takazudo/dev-cloudflare-pages-ci-setup
skills/dev-cloudflare-pages-ci-setup/SKILL.md
Set up Cloudflare Pages deployment with GitHub Actions workflows. Use when: (1) Deploying a static site to Cloudflare Pages, (2) User says 'cloudflare pages', 'deploy to cloudflare', 'cf pages setup', (3) User wants CI/CD workflows for Cloudflare Pages with PR previews, (4) Setting up wrangler deployment pipelines.
$ install --global
skillsauthnpx skillsauth add takazudo/claude-resources dev-cloudflare-pages-ci-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 4:26 AM181.1s1 file scanned
SKILL.md
- name:
- dev-cloudflare-pages-ci-setup
- description:
- Set up Cloudflare Pages deployment with GitHub Actions workflows. Use when: (1) Deploying a static site to Cloudflare Pages, (2) User says 'cloudflare pages', 'deploy to cloudflare', 'cf pages setup', (3) User wants CI/CD workflows for Cloudflare Pages with PR previews, (4) Setting up wrangler deployment pipelines.
Cloudflare Pages CI Setup
Set up Cloudflare Pages deployment with GitHub Actions workflows for static sites. Supports production deploys, PR preview deploys, and named preview branches.
Step 1: Gather Project Info
Identify the project's build setup:
cat package.json
ls .github/workflows/ 2>/dev/null
cat wrangler.toml 2>/dev/null
Determine: package manager (pnpm/npm/yarn), build command, output directory (dist/, build/, out/), base path (root / or subpath like /pj/project-name/).
Step 2: Ask User Preferences
- Cloudflare Pages project name (used in
--project-name) - Which workflows: Main only, Main + PR previews, Main + PR + named previews
- Base path: root
/or specific subpath - IFTTT notifications: yes/no
Step 3: Create Cloudflare Configuration
wrangler.toml
# Cloudflare Pages project configuration
compatibility_date = "2024-12-01"
Add wrangler devDependency
pnpm add -D wrangler # or npm
For pnpm: add esbuild and workerd to pnpm.onlyBuiltDependencies in package.json.
public/_redirects (if using a base path)
If the site has a base path (e.g., /pj/project-name/), create public/_redirects:
/ /pj/project-name/ 302
Most static site generators (Astro, Next.js, etc.) copy public/ to output, eliminating CI-time redirect generation.
Step 4: Create Workflows
Security Best Practices (apply to all workflows)
- Explicit
permissionsblocks (least privilege) - Pass
${{ }}values viaenv:blocks, never inline ingithub-scriptJavaScript (prevents script injection) - Quote all shell variable expansions:
"${GITHUB_SHA}" - Pin wrangler version:
npm install -g wrangler@4(orpnpm exec wranglerwhen node_modules available) - Add
timeout-minutesto all jobs (build: 15, deploy: 20, notify: 5) - Use
curl -sSf --max-time 10for external HTTP calls
Deploy Retry (apply to all deploy steps)
Cloudflare Pages API occasionally returns transient errors (504 Gateway Timeout on /upload-token). Wrap all wrangler pages deploy commands in a bash retry loop:
- name: Deploy to Cloudflare Pages
run: |
for attempt in 1 2 3; do
echo "Deploy attempt $attempt/3..."
if wrangler pages deploy deploy \
--project-name=PROJECT_NAME \
--branch=main \
--commit-hash="${GITHUB_SHA}" \
--commit-message="Production deploy: ${GITHUB_SHA}"; then
echo "Deploy succeeded on attempt $attempt"
exit 0
fi
if [ "$attempt" -lt 3 ]; then
echo "Deploy failed, retrying in 150 seconds..."
sleep 150
fi
done
echo "Deploy failed after 3 attempts"
exit 1
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
- 3 attempts, 150s (2.5 min) delay between retries
- Increase
timeout-minuteson deploy jobs to 20 (from 10) to accommodate retries - For steps that set
GITHUB_OUTPUT(preview URLs), move the output logic inside the success branch of theifblock - Works with both
npx wrangler@4andpnpm exec wranglervariants
Production Deploy (main-deploy.yml)
Trigger: push to main. Concurrency: production-deploy, cancel-in-progress: false.
