polygon-docs-old/.github/workflows/test_cloudflare_purge.yml at 09d2ce205a7442bee80064a3abb63ab8251f7fa1 · 0xPolygon/polygon-docs-old · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: Test Cloudