Deployment Strategy and GitOps

Learning Focus

By the end of this lesson you will understand how to manage multiple environments (Staging/Production), automate deployments with GitHub Actions, and implement GitOps patterns.

Multi-Environment Strategy

When building with Workers and Pages, you should never deploy directly from your local machine to production. Instead, use multiple environments to test changes.

Environment	Purpose	URL Pattern
Local	Day-to-day development	localhost:8787
Preview	Branch-based testing (PR reviews)	<branch>.project.pages.dev
Staging	Pre-production testing	staging.example.com
Production	Live traffic	example.com

Automating with GitHub Actions

Automating your deployments ensures consistency and prevents "it works on my machine" issues.

.github/workflows/deploy.yml

name: Deploy Worker
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Install dependencies
        run: npm install

      - name: Deploy to Cloudflare
        uses: cloudflare/wrangler-action@v3
        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          command: deploy

Handling Secrets in CI/CD

Never commit your CLOUDFLARE_API_TOKEN to your repository. Store it as a GitHub Secret.

1. Go to GitHub Repository → Settings → Secrets and variables → Actions.
2. Add CLOUDFLARE_API_TOKEN.
3. Add CLOUDFLARE_ACCOUNT_ID.

Infrastructure as Code (IaC)

While wrangler.toml handles Worker/Pages config, for larger setups involving DNS, WAF, and Zero Trust, tools like Terraform or Pulumi are recommended.

main.tf (Terraform Example)

resource "cloudflare_record" "www" {
  zone_id = var.cloudflare_zone_id
  name    = "www"
  value   = "203.0.113.10"
  type    = "A"
  proxied = true
}

resource "cloudflare_filter" "block_bots" {
  zone_id    = var.cloudflare_zone_id
  expression = "(http.user_agent contains \"BadBot\")"
}

Blue/Green and Canary Deployments

Cloudflare's Version Management (Module 7) allows you to implement safe deployment patterns:

• Blue/Green: Deploy a new version (Green) alongside the old (Blue), then switch traffic.
• Canary: Deploy to 1% of users first, monitor for errors, then gradually increase to 100%.

info

Canary rollouts require a paid plan. On the free plan, you can achieve similar results by deploying to a specific "Staging" Worker first.

Key Takeaways

• Use environment-specific subdomains for testing before production push.
• Automate everything via GitHub Actions or similar CI/CD tools.
• Keep Secrets out of source control using GitHub Secrets and wrangler secret.
• Consider Terraform for managing many DNS records or complex WAF rules.
• Leverage Deployment Versions for instant rollbacks if a deployment fails.

What's Next

• Continue to SaaS and Multi-Cloud Patterns to learn how Cloudflare fits into a broader cloud ecosystem.