
|
|
147
|
+
- ≉ Mix Terraform-managed and dashboard-managed settings for the same resource — pick one source of truth
|
|
148
|
+
- ≉ Use the Terraform provider alone for the full deployment lifecycle — pair with Wrangler or Git for content
|
|
149
|
+
|
|
150
|
+
## Compliance Checklist
|
|
151
|
+
|
|
152
|
+
- ! Cloudflare provider `~> 5` specified in `required_providers`
|
|
153
|
+
- ! API token passed via environment variable, not hardcoded
|
|
154
|
+
- ! State stored remotely with locking
|
|
155
|
+
- ! `terraform plan` reviewed before every `terraform apply`
|
|
156
|
+
- ! `terraform.tfvars` and `*.tfstate*` in `.gitignore`
|
|
157
|
+
- ~ DNS records managed alongside Pages project in the same config
|