Public Infrastructure as Code (IaC) for The-Hideout's Cloudflare (CF) configuration - managed by Terraform!
This repository uses Terraform to manage the configuration and state for supported pieces of our Cloudflare infrastructure:
ZonesDNSDNS FeaturesZone SettingsRate LimitsManaged Firewall RulesManaged TransformsPage RulesTiered CacheURL Normalization
Because this repository is public, we intentionally keep sensitive records and security rules out of source control and only manage the safe subset here.
The best and suggested way to make changes to our Cloudflare configurations is through pull requests. You can make changes by running Terraform locally but this requires the proper setup, and credentials. These steps will be noted below but are generally reserved for core contributors to the project
To deploy a change to our CF infrastructure, simply do the following:
-
Draft your changes in your favorite IDE
-
Open a pull request with your changes
-
Ensure CI is passing and review the Terraform Plan comment on your pull request
-
Obtain a review confirming your changes
-
Branch deploy your change to production via a comment on your pull request - branch deploy example
Simply comment
.deployon your PR to deploy your changes. If anything goes wrong, or you need to rollback, comment.deploy mainto re-deploy themainbranch to production - Here is another example showing how PR approvals and rollbacks work: example -
Wait at least 5 minutes to ensure your changes are working as expected
-
Merge! Upon merging, your changes will be automatically deployed to production (again) ✨
Note: Since we are using branch deploys your merge will often show a "no changes" in the Terraform apply (in the GitHub Actions job). This is expected because if you branch deployed, your changes are already live so there is nothing Terraform needs to do. Hooray!
Should you need assistance or have any questions using this repository, you can always join our Discord for assistance.