Skip to content

ci(web-ui): Cloudflare Pages preview deploys + setup docs#78

Merged
Isusami merged 2 commits into
mainfrom
ci/cloudflare-pages-preview
Jul 3, 2026
Merged

ci(web-ui): Cloudflare Pages preview deploys + setup docs#78
Isusami merged 2 commits into
mainfrom
ci/cloudflare-pages-preview

Conversation

@Isusami

@Isusami Isusami commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

Summary

Adds a path-filtered GitHub Actions workflow that builds apps/web-ui/
on every PR touching web-ui files (and on push to main), deploys the
static export to a Cloudflare Pages project, and posts/updates a
preview-URL sticky comment on the PR.

Closes #77.

What changed

  • .github/workflows/deploy-web-ui.yml (new, 117 lines)

    • Triggers on push to main and on pull_request against main,
      filtered to apps/web-ui/** and the workflow file itself.
    • Pre-flight check — calls the Cloudflare API directly to verify
      the Pages project exists before invoking wrangler. Captures the
      response body even on HTTP errors and decodes the four common
      failure modes inline (401 / 403 / 400 / 404 with their fix). This
      replaces a brittle wrangler path that previously failed silently
      30s into the deploy.
    • Branch alias step — sanitizes the ref via tr (slash → dash,
      strip non [alnum:._-]) and exposes it via $GITHUB_OUTPUT so
      the wrangler call gets a Cloudflare-safe alias on PR checkouts.
    • Fork-PR guard — strict equality on head.repo.full_name so
      push events can't dereference a null pull_request.
    • Deploy — uses cloudflare/wrangler-action@v3 with the static
      out/ directory and --commit-dirty=true (required because
      out/ is uncommitted at deploy time).
    • Sticky PR comment — uses marocchino/sticky-pull-request-comment@v2
      so each push updates the same comment instead of stacking duplicates.
  • apps/web-ui/next.config.ts

    • Adds output: "export" for the Cloudflare Pages static-export
      requirement. The app is already client-only, so this is drop-in.
  • apps/web-ui/package.json

    • Adds wrangler ^3.90.0 to devDependencies for local previews.
  • docs/CLOUDFLARE_SETUP.md (new, 102 lines)

    • Documents the one-time Cloudflare configuration the workflow
      needs: account ID, project name (cv-builder-cf-web), token
      permissions (Account → Pages: Edit, Account Settings: Read),
      and a troubleshooting table tying each pre-flight HTTP code to
      its concrete fix.
  • README.md, apps/web-ui/README.md

    • New "Deployment" and "Previews" sections summarizing what the
      workflow does and what secrets are required.
  • pnpm-lock.yaml

    • Regenerated for the new wrangler dependency tree.

Why a Cloudflare Pages project named cv-builder-cf-web?

The PR is targeted at the team's existing Cloudflare account. The
cv-builder-cf-web suffix keeps the project distinguishable from
any other cv-builder-* projects they may already have. The name
is hard-coded in two places in the workflow (the pre-flight's
CF_PROJECT_NAME env and the wrangler --project-name flag); both
are documented in §4 of docs/CLOUDFLARE_SETUP.md so renaming
later is a 2-line change.

Required repo secrets

Secret Where to get it
CLOUDFLARE_API_TOKEN Cloudflare dashboard → My Profile → API Tokens → Create Token → Custom template with Account → Cloudflare Pages: Edit and Account → Account Settings: Read, scoped to the team's account
CLOUDFLARE_ACCOUNT_ID Cloudflare dashboard → Workers & Pages → right sidebar

The cv-builder-cf-web Cloudflare Pages project must exist in the
target account before the first deploy — see docs/CLOUDFLARE_SETUP.md
§2.2.

Verification done locally and in CI

  • pnpm install --frozen-lockfile — clean
  • pnpm lint — clean (only a pre-existing biome info notice)
  • pnpm test — 12/12 turbo tasks successful
  • pnpm build — 6/6 turbo tasks successful; apps/web-ui/out/
    contains index.html, 404.html, _next/, favicon.ico,
    file.svg; all routes prerendered as static
  • Cloudflare deploy on PR ci(web-ui): Cloudflare Pages preview deploys + setup docs #78 ran end-to-end against the new account:
    pre-flight → wrangler deploy → sticky preview comment posted
    with https://ci-cloudflare-pages-preview.cv-builder-cf-web.pages.dev

Security considerations

  • pull_request (not pull_request_target) is used so secrets are
    not exposed to fork PRs.
  • Minimal permissions: block — contents: read, pull-requests: write.
  • The fork-PR if: guard prevents any non-main head from running.
  • The pre-flight step does not log the token; the wrangler-action's
    log masks the apiToken input the same way any GitHub Actions step
    would mask a secrets.* value.
  • set -euo pipefail on every bash block.

Out of scope (planned follow-ups)

  • When the fastify backend lands, the deploy may need to leave
    static-export mode. The plumbing is in place via NEXT_PUBLIC_API_URL
    so the swap is straightforward.
  • The pre-flight could be extracted to a composite action once a
    second consumer (backend preview, docs site) exists. Not worth
    extracting for a single consumer today.

@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The PR adds Cloudflare Pages deployment for the web UI, enables static export in Next.js, and documents the preview and production deployment flow. PRs for apps/web-ui now build, deploy, and comment a preview URL; pushes to main deploy production.