permissions:
contents: read
jobs:
build:
# Heavy job — candidate for self-hosted runner via /dev-actions-self-runner
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
# fetch-depth: 0 if project needs git history (e.g., doc history, changelogs)
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with: { node-version: 20, cache: pnpm }
- run: pnpm install --frozen-lockfile
- run: pnpm build
- uses: actions/upload-artifact@v4
with: { name: dist-out, path: dist/, retention-days: 1 }
deploy:
needs: build
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/download-artifact@v4
with: { name: dist-out, path: deploy/ }
- run: npm install -g wrangler@4
- name: Deploy to Cloudflare Pages (production)
run: |
for attempt in 1 2 3; do
echo "Deploy attempt $attempt/3..."
if wrangler pages deploy deploy \
--project-name=PROJECT_NAME \
--branch=main \
--commit-hash="${GITHUB_SHA}" \
--commit-message="Production deploy: ${GITHUB_SHA}"; then
echo "Deploy succeeded on attempt $attempt"
exit 0
fi
if [ "$attempt" -lt 3 ]; then
echo "Deploy failed, retrying in 150 seconds..."
sleep 150
fi
done
echo "Deploy failed after 3 attempts"
exit 1
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
notify: # Optional IFTTT notification
needs: [build, deploy]
if: always()
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Notify via IFTTT
if: env.IFTTT_PROD_NOTIFY != ''
env:
IFTTT_PROD_NOTIFY: ${{ secrets.IFTTT_PROD_NOTIFY }}
RAW_COMMIT_MSG: ${{ github.event.head_commit.message }}
BUILD_RESULT: ${{ needs.build.result }}
DEPLOY_RESULT: ${{ needs.deploy.result }}
GITHUB_SHA_VAL: ${{ github.sha }}
SERVER_URL: ${{ github.server_url }}
REPO: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
if [ "$DEPLOY_RESULT" = "success" ]; then STATUS="succeeded"
elif [ "$BUILD_RESULT" = "failure" ]; then STATUS="failed (build)"
elif [ "$DEPLOY_RESULT" = "failure" ]; then STATUS="failed (deploy)"
else STATUS="cancelled"; fi
COMMIT_MSG=$(echo "$RAW_COMMIT_MSG" | head -1 | sed 's/"/\\"/g')
SHORT_SHA=$(echo "$GITHUB_SHA_VAL" | cut -c1-7)
RUN_URL="${SERVER_URL}/${REPO}/actions/runs/${RUN_ID}"
curl -sSf --max-time 10 -X POST "$IFTTT_PROD_NOTIFY" \
-H 'Content-Type: application/json' \
-d "{
\"value1\": \"Cloudflare Pages deploy ${STATUS}\",
\"value2\": \"${SHORT_SHA} ${COMMIT_MSG}\",
\"value3\": \"${RUN_URL}\"
}" || echo "::warning::IFTTT notification failed"
PR Preview Deploy (pr-checks.yml)
Trigger: pull_request to main. Concurrency: per-PR, cancel-in-progress: true.
permissions:
contents: read
pull-requests: write
Build job identical to production. Preview job:
- Download artifact to
deploy/ - Deploy with
--branch="pr-${PR_NUMBER}" - Preview URL:
https://pr-${PR_NUMBER}.PROJECT_NAME.pages.dev - Post/update PR comment using
actions/github-script@v8with marker<!-- cf-preview-pr --> - Pass deploy URL via
env::const deployUrl = process.env.DEPLOY_URL;
Named Preview Deploy (preview-deploy.yml)
Trigger: push to preview and expreview/**. Concurrency: per-branch, cancel-in-progress: true.
