Cloudflare Workers CI/CD with GitHub Actions
This page defines a minimal, auditable deployment flow for Cloudflare Workers static assets using GitHub Actions.
This page defines a minimal, auditable deployment flow for Cloudflare Workers static assets using GitHub Actions.
Why this flow
- Keep a single deployment authority: GitHub Actions only.
- Make release intent explicit:
masteris production deploy. - Enforce a deploy gate before publish (
yarn build).
Workflow summary
- Workflow file:
.github/workflows/deploy-workers.yml - Wrangler config:
wrangler.jsonc - Runtime setup:
actions/setup-node@v6 - Deploy command:
yarn wrangler deploy - Worker:
viasnake-web
Branch behavior:
pushtomaster-> Production deployworkflow_dispatch-> Manual production redeploy of the selected ref
Secrets and minimum permissions
Required GitHub repository secrets:
CLOUDFLARE_ACCOUNT_IDCLOUDFLARE_WORKERS_API_TOKEN
Cloudflare API token (recommended minimum):
- Permission:
Account -> Workers Scripts: Edit - Scope: only the account that owns
viasnake-web
Store this token as CLOUDFLARE_WORKERS_API_TOKEN. Do not grant unrelated permissions such as DNS, Billing, or KV/R2/D1 unless a separate workflow needs them.
GitHub Actions permissions (workflow-level):
contents: read
Operations
Production deployment:
git push origin master