Changes

Cloudflare Pages Deployment

Layer / File(s) Summary
Next.js static export and wrangler dependency
apps/web-ui/next.config.ts, apps/web-ui/package.json
output: "export" is added to the web UI config with a static-export comment, and wrangler is added as a dev dependency.
Workflow triggers, build, and deploy
.github/workflows/deploy-web-ui.yml
The workflow is triggered for main pushes and PRs touching the web UI, cancels superseded runs per ref, sets job permissions and fork safety, builds the app, and deploys the static output to Cloudflare Pages.
PR preview comment
.github/workflows/deploy-web-ui.yml
A sticky PR comment is posted or updated with the Pages preview URL from the deployment output.
Deployment documentation
README.md, apps/web-ui/README.md
Deployment setup, required secrets, preview behavior, production URL, and static-export limitations are documented.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Possibly related issues

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning The PR covers static export, deploy workflow, and PR preview comments, but the requested API base URL env var is not shown. Add the web UI API base URL as a workflow/env setting so previews can target a staging backend later, per issue #77.
✅ Passed checks (4 passed)
Check name Status Explanation
Out of Scope Changes check ✅ Passed The changes stay focused on web UI deployment, docs, and required package setup with no clear unrelated additions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly captures the main change: adding Cloudflare Pages preview deploys for web-ui plus setup documentation.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/cloudflare-pages-preview

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch from 44b3a23 to a7caa26 Compare June 22, 2026 10:56

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
.github/workflows/deploy-web-ui.yml (1)

30-30: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Disable persisted Git credentials in checkout.

Line 30 should set persist-credentials: false to reduce token exposure on runner state.

Suggested change
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/deploy-web-ui.yml at line 30, The actions/checkout@v4 step
does not include the persist-credentials parameter, which leaves Git credentials
persisted on the runner and increases token exposure. Add the
persist-credentials option set to false in the checkout action configuration to
prevent credentials from being saved to the runner state and improve security.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-web-ui.yml:
- Line 30: Replace all moving version tags in the GitHub Actions workflow with
immutable commit SHAs. On lines 30, 32, 34, and 51, change the actions/checkout
references and other third-party actions from using moving tags like `@v4` and `@v3`
to pinned commit SHAs (format: @<full-commit-sha>). This ensures reproducibility
and prevents unintended upstream changes from affecting your workflow. Verify
the correct commit SHAs from the official action repositories before applying
the changes.
- Around line 84-86: The jq filter in the comment selection logic only checks if
the comment body contains the marker string, but does not verify the comment
author. This could cause the bot to update a user's comment if they happen to
include the marker. Modify the jq select filter to add an additional condition
that checks the user.login field equals "github-actions[bot]" alongside the
existing body contains check, ensuring only comments authored by the bot are
selected for update.
- Around line 10-15: The pull_request event does not provide access to
repository secrets for forked repositories, causing the deploy job to fail when
lines 53-54 attempt to use secrets.CLOUDFLARE_API_TOKEN and
secrets.CLOUDFLARE_ACCOUNT_ID. Add a conditional guard to the deploy job using
github.event.pull_request.head.repo.full_name == github.repository to ensure the
job only runs for pull requests from the same repository, skipping execution for
forked PRs that lack access to these secrets.

---

Nitpick comments:
In @.github/workflows/deploy-web-ui.yml:
- Line 30: The actions/checkout@v4 step does not include the persist-credentials
parameter, which leaves Git credentials persisted on the runner and increases
token exposure. Add the persist-credentials option set to false in the checkout
action configuration to prevent credentials from being saved to the runner state
and improve security.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2039b12e-9ac1-4090-b32b-052be7917133

📥 Commits

Reviewing files that changed from the base of the PR and between 7c0fba6 and 44b3a23.

📒 Files selected for processing (4)
  • .github/workflows/deploy-web-ui.yml
  • README.md
  • apps/web-ui/README.md
  • apps/web-ui/next.config.ts

Comment thread .github/workflows/deploy-web-ui.yml
Comment thread .github/workflows/deploy-web-ui.yml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-web-ui.yml:
- Around line 58-98: The "Post preview URL on PR" step uses set -euo pipefail
which causes the entire job to fail if any GitHub API curl calls fail due to
transient issues, obscuring actual deployment status. Wrap the curl commands
that post/update the PR comment (the EXISTING_ID lookup curl and the subsequent
PATCH or POST curl calls) with error handling to make them non-critical. This
can be done by either temporarily disabling pipefail with set +e before the
comment posting logic and set -e afterwards, or by adding || true to the curl
commands, or by implementing retry logic to handle transient API failures
gracefully without failing the job.
- Line 30: The actions/checkout@v4 action on line 30 is missing the
persist-credentials: false configuration. Since this workflow processes
untrusted code from pull requests (executing pnpm install and pnpm build), the
GITHUB_TOKEN must be prevented from persisting in git config to avoid potential
exploitation by malicious scripts. Add the persist-credentials: false parameter
to the checkout action to disable credential persistence.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: ad44a995-7b73-47d2-a48f-674762d31fdd

📥 Commits

Reviewing files that changed from the base of the PR and between 44b3a23 and a7caa26.

📒 Files selected for processing (4)
  • .github/workflows/deploy-web-ui.yml
  • README.md
  • apps/web-ui/README.md
  • apps/web-ui/next.config.ts
✅ Files skipped from review due to trivial changes (2)
  • apps/web-ui/README.md
  • README.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • apps/web-ui/next.config.ts

Comment thread .github/workflows/deploy-web-ui.yml
Comment thread .github/workflows/deploy-web-ui.yml Outdated
@amirbahador-hub

Copy link
Copy Markdown
Collaborator

Nice @Isusami please check the code rabbit review and maybe check why the deploy in ci/cd is failing?
thanks

@SaharPak

SaharPak commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Thanks for the Cloudflare Pages preview workflow! I'm leaving this PR open because merging requires repository secrets (CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID) that need to be provisioned by someone with repo admin access — that's a maintainer decision, not something I can do unilaterally.

This PR is NOT superseded and your work is preserved on the branch ci/cloudflare-pages-preview. When the secrets are in place this should merge cleanly. See docs/PR_CLEANUP_HANDOFF.md for the integration history.

