Cloudflare Pages CI/CD with GitHub Actions

This note defines a minimal, auditable deployment flow for Cloudflare Pages using GitHub Actions.

Why this flow

• Keep a single deployment authority: GitHub Actions only.
• Make release intent explicit: master for preview, v* tags for production.
• Enforce a deploy gate before publish (yarn build).

Workflow summary

• Workflow file: .github/workflows/deploy-pages.yml
• Runtime management: jdx/mise-action@v3
• Deploy action: cloudflare/wrangler-action@v3
• Pages project: viasnake-web

Branch and tag behavior:

• push to master without release tag -> Preview deploy (--branch preview)
• push with v* tag -> Production deploy (--branch master)

Secrets and minimum permissions

Required GitHub repository secrets:

• CLOUDFLARE_API_TOKEN
• CLOUDFLARE_ACCOUNT_ID

Cloudflare API token (recommended minimum):

• Permission: Account -> Cloudflare Pages: Edit
• Scope: only the account that owns viasnake-web

Do not grant unrelated permissions such as DNS, Billing, or KV/R2/D1 unless a separate workflow needs them.

GitHub Actions permissions (workflow-level):

• contents: read
• deployments: write

Operations

Preview deployment:

git push origin master

Production deployment:

git tag vX.Y.Z
git push origin vX.Y.Z

Related notes

• Cloudflare Start Here
• Cloudflare Pages Redirects Limit
• Git