Cloudflare Config & Deploy — the Docs Hub Manual

The main site (www.onalead.com) stays on GoDaddy, untouched. A single CNAME record hands the docs subdomain to a Cloudflare Pages project. Every deploy publishes to Cloudflare's global edge; DNS never changes again after setup.

        [ GoDaddy DNS — apex authority, unchanged ]
                        |
        +---------------+-----------------------+
        |                                       |
  (www.onalead.com)                     (docs.onalead.com)
        |                                       |
  [ GoDaddy Host ]            CNAME docs → docs-hub-cyq.pages.dev
                                                |
                                  [ Cloudflare Pages — Free plan ]
                                                |
                              deploys via CLI / CI / agent / API / web

Steps 2.1–2.3 were performed with Wrangler + the Cloudflare API and never need repeating. If the project must ever be recreated from scratch:

# authenticate (interactive, opens browser)
npx wrangler login

# create project + first deploy + bind domain
npx wrangler pages project create docs-hub --production-branch=main
npx wrangler pages deploy ./dist --project-name=docs-hub
curl -X POST "https://api.cloudflare.com/client/v4/accounts/190223caefe5ae738493d4efac78b57d/pages/projects/docs-hub/domains" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"docs.onalead.com"}'

The repo lives at D:\Users\JJKramer\repos\onalead-docs. The deployment bundle root is dist/ — whatever is in that folder is the website.

onalead-docs/
├── dist/                        ← deployment bundle root
│   ├── index.html               → docs.onalead.com/
│   └── resources/
│       └── my-doc.html          → docs.onalead.com/resources/my-doc.html
├── package.json                 ← npm run deploy
└── wrangler.jsonc               ← project name + output dir

To publish a new resource: drop the HTML file into dist/resources/, add a link in dist/index.html, and deploy with any pipeline below.

Interactive wrangler login uses a browser OAuth session that expires. Every unattended pipeline (CI, agents, scripts, raw API) instead uses a long-lived, narrowly-scoped API token.

Create the token

1. Cloudflare dashboard → My Profile → API Tokens → Create Token.
2. Use the custom token form with exactly one permission: Account · Cloudflare Pages · Edit, scoped to this account.
3. Name it for its consumer (e.g. ado-docs-hub-deploy) so it can be rotated independently.
4. Copy the token once — it is never shown again.

Use the token

Wrangler (and the Pages API) read two environment variables. Set them and no browser login is ever needed:

CLOUDFLARE_API_TOKEN=<token>
CLOUDFLARE_ACCOUNT_ID=190223caefe5ae738493d4efac78b57d

The everyday workflow for a human at a terminal. From the onalead-docs repo:

# one-time per machine (browser OAuth)
npx wrangler login

# deploy — also available as: npm run deploy
npx wrangler pages deploy ./dist --project-name=docs-hub --branch=main

Output ends with a unique preview URL per deployment (e.g. https://c943062f.docs-hub-cyq.pages.dev) plus the production alias. Deploys typically complete in under 10 seconds; only changed files upload.

For unattended local scripts (scheduled tasks, build hooks), skip login entirely and set the two environment variables from §04 — the same command then runs headless.

GitOps for teams already in ADO: push the onalead-docs repo to an ADO project, and every merge to main ships to the edge automatically.

Setup

1. Push the repo to ADO and create a pipeline from azure-pipelines.yml below.
2. Pipeline → Variables → add CLOUDFLARE_API_TOKEN with the value from §04, marked "Keep this value secret." (Or put it in a Library variable group.)

trigger:
  branches:
    include: [main]

pool:
  vmImage: ubuntu-latest

steps:
  - task: NodeTool@0
    inputs:
      versionSpec: '20.x'
    displayName: Install Node

  - script: |
      npx wrangler pages deploy ./dist --project-name=docs-hub --branch=main
    displayName: Deploy to Cloudflare Pages
    env:
      CLOUDFLARE_API_TOKEN: $(CLOUDFLARE_API_TOKEN)  # secret pipeline variable
      CLOUDFLARE_ACCOUNT_ID: 190223caefe5ae738493d4efac78b57d

If the repo lives on GitHub instead, the official wrangler-action does the same job. Add CLOUDFLARE_API_TOKEN as an encrypted repo secret (Settings → Secrets and variables → Actions).

name: Deploy docs hub
on:
  push: { branches: [main] }

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: cloudflare/wrangler-action@v3
        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          accountId: 190223caefe5ae738493d4efac78b57d
          command: pages deploy ./dist --project-name=docs-hub --branch=main

Alternatively, Cloudflare's dashboard offers a native Git integration (Workers & Pages → docs-hub → Settings → Builds) that connects directly to a GitHub/GitLab repo and builds on every push — no workflow file at all. Note: native Git integration supports GitHub and GitLab only, not Azure Repos — which is why ADO uses the Wrangler step in §06.

Two ways to let an AI agent publish docs autonomously, from simplest to most integrated:

D1 · Claude Code + Wrangler (works today)

Claude Code drives the same Wrangler CLI a human would. With the §04 token in the environment, the agent deploys headlessly — write the HTML, drop it in dist/resources/, run the deploy, verify the URL, done in one prompt.

# in D:\Users\JJKramer\repos\onalead-docs
"Add the attached writeup as a new resource page, link it from the
 index, deploy to Cloudflare Pages, and verify the live URL returns 200."

D2 · Cloudflare's native MCP servers

Cloudflare publishes remote Model Context Protocol servers that expose account operations (Workers/Pages builds, bindings, observability) as first-class tools to MCP clients like Claude Code and Claude Desktop, authenticated via OAuth:

# Workers/Pages bindings & resources
claude mcp add cloudflare-bindings -- npx mcp-remote https://bindings.mcp.cloudflare.com/sse

# build & deployment insights
claude mcp add cloudflare-builds -- npx mcp-remote https://builds.mcp.cloudflare.com/sse

On first use the browser opens for Cloudflare OAuth; afterwards the agent can inspect projects, builds, and logs through tool calls. The full catalog of servers is at github.com/cloudflare/mcp-server-cloudflare.

Everything Wrangler does is a documented HTTP API — useful for custom tooling or platforms with no Node runtime. All calls authenticate with Authorization: Bearer $CLOUDFLARE_API_TOKEN.

Read operations

BASE="https://api.cloudflare.com/client/v4/accounts/190223caefe5ae738493d4efac78b57d"

# project details, custom-domain status, deployment history
curl -s "$BASE/pages/projects/docs-hub"             -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
curl -s "$BASE/pages/projects/docs-hub/domains"     -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
curl -s "$BASE/pages/projects/docs-hub/deployments" -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

Management operations

# rollback production to a previous deployment
curl -X POST "$BASE/pages/projects/docs-hub/deployments/<DEPLOYMENT_ID>/rollback" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

# delete a deployment
curl -X DELETE "$BASE/pages/projects/docs-hub/deployments/<DEPLOYMENT_ID>" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

Zero-tooling fallback: drag-and-drop in the browser. Good for emergencies or non-technical edits; the trade-off is no git history of what shipped.

1. Open dash.cloudflare.com → Workers & Pages and select docs-hub.
2. Click Create deployment (Deployments tab).
3. Choose the main branch (production) and drag the contents of dist/ — or click "select from computer → upload folder" and pick the dist folder itself.
4. Save and deploy. The edge updates in seconds.

All six publish to the same project — they can be mixed freely. The only coordination rule: keep dist/ in git as the source of truth (see the §10 caveat).