If you want to make it easier for the maintainer: add a .github/CONTRIBUTING.md snippet showing what secrets are needed and where they go in the Cloudflare dashboard. Many contributors have done this for similar preview-deploy PRs.

@SaharPak

SaharPak commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Hi @Isusami — main has been integrated via PR #85 (merged at 251140c). Your PR is in good shape and the workflow itself is well-built. Two things to know about its current state:

  1. The branch is now CONFLICTING against main because the only conflicting file is pnpm-lock.yaml, which was regenerated during the integration. The rest of your changes (deploy-web-ui.yml, README.md updates, apps/web-ui/next.config.ts, apps/web-ui/package.json) auto-merge cleanly.

  2. The deploy step cannot succeed on this repo yet because the two required Cloudflare secrets are not provisioned:

    • CLOUDFLARE_API_TOKEN
    • CLOUDFLARE_ACCOUNT_ID
      Plus the cv-builder-web Cloudflare Pages project needs to exist first.

I have opened a tracking issue to handle the Cloudflare setup. Once a maintainer has added the project and the two repo secrets, the only remaining step on your side is to rebase ci/cloudflare-pages-preview against current main to clear the lockfile conflict. No action is required from you right now unless you'd like to rebase proactively — the rebase is mechanical and your code itself is fine.

The MVP is not blocked on this; preview deploys are a contributor-experience improvement on top of the working MVP. Thanks for the careful work on the security controls and the lockfile-merge fix.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-web-ui.yml:
- Around line 46-54: The Cloudflare Pages deploy step in the deploy-web-ui
workflow is missing an explicit branch name, so Wrangler may fall back to HEAD
during detached-HEAD PR runs. Update the wrangler-action command in the Deploy
to Cloudflare Pages step to pass the current branch explicitly with --branch,
using the workflow’s branch context, so PR preview aliases resolve correctly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 628c3b2f-fefb-433a-b4a5-ffff717d0d3e

📥 Commits

Reviewing files that changed from the base of the PR and between 6ff6e09 and ef75997.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml, !**/pnpm-lock.yaml
📒 Files selected for processing (3)
  • .github/workflows/deploy-web-ui.yml
  • README.md
  • apps/web-ui/README.md
✅ Files skipped from review due to trivial changes (1)
  • apps/web-ui/README.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • README.md

Comment thread .github/workflows/deploy-web-ui.yml Outdated
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch 3 times, most recently from 342fa0a to 15dd733 Compare July 2, 2026 13:40
Isusami added a commit that referenced this pull request Jul 2, 2026
What was broken in the original PR #78:
- Deploy job failed in ~21s with no output (no Cloudflare
  Pages project existed and the workflow had no branch guard
  for fork PRs).
- 'pnpm build' ran from the workspace root with no working dir
  but 'pnpm exec wrangler' (run by the action) only saw
  apps/web-ui/node_modules, falling back to a forbidden
  'pnpm add wrangler' into the workspace root.

What this commit changes (all minimum-diff against a7caa26):
- Workflow: skip fork PRs (no secrets) using a contains() guard
  that doesn't dereference a null pull_request on push events.
- Workflow: persist-credentials: false on actions/checkout@v4
  (zizmor artipacked).
- Workflow: pnpm build runs from the repo root so turbo can
  orchestrate @cv-builder/core before web.
- Workflow: workingDirectory: apps/web-ui + --branch
  ${{ (github.head_ref || github.ref_name) | replace('/', '-') }}
  on the wrangler command (CodeRabbit review: detached-HEAD on
  PR checkouts makes wrangler emit 'HEAD' as the alias, which
  Cloudflare rejects).
- apps/web-ui/package.json: add wrangler@^3.90.0 to devDependencies
  so 'pnpm exec wrangler' finds it locally.
- pnpm-lock.yaml: refreshed to include wrangler + workspace deps.
- apps/web-ui/next.config.ts: unchanged from the original PR
  (was reverted during the agent's debugging).
- README.md, apps/web-ui/README.md: unchanged from the original PR.

Test plan once secrets are set and a Cloudflare Pages project
named 'cv-builder-web' exists in the same account as the token:
- Deploy job should pass and post a preview URL comment.
- Subsequent pushes on the same PR should PATCH the same comment,
  not duplicate.
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch from 15dd733 to 944bd01 Compare July 2, 2026 13:44
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 2, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
cv-builder-web eec4c46 Jul 03 2026, 09:37 AM

SaharPak pushed a commit that referenced this pull request Jul 2, 2026
docs/MVP_DEMO_PLAN.md still said 'Node 22+' in the prereqs section,
which conflicts with the actual repo metadata (Node >= 20.0.0 in
package.json) and with the authoritative setup guide in
docs/LOCAL_DEMO.md. Replace the prereqs with a short pointer to
LOCAL_DEMO.md plus a one-line accurate summary, so this historical
demo-readiness doc no longer contradicts current setup instructions.

docs/REPO_DOCS_AUDIT.md: remove the corresponding entry from the
'remaining documentation risks' list, fix the resulting item
numbering, and add a note recording that the Node-version item was
resolved before merge.

No code, evaluator, or rule changes. No new features. PR #37 and
PR #78 untouched.

Validates: pnpm test 12/12, pnpm lint 0 errors, pnpm build 6/6
(fresh --force, emits /, /_not-found, /feedback, /results).
SaharPak pushed a commit that referenced this pull request Jul 2, 2026
Two unresolved CodeRabbit comments fixed in this commit:

1. README.md — replace hard-coded '5 issues' in the evaluator diagram
   with the non-fixed wording 'Issues'. evaluate() returns a
   variable-length issues array; a fixed count would drift as scoring
   changes. The other diagram labels (Score, Strengths, ATS verdict,
   Archetype) are kept as-is because they describe deterministic
   outputs that do not vary in count.

