Skip to content
PageZERO Docs

CI / CD

CI/CD (Continuous Integration / Continuous Deployment) automates testing and deployment of your code. When you push changes, the pipeline automatically runs quality checks, tests, and deploys to production-no manual steps required.

PageZERO includes a pre-configured pipeline using GitHub Actions and Cloudflare Workers.

How it works

  1. You push code to GitHub
  2. Pipeline runs linting, type checking, and unit tests in parallel
  3. E2E tests verify the app works end-to-end
  4. Database migrations run automatically
  5. Code deploys to Cloudflare Workers
  6. Smoke tests verify the deployment succeeded (optional)

Pipeline Overview

Parallel

Quality Check

Type Check

Unit Tests

E2E Tests

Database Migration

Deploy

Smoke Tests

Environments

BranchEnvironmentDatabaseURL
mainProductionProduction D1Your custom domain
PR branchesPreviewPreview D1*.workers.dev

Draft PRs only run quality checks, type checks, and tests. Database migrations and deployments are skipped until the PR is marked as ready for review.

Setup

Section titled “Setup”

For setup instructions, see the Automatic deployment section in the deployment guide.

Protecting Preview URLs (optional)

Section titled “Protecting Preview URLs (optional)”

By default, preview deployments (*.workers.dev) are publicly accessible. You can restrict access using Cloudflare Zero Trust so only authorized users can view preview environments.

  1. Go to Cloudflare Zero Trust → Access → Applications
  2. Create a new Self-hosted application
  3. Set the application domain to your preview URL pattern (e.g., *.workers.dev)
  4. Configure an Access policy to control who can access (e.g., specific email addresses or identity providers)

Once configured, users must authenticate before accessing preview URLs.

Smoke Tests (optional)

Section titled “Smoke Tests (optional)”

Smoke tests run against the deployed URL to verify the deployment succeeded. They only run when CLOUDFLARE_ACCESS_CLIENT_ID is configured in GitHub Actions.

If your preview environment is protected by Cloudflare Zero Trust (see above), configure service authentication:

  1. Create a Service Token in Cloudflare Zero Trust
  2. Add a Service Auth policy to your Access application
  3. Add CLOUDFLARE_ACCESS_CLIENT_ID as a GitHub Actions variable
  4. Add CLOUDFLARE_ACCESS_CLIENT_SECRET as a GitHub Actions secret

The pipeline uses these credentials to authenticate requests against protected URLs.

Preview Database Reset

Section titled “Preview Database Reset”

A separate workflow can reset the preview database to a clean state. Trigger it manually from GitHub Actions when needed:

  1. Go to Actions → “Reset preview database”
  2. Click “Run workflow”
  3. Select the main branch

This cleans the database, runs migrations, and seeds with fresh data.