permissions:
contents: read
pull-requests: write
statuses: write
Single-job workflow (build + deploy in one job):
- Convert branch slashes to hyphens for deploy branch name
- Deploy directly from build output (no copy step needed)
- Use
pnpm exec wrangler(node_modules available in same job) - Set commit status via
createCommitStatusAPI - Comment on associated PR if one exists, using marker
<!-- cf-preview-branch --> - Use distinct markers from pr-checks.yml to prevent collision
Step 5: Required Secrets
| Secret | Required | Purpose |
| --- | --- | --- |
| CLOUDFLARE_API_TOKEN | Yes | Wrangler authentication |
| CLOUDFLARE_ACCOUNT_ID | Yes | Cloudflare account identifier |
| IFTTT_PROD_NOTIFY | No | IFTTT webhook URL (skipped if not set) |
Creating Cloudflare API Token
- Cloudflare dashboard > My Profile > API Tokens > Create Token > Custom token
- Permissions: Account > Cloudflare Pages > Edit
- Account Resources: Include the target account
The Cloudflare Pages project is auto-created on first deploy via wrangler pages deploy.
Step 6: Verify
pnpm build # Verify build works locally
Companion Skills
/dev-actions-self-runner— Add self-hosted runner with fallback for build jobs/dev-ci-ifttt-notify— Add IFTTT webhook notifications
Related Skills
takazudo/dev-linkify-cc-resources
development
VerifiedTrustedCommunity
Link Claude Code skill names mentioned in a CodeGrid article (data/{series}/{n}.md) to the author's public claude-resources repo, pinned to the latest commit hash so links don't rot. Use when: (1) user says 'linkify cc resources', 'link the skills', 'link skill names', or invokes /dev-linkify-cc-resources; (2) editing a CodeGrid article that mentions `/commits`, `/pr-complete`, `/skill-creator` or other Claude Code skills and they should point to claude-resources. Only links skills that actually exist in the public repo; skips hypothetical examples and code blocks.
10SKILL.mdUpdated Jun 2, 2026
takazudo/opus-2nd
development
VerifiedTrustedCommunity
Second opinion from Claude Opus on a plan or approach. Use when: (1) Planning phase of /big-plan needs a higher-quality review than /codex-2nd / /gco-2nd, (2) User says 'opus 2nd' or 'opus opinion', (3) Wanting Anthropic's larger model to critique a plan. Spawns a general-purpose Agent with model: opus that reads the plan file and returns structured feedback. Anthropic quota — not free.
10SKILL.mdUpdated May 29, 2026
takazudo/dev-ai-based-test
tools
VerifiedTrustedCommunity
AI-based testing via subagent + a per-task test-flow skill. Use when the user wants to verify something that mechanical assertions can't fully capture — image recognition, visual size/position comparison, animation smoothness, multi-step manual flows that need AI judgment. Triggers: 'AI-based test', 'AI test', 'visual verify', 'image recognition test', 'manual operation test', 'human-eye check', 'verify visually', 'compare screenshots', 'looks the same', 'looks correct'. The skill's job is to (1) author a focused test-flow skill that captures the exact procedure + verdict criteria, then (2) dispatch a verification subagent via the Agent tool that loads BOTH the test-flow skill AND a browser-driving skill (/verify-ui primary, /headless-browser fallback) so the subagent has clear context and consistent verdicts. NEVER uses `claude -p` — subagent dispatch goes through the Agent tool exclusively.
10SKILL.mdUpdated May 29, 2026
takazudo/cleanup-resources
development
VerifiedTrustedCommunity
End-of-workflow audit of touched GitHub issues, PRs, and branches via a Sonnet subagent. Use when: (1) /big-plan, /x-as-pr, or /x-wt-teams finishes its main work and needs to verify every touched resource is in the right state (closed when done, kept when ongoing, deleted when dead), (2) User says 'cleanup resources', 'audit cleanup', or 'check what should be closed', (3) A long workflow ends and the manager wants a structured paper trail of what it closed/kept/deleted. Auto-execute by default — the Sonnet agent proposes, the manager (you) executes safe actions and prints a final report.
10SKILL.mdUpdated May 29, 2026