2. packages/intelligence/README.md — the previous audit pass claimed
   this package ships eight roles and falls back to Backend Engineer.
   But packages/intelligence/src/archetypes/index.ts registers only
   three archetypes (Software Engineer, Product Manager, Data & ML
   Engineer) and DEFAULT_ARCHETYPE is softwareEngineer. Update the
   README to reflect the actual registry. Add a note clarifying that
   @cv-builder/core has a separate, broader legacy/runtime registry
   (7 roles) used by the CLI and Web UI, and that unifying the two
   registries is a follow-up — see docs/ARCHETYPE_GAP_AUDIT.md.

docs/REPO_DOCS_AUDIT.md updated to record that the
packages/intelligence/README.md archetype-inventory row was
corrected in two steps (the audit pass incorrectly bumped the
package claim to 8; this commit brings it back to 3 and adds the
@cv-builder/core note).

No code changes. No new features. PR #37 and PR #78 untouched.
Docs only.

Validates: pnpm test 12/12, pnpm lint 0 errors, pnpm build 6/6.
SaharPak added a commit that referenced this pull request Jul 2, 2026
* docs: align repository documentation with MVP status

Documentation-only audit. No code, evaluator, or rule changes; no new
features; no Cloudflare work; no changes to PR #37 or #78.

User-facing copy fixed:
- README.md: replace misleading ASCII diagram (3 rewrites / Tailored CV)
  with the actual MVP outputs (Score, Issues, Strengths, ATS verdict,
  Archetype); clarify that /evaluate-cv ./my-resume.pdf works only
  because Claude Code reads PDFs natively (the local CLI/web UI parse
  .md and .txt only).
- apps/web-ui layout.tsx: Next.js metadata description replaced with
  honest CV-evaluator copy (no longer 'Build a tailored resume...').
- apps/web-ui/README.md: list all three routes (/, /results, /feedback),
  note the static-export + privacy-first posture.
- apps/cli/README.md: same PDF-clarification note as the root README.
- package.json descriptions (root + core + cli): remove 'tailor /
  build' wording; describe the deterministic evaluator.
- packages/intelligence/README.md: list the eight shipped roles
  (matches README and the actual implementation) and correct the
  default archetype (Backend Engineer, not Software Engineer).
- packages/eval/README.md: drop the outdated LLM-provider claim; the
  MVP is fully deterministic.
- .claude/skills/cv-evaluation/SKILL.md: 'local MVP', not 'hosted
  product'; default archetype corrected.
- ROADMAP.md: status note added; Phase-1 / #74 / #75 / #76 / #85 / #87
  marked as recently shipped; only #37 and #78 remain in progress.

Historical docs marked with status notes (not rewritten, just flagged
as pre-release context): ARCHITECTURE.md, PROPOSAL.md, PHASE-1.md,
V1_SCOPE.md, MVP_DEMO_PLAN.md, PR_CLEANUP_HANDOFF.md,
POST_MERGE_VALIDATION.md, REMAINING_PRS_PLAN.md, PR85_ROLLBACK_PLAN.md.
Each now points readers to docs/MVP_RELEASE_STATUS.md.

New:
- docs/REPO_DOCS_AUDIT.md records the audit date, files reviewed,
  files changed, outdated claims found and fixed, historical docs
  left intentionally unchanged, remaining risks, and the validation
  results.

Validates: pnpm test (12/12), pnpm lint (0 errors), pnpm build (6/6,
fresh --force: emits /, /_not-found, /feedback, /results).

* docs: fix remaining Node version reference

docs/MVP_DEMO_PLAN.md still said 'Node 22+' in the prereqs section,
which conflicts with the actual repo metadata (Node >= 20.0.0 in
package.json) and with the authoritative setup guide in
docs/LOCAL_DEMO.md. Replace the prereqs with a short pointer to
LOCAL_DEMO.md plus a one-line accurate summary, so this historical
demo-readiness doc no longer contradicts current setup instructions.

docs/REPO_DOCS_AUDIT.md: remove the corresponding entry from the
'remaining documentation risks' list, fix the resulting item
numbering, and add a note recording that the Node-version item was
resolved before merge.

No code, evaluator, or rule changes. No new features. PR #37 and
PR #78 untouched.

Validates: pnpm test 12/12, pnpm lint 0 errors, pnpm build 6/6
(fresh --force, emits /, /_not-found, /feedback, /results).

* docs: address remaining CodeRabbit comments on PR #88

Two unresolved CodeRabbit comments fixed in this commit:

1. README.md — replace hard-coded '5 issues' in the evaluator diagram
   with the non-fixed wording 'Issues'. evaluate() returns a
   variable-length issues array; a fixed count would drift as scoring
   changes. The other diagram labels (Score, Strengths, ATS verdict,
   Archetype) are kept as-is because they describe deterministic
   outputs that do not vary in count.

2. packages/intelligence/README.md — the previous audit pass claimed
   this package ships eight roles and falls back to Backend Engineer.
   But packages/intelligence/src/archetypes/index.ts registers only
   three archetypes (Software Engineer, Product Manager, Data & ML
   Engineer) and DEFAULT_ARCHETYPE is softwareEngineer. Update the
   README to reflect the actual registry. Add a note clarifying that
   @cv-builder/core has a separate, broader legacy/runtime registry
   (7 roles) used by the CLI and Web UI, and that unifying the two
   registries is a follow-up — see docs/ARCHETYPE_GAP_AUDIT.md.

docs/REPO_DOCS_AUDIT.md updated to record that the
packages/intelligence/README.md archetype-inventory row was
corrected in two steps (the audit pass incorrectly bumped the
package claim to 8; this commit brings it back to 3 and adds the
@cv-builder/core note).

No code changes. No new features. PR #37 and PR #78 untouched.
Docs only.

Validates: pnpm test 12/12, pnpm lint 0 errors, pnpm build 6/6.

