-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for restricted API Tokens. closes #1
- Loading branch information
1 parent
7a26e2b
commit eee6dba
Showing
4 changed files
with
85 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,7 +5,7 @@ LABEL "com.github.actions.description"="Purge a zone's cache via the Cloudflare | |
LABEL "com.github.actions.icon"="trash-2" | ||
LABEL "com.github.actions.color"="orange" | ||
|
||
LABEL version="0.2.0" | ||
LABEL version="0.3.0" | ||
LABEL repository="https://github.com/jakejarvis/cloudflare-purge-action" | ||
LABEL homepage="https://jarv.is/" | ||
LABEL maintainer="Jake Jarvis <[email protected]>" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,16 +7,44 @@ This simple action calls the [Cloudflare API](https://api.cloudflare.com/#zone-p | |
|
||
## Usage | ||
|
||
### Configuration | ||
|
||
All sensitive variables should be [set as encrypted secrets](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) in the action's configuration. | ||
|
||
|
||
### Configuration Variables | ||
|
||
| Key | Value | Suggested Type | Required | | ||
| ------------- | ------------- | ------------- | ------------- | | ||
| `CLOUDFLARE_ZONE` | The Zone ID of your domain, which can be found in the right sidebar of your domain's overview page on the Cloudflare dashboard. For example, `xyz321xyz321xyz321xyz321xyz321xy`. | `secret` | **Yes** | | ||
| `CLOUDFLARE_EMAIL` | The email address you registered your Cloudflare account with. For example, `[email protected]`. | `secret` | **Yes** | | ||
| `CLOUDFLARE_KEY` | Your Cloudflare API key, which can be generated using [these instructions](https://support.cloudflare.com/hc/en-us/articles/200167836-Where-do-I-find-my-Cloudflare-API-key-). For example, `abc123abc123abc123abc123abc123abc123abc123abc`. | `secret` | **Yes** | | ||
| `PURGE_URLS` | **Optional.** An array of **fully qualified URLs** to purge. For example: `["https://jarv.is/style.css", "https://jarv.is/favicon.ico"]`. If unset, the action will purge everything (which is [suggested](#purging-specific-files)). | `env` | No | | ||
| `CLOUDFLARE_ZONE` | **Required for both methods below.** The Zone ID of your domain, which can be found in the right sidebar of your domain's overview page on the Cloudflare dashboard. For example, `xyz321xyz321xyz321xyz321xyz321xy`. | `secret` | **Yes** | | ||
| `PURGE_URLS` | **Optional.** An array of **fully qualified URLs** to purge. For example: `["https://jarv.is/style.css", "https://jarv.is/favicon.ico"]`. If unset, the action will purge everything (which is suggested — [more info below](#purging-specific-files)). | `env` | No | | ||
|
||
|
||
### Authentication Variables | ||
|
||
Both authentication methods below require you to grab information from the [API Tokens page in the dashboard](https://dash.cloudflare.com/profile/api-tokens). Details on the inner workings of each method can be found [in Cloudflare's API docs](https://api.cloudflare.com/#getting-started-requests). | ||
|
||
|
||
#### Option 1: Restricted API Token | ||
|
||
API Tokens are [a new feature](https://blog.cloudflare.com/api-tokens-general-availability/) as of August 2019. They allow you to restrict the scope of this action to only purging the cache of zones you specify. In other words, this is much safer than allowing this action complete control of your entire Cloudflare account. (I'm not evil though, I promise. 😊) | ||
|
||
| Key | Value | Type | | ||
| ------------- | ------------- | ------------- | | ||
| `CLOUDFLARE_TOKEN` | The restricted API Token with permissions to purge the cache of one or more zones. | `secret` | | ||
|
||
Creating a token can be tricky, so here's what you should enter [on this page](https://dash.cloudflare.com/profile/api-tokens) to create a token for purging the cache of a single domain on your account: | ||
|
||
![Creating an API Token for purging](tokens.png) | ||
|
||
|
||
#### Option 2: Global API Key | ||
|
||
This is the "traditional" method of authenticating — simply grab your "Global API Key" from [the dashboard](https://dash.cloudflare.com/profile/api-tokens). Using this method also **requires a second environment variable** with the email address linked to your account. | ||
|
||
| Key | Value | Type | | ||
| ------------- | ------------- | ------------- | | ||
| `CLOUDFLARE_EMAIL` | The email address you registered your Cloudflare account with. For example, `[email protected]`. | `secret` | | ||
| `CLOUDFLARE_KEY` | Your Cloudflare API key, which can be generated using [these instructions](https://support.cloudflare.com/hc/en-us/articles/200167836-Where-do-I-find-my-Cloudflare-API-key-). | `secret` | | ||
|
||
|
||
### `workflow.yml` Example | ||
|
||
|
@@ -36,7 +64,11 @@ jobs: | |
- name: Purge cache | ||
uses: jakejarvis/cloudflare-purge-action@master | ||
env: | ||
# Zone is required by both authentication methods | ||
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }} | ||
|
||
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} | ||
# ...or: | ||
CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }} | ||
CLOUDFLARE_KEY: ${{ secrets.CLOUDFLARE_KEY }} | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.