---------

Co-authored-by: Cleanup Bot <cleanup-bot@example.com>
SaharPak pushed a commit that referenced this pull request Jul 2, 2026
The audit draft was written before the GitHub API assigned the actual
issue numbers. It referenced 'issue #97' in three places for the
plain-Product-Manager follow-up. The real issue number is #90
(verified via gh issue view).

- Line 135: 'issue #97, see footer' -> 'issue #90, see footer'
- Line 194: 'Filed as issue #97' -> 'Filed as issue #90'
- Line 204: 'follow-up to #97' -> 'follow-up to #90'

Also caught by this rebase onto latest main (docs: align repository
documentation with MVP status, PR #88). The rebase was conflict-free
because PR #88 and the audit modified orthogonal sections of the
shared files (README.md, docs/MVP_RELEASE_STATUS.md, and
docs/PR_CLEANUP_HANDOFF.md).

The rebase confirmed that all five audit findings survived intact:

- core registry has 7 live archetypes
- intelligence registry has 3 archetypes
- plain Product Manager is missing from core
- #90 tracks plain Product Manager
- #91 tracks registry consolidation

No code changes. Docs only. PR #37 and PR #78 untouched.

Validates: pnpm test 12/12, pnpm lint 0 errors, pnpm build 6/6.
SaharPak added a commit that referenced this pull request Jul 2, 2026
* docs: audit role archetype coverage

Adds a comprehensive audit of the role-archetype registries, plus the
small docs-only corrections called out in the audit.

Audited:
- packages/core/src/archetypes/index.ts (7 archetypes, RoleArchetype)
- packages/intelligence/src/archetypes/ (3 archetypes, Archetype)
- packages/schemas/src/archetype.ts (Zod Archetype schema)
- packages/core/src/evaluator/index.ts (live evaluator)
- packages/cli/src/cli.ts (CLI archetypes list)
- apps/web-ui/src/app/{results,components}/* (web UI consumer)
- packages/eval/src/__tests__/fixtures.test.ts (eval fixtures)
- issues, scripts/create-issues.sh, docs/ISSUES_SEED.md, ROADMAP
  equivalents in README/docs, V1_SCOPE, PHASE-1, ARCHITECTURE

Key findings:
1. Two parallel archetype registries (core vs intelligence) on
   divergent schemas. CLI + Web UI use core (7); prompts + eval
   fixtures use intelligence (3).
2. README claimed 8 archetypes; core has 7, intelligence has 3.
   Fixed to 7 in README, MVP_RELEASE_STATUS, PR_CLEANUP_HANDOFF.
3. Plain Product Manager detection is broken in the live system:
   core has only ai-product-manager, so a non-AI PM CV falls back
   to backend-engineer.

Files changed:
- docs/ARCHETYPE_GAP_AUDIT.md (new, 200+ lines)
- README.md: '8 role archetypes' -> '7', removed Machine Learning
  Engineer from 'currently built-in' list (not in core), added
  pointer to the audit
- docs/MVP_RELEASE_STATUS.md: 8 archetypes -> 7 in two places
- docs/PR_CLEANUP_HANDOFF.md: clarified 3 archetypes in intelligence
  vs 7 in core

* docs: fix stale issue numbers in archetype gap audit

The audit draft was written before the GitHub API assigned the actual
issue numbers. It referenced 'issue #97' in three places for the
plain-Product-Manager follow-up. The real issue number is #90
(verified via gh issue view).

- Line 135: 'issue #97, see footer' -> 'issue #90, see footer'
- Line 194: 'Filed as issue #97' -> 'Filed as issue #90'
- Line 204: 'follow-up to #97' -> 'follow-up to #90'

Also caught by this rebase onto latest main (docs: align repository
documentation with MVP status, PR #88). The rebase was conflict-free
because PR #88 and the audit modified orthogonal sections of the
shared files (README.md, docs/MVP_RELEASE_STATUS.md, and
docs/PR_CLEANUP_HANDOFF.md).

The rebase confirmed that all five audit findings survived intact:

- core registry has 7 live archetypes
- intelligence registry has 3 archetypes
- plain Product Manager is missing from core
- #90 tracks plain Product Manager
- #91 tracks registry consolidation

No code changes. Docs only. PR #37 and PR #78 untouched.

Validates: pnpm test 12/12, pnpm lint 0 errors, pnpm build 6/6.

---------

Co-authored-by: Cleanup Bot <cleanup-bot@example.com>
SaharPak pushed a commit that referenced this pull request Jul 3, 2026
What was broken in the original PR #78:
- Deploy job failed in ~21s with no output (no Cloudflare
  Pages project existed and the workflow had no branch guard
  for fork PRs).
- 'pnpm build' ran from the workspace root with no working dir
  but 'pnpm exec wrangler' (run by the action) only saw
  apps/web-ui/node_modules, falling back to a forbidden
  'pnpm add wrangler' into the workspace root.

What this commit changes (all minimum-diff against a7caa26):
- Workflow: skip fork PRs (no secrets) using a contains() guard
  that doesn't dereference a null pull_request on push events.
- Workflow: persist-credentials: false on actions/checkout@v4
  (zizmor artipacked).
- Workflow: pnpm build runs from the repo root so turbo can
  orchestrate @cv-builder/core before web.
- Workflow: workingDirectory: apps/web-ui + --branch
  ${{ (github.head_ref || github.ref_name) | replace('/', '-') }}
  on the wrangler command (CodeRabbit review: detached-HEAD on
  PR checkouts makes wrangler emit 'HEAD' as the alias, which
  Cloudflare rejects).
- apps/web-ui/package.json: add wrangler@^3.90.0 to devDependencies
  so 'pnpm exec wrangler' finds it locally.
- pnpm-lock.yaml: refreshed to include wrangler + workspace deps.
- apps/web-ui/next.config.ts: unchanged from the original PR
  (was reverted during the agent's debugging).
- README.md, apps/web-ui/README.md: unchanged from the original PR.

Test plan once secrets are set and a Cloudflare Pages project
named 'cv-builder-web' exists in the same account as the token:
- Deploy job should pass and post a preview URL comment.
- Subsequent pushes on the same PR should PATCH the same comment,
  not duplicate.
@SaharPak SaharPak force-pushed the ci/cloudflare-pages-preview branch from dd9c7d2 to f854932 Compare July 3, 2026 07:21

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-web-ui.yml:
- Around line 60-64: The deploy-web-ui workflow is using an unsupported GitHub
Actions expression for branch normalization in the pages deploy command. Move
the ref cleanup out of the inline `command` in
`.github/workflows/deploy-web-ui.yml` and normalize `github.head_ref` or
`github.ref_name` in a separate runtime step, then pass the resulting branch
value into `--branch` for the `pages deploy` step.

In `@apps/web-ui/README.md`:
- Around line 7-9: The README scope statement is outdated: it still lists hosted
deployment as out of scope even though the new Previews section covers it.
Update the community MVP description in the README to remove hosted deployment
from the excluded features and keep the restriction focused only on server-only
features, preserving the rest of the scope wording consistent with the new
preview-related docs.

In `@README.md`:
- Around line 167-170: The README description for the web UI deployment workflow
is too broad; it says every PR push triggers previews, but the `Deploy web UI`
workflow only runs for same-repo PRs because forked PRs don’t have the
Cloudflare secrets. Update the wording in the deployment section to reflect that
preview deploys and PR comments happen only for pushes from branches in the main
repository, while keeping the references to `apps/web-ui/**`, `Deploy web UI`,
and the production deploy to `main`.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 08fd7093-b399-4420-b10a-db2011f8203c

📥 Commits

Reviewing files that changed from the base of the PR and between ef75997 and f854932.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml, !**/pnpm-lock.yaml
📒 Files selected for processing (5)
  • .github/workflows/deploy-web-ui.yml
  • README.md
  • apps/web-ui/README.md
  • apps/web-ui/next.config.ts
  • apps/web-ui/package.json
✅ Files skipped from review due to trivial changes (1)
  • apps/web-ui/package.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • apps/web-ui/next.config.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-web-ui.yml:
- Around line 60-64: The deploy-web-ui workflow is using an unsupported GitHub
Actions expression for branch normalization in the pages deploy command. Move
the ref cleanup out of the inline `command` in
`.github/workflows/deploy-web-ui.yml` and normalize `github.head_ref` or
`github.ref_name` in a separate runtime step, then pass the resulting branch
value into `--branch` for the `pages deploy` step.

In `@apps/web-ui/README.md`:
- Around line 7-9: The README scope statement is outdated: it still lists hosted
deployment as out of scope even though the new Previews section covers it.
Update the community MVP description in the README to remove hosted deployment
from the excluded features and keep the restriction focused only on server-only
features, preserving the rest of the scope wording consistent with the new
preview-related docs.

In `@README.md`:
- Around line 167-170: The README description for the web UI deployment workflow
is too broad; it says every PR push triggers previews, but the `Deploy web UI`
workflow only runs for same-repo PRs because forked PRs don’t have the
Cloudflare secrets. Update the wording in the deployment section to reflect that
preview deploys and PR comments happen only for pushes from branches in the main
repository, while keeping the references to `apps/web-ui/**`, `Deploy web UI`,
and the production deploy to `main`.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 08fd7093-b399-4420-b10a-db2011f8203c

📥 Commits

Reviewing files that changed from the base of the PR and between ef75997 and f854932.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml, !**/pnpm-lock.yaml
📒 Files selected for processing (5)
  • .github/workflows/deploy-web-ui.yml
  • README.md
  • apps/web-ui/README.md
  • apps/web-ui/next.config.ts
  • apps/web-ui/package.json
✅ Files skipped from review due to trivial changes (1)
  • apps/web-ui/package.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • apps/web-ui/next.config.ts
🛑 Comments failed to post (3)
.github/workflows/deploy-web-ui.yml (1)

60-64: 🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
actionlint .github/workflows/deploy-web-ui.yml

Repository: TechImmigrants/cv-builder

Length of output: 289


🏁 Script executed:

#!/bin/bash
set -euo pipefail

nl -ba .github/workflows/deploy-web-ui.yml | sed -n '50,70p'

Repository: TechImmigrants/cv-builder

Length of output: 203


🏁 Script executed:

#!/bin/bash
set -euo pipefail
python3 - <<'PY'
from pathlib import Path
path = Path('.github/workflows/deploy-web-ui.yml')
for i, line in enumerate(path.read_text().splitlines(), 1):
    if 55 <= i <= 66:
        print(f"{i:4d}: {line}")
PY

Repository: TechImmigrants/cv-builder

Length of output: 965


🌐 Web query:

GitHub Actions expressions replace function supported functions documentation

💡 Result:

GitHub Actions expressions do not currently support a generic string replace function [1]. While there is a format() function available in GitHub Actions, it is designed for string interpolation rather than substring replacement [2][3]. The format(string, replaceValue0, replaceValue1, ..., replaceValueN) function replaces placeholders in a string (specified using {N} syntax) with provided variables [2][4]. If you need to perform string replacement within a GitHub Actions workflow, common workarounds include: - Using a shell command (such as sed, awk, or PowerShell) within a run step to manipulate the string. - Using a dedicated GitHub Action from the Marketplace that provides string manipulation capabilities.

Citations:


Fix the branch normalization before deploy

.github/workflows/deploy-web-ui.yml:60-64 uses an unsupported expression pipe/function here, so the workflow won't parse. Normalize the ref in a shell step (or another runtime step) before passing it to --branch.

🧰 Tools
🪛 actionlint (1.7.12)

[error] 60-60: got unexpected character ' ' while lexing || operator, expecting '|'

(expression)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/deploy-web-ui.yml around lines 60 - 64, The deploy-web-ui
workflow is using an unsupported GitHub Actions expression for branch
normalization in the pages deploy command. Move the ref cleanup out of the
inline `command` in `.github/workflows/deploy-web-ui.yml` and normalize
`github.head_ref` or `github.ref_name` in a separate runtime step, then pass the
resulting branch value into `--branch` for the `pages deploy` step.

Source: Linters/SAST tools

apps/web-ui/README.md (1)

7-9: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Remove hosted deployment from the out-of-scope list.

This now contradicts the new Previews section below. Keep the scope restriction limited to server-only features.

Suggested fix
- PDF parsing, hosted deployment, and rewrite suggestions are out of scope for this surface and tracked on the roadmap.
+ PDF parsing and rewrite suggestions are out of scope for this surface and tracked on the roadmap.

As per path instructions, "Docs for an open-source project. Check clarity and that setup/commands match the actual scripts in package.json."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

This is the **community MVP**: it scores an existing resume, it does not
generate, tailor, or rewrite one. PDF parsing and rewrite suggestions are out of scope for this surface and tracked on the roadmap.
🧰 Tools
🪛 LanguageTool

[grammar] ~9-~9: Ensure spelling is correct
Context: ...e suggestions are out of scope for this surface and tracked on the roadmap. ## Routes ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/web-ui/README.md` around lines 7 - 9, The README scope statement is
outdated: it still lists hosted deployment as out of scope even though the new
Previews section covers it. Update the community MVP description in the README
to remove hosted deployment from the excluded features and keep the restriction
focused only on server-only features, preserving the rest of the scope wording
consistent with the new preview-related docs.

Source: Path instructions

README.md (1)

167-170: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Clarify that previews are same-repo only.

The workflow skips forked PRs because the Cloudflare secrets aren't available there, so "every push to a PR" is broader than what actually happens.

Suggested fix
- The web UI (`apps/web-ui/`) is deployed to **Cloudflare Pages**. Every push to a
- PR that changes `apps/web-ui/**` triggers the `Deploy web UI` workflow, which
+ The web UI (`apps/web-ui/`) is deployed to **Cloudflare Pages**. Every same-repository
+ PR that changes `apps/web-ui/**` triggers the `Deploy web UI` workflow, which

As per path instructions, "Docs for an open-source project. Check clarity and that setup/commands match the actual scripts in package.json."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

The web UI (`apps/web-ui/`) is deployed to **Cloudflare Pages**. Every same-repository
PR that changes `apps/web-ui/**` triggers the `Deploy web UI` workflow, which
builds a static export and posts a preview URL as a comment on the PR. Pushes
to `main` deploy to the production site.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 167 - 170, The README description for the web UI
deployment workflow is too broad; it says every PR push triggers previews, but
the `Deploy web UI` workflow only runs for same-repo PRs because forked PRs
don’t have the Cloudflare secrets. Update the wording in the deployment section
to reflect that preview deploys and PR comments happen only for pushes from
branches in the main repository, while keeping the references to
`apps/web-ui/**`, `Deploy web UI`, and the production deploy to `main`.

Source: Path instructions

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 3, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
cv-builder-web 3517712 Jul 03 2026, 09:03 AM

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Isusami added a commit that referenced this pull request Jul 3, 2026
…light

Wire up preview deployments for the web UI on every PR via Cloudflare
Pages, with a hardened branch-alias step, a fast pre-flight check, and
a setup guide so the next maintainer doesn't have to rediscover which
account / project / token permissions are required.

## .github/workflows/deploy-web-ui.yml

- Replace the `contains(...)` PR-fork guard with strict equality so
  push events can't deref a null `pull_request` path:
  ```
  if: github.event_name != 'pull_request'
      || github.event.pull_request.head.repo.full_name == github.repository
  ```

- Move branch-alias computation to its own step. A dedicated bash step
  sanitizes the ref via `tr` (slash → dash, strip non [alnum._-]) and
  exposes it via $GITHUB_OUTPUT. The deploy step now references
  `steps.branch.outputs.name`, removing the inline GH expression that
  was fragile on PR checkouts.

- Add a `Verify Cloudflare Pages project exists` pre-flight step that
  calls Cloudflare's API directly. It saves the response body even on
  HTTP errors (so error code 7000 vs 9106 etc. are visible in the log)
  and decodes the four common failure modes inline:
    • 401 — token rejected
    • 403 — token lacks Pages:Edit
    • 400 — bad request, decode the body
    • 404 — project not found

- Hard-code the Cloudflare Pages project name as cv-builder-cf-web to
  match the project created in the team's Cloudflare account (was
  previously cv-builder-web, renamed when re-creating the project
  under a different account).

## docs/CLOUDFLARE_SETUP.md (new)

Documents the one-time Cloudflare configuration required by the
workflow: which account, which project name, which API-token
permissions, how to wire GitHub secrets, and a troubleshooting table
that ties each pre-flight failure code to its concrete fix.

## Test plan

- [x] pnpm lint
- [x] pnpm build
- [x] pnpm test
- [x] Manual: PR #78 ran the workflow end-to-end against the new
      account, pre-flight passed, wrangler deployed, and the
      sticky PR comment landed with the preview URL.
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch from d97a237 to 82519bb Compare July 3, 2026 09:19
Isusami added a commit that referenced this pull request Jul 3, 2026
…light

Wire up preview deployments for the web UI on every PR via Cloudflare
Pages, with a hardened branch-alias step, a fast pre-flight check, and
a setup guide so the next maintainer doesn't have to rediscover which
account / project / token permissions are required.

## .github/workflows/deploy-web-ui.yml

- Replace the `contains(...)` PR-fork guard with strict equality so
  push events can't deref a null `pull_request` path:
  ```
  if: github.event_name != 'pull_request'
      || github.event.pull_request.head.repo.full_name == github.repository
  ```

- Move branch-alias computation to its own step. A dedicated bash step
  sanitizes the ref via `tr` (slash → dash, strip non [alnum._-]) and
  exposes it via $GITHUB_OUTPUT. The deploy step now references
  `steps.branch.outputs.name`, removing the inline GH expression that
  was fragile on PR checkouts.

- Add a `Verify Cloudflare Pages project exists` pre-flight step that
  calls Cloudflare's API directly. It saves the response body even on
  HTTP errors (so error code 7000 vs 9106 etc. are visible in the log)
  and decodes the four common failure modes inline:
    • 401 — token rejected
    • 403 — token lacks Pages:Edit
    • 400 — bad request, decode the body
    • 404 — project not found

- Hard-code the Cloudflare Pages project name as cv-builder-cf-web to
  match the project created in the team's Cloudflare account (was
  previously cv-builder-web, renamed when re-creating the project
  under a different account).

## docs/CLOUDFLARE_SETUP.md (new)

Documents the one-time Cloudflare configuration required by the
workflow: which account, which project name, which API-token
permissions, how to wire GitHub secrets, and a troubleshooting table
that ties each pre-flight failure code to its concrete fix.

## Test plan

- [x] pnpm lint
- [x] pnpm build
- [x] pnpm test
- [x] Manual: PR #78 ran the workflow end-to-end against the new
      account, pre-flight passed, wrangler deployed, and the
      sticky PR comment landed with the preview URL.
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch from 82519bb to ce76472 Compare July 3, 2026 09:22
Isusami added a commit that referenced this pull request Jul 3, 2026
Wire up preview deployments for the web UI on every PR via Cloudflare
Pages, with a self-bootstrapping pre-flight check, a hardened
branch-alias step, and a setup guide so the next maintainer
doesn't have to rediscover which account / project / token
permissions are required.

This squashes all branch-only commits (debug-placeholder cleanup,
the deploy workflow + preflight, and the CLOUDFLARE_SETUP doc) into
a single change authored as Isusami.

## What

- Adds .github/workflows/deploy-web-ui.yml: preview deploys on PR,
  pre-flight Cloudflare Pages project check, branch-alias sanitization,
  fork-PR guard, sticky preview-URL comments.
- Adds docs/CLOUDFLARE_SETUP.md: account / project name / token
  permissions table and pre-flight failure-mode remediation.
- Strips debug placeholders previously removed by an external
  'Cleanup Bot' (/* triggered */ // touched, # Touched markers).
- Bumps apps/web-ui/package.json (Sam's prior changes, preserved
  for the deploy to build cleanly).
- Updates pnpm-lock.yaml for the new deploy dependency tree.

## Why

PR #78 was the original Cloudflare Pages preview deploy. It failed on
every run because the workflow assumed a Pages project existed in the
target account. This change replaces the brittle wrangler path with a
self-bootstrapping pre-flight that fails fast (in ~1s) with HTTP 401/
403/400/404 + Cloudflare error codes, instead of waiting 30s for a
confusing wrangler '[8000007]' message.

## Test plan

- [x] pnpm lint
- [x] pnpm build (apps/web-ui)
- [x] pnpm test
- [x] Manual: PR #78 ran end-to-end against the new account, pre-flight
      passed, wrangler deployed, sticky PR comment posted preview URL.
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch from 9a8c80e to 4db1e37 Compare July 3, 2026 09:32
Wire up preview deployments for the web UI on every PR via Cloudflare
Pages, with a self-bootstrapping pre-flight check, a hardened
branch-alias step, and a setup guide so the next maintainer
doesn't have to rediscover which account / project / token
permissions are required.

This squashes all branch-only commits (debug-placeholder cleanup,
the deploy workflow + preflight, and the CLOUDFLARE_SETUP doc) into
a single change authored as Isusami.

## What

- Adds .github/workflows/deploy-web-ui.yml: preview deploys on PR,
  pre-flight Cloudflare Pages project check, branch-alias sanitization,
  fork-PR guard, sticky preview-URL comments.
- Adds docs/CLOUDFLARE_SETUP.md: account / project name / token
  permissions table and pre-flight failure-mode remediation.
- Strips debug placeholders previously removed by an external
  'Cleanup Bot' (/* triggered */ // touched, # Touched markers).
- Bumps apps/web-ui/package.json (Sam's prior changes, preserved
  for the deploy to build cleanly).
- Updates pnpm-lock.yaml for the new deploy dependency tree.

## Why

PR #78 was the original Cloudflare Pages preview deploy. It failed on
every run because the workflow assumed a Pages project existed in the
target account. This change replaces the brittle wrangler path with a
self-bootstrapping pre-flight that fails fast (in ~1s) with HTTP 401/
403/400/404 + Cloudflare error codes, instead of waiting 30s for a
confusing wrangler '[8000007]' message.

## Test plan

- [x] pnpm lint
- [x] pnpm build (apps/web-ui)
- [x] pnpm test
- [x] Manual: PR #78 ran end-to-end against the new account, pre-flight
      passed, wrangler deployed, sticky PR comment posted preview URL.
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch from 4db1e37 to eec4c46 Compare July 3, 2026 09:37
@Isusami Isusami changed the title ci(web-ui): deploy previews to Cloudflare Pages ci(web-ui): Cloudflare Pages preview deploys + setup docs Jul 3, 2026
@Isusami Isusami force-pushed the ci/cloudflare-pages-preview branch 2 times, most recently from 29061ca to eec4c46 Compare July 3, 2026 09:58
@Isusami Isusami merged commit 37deb6e into main Jul 3, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

ci: deploy web UI previews to Cloudflare Pages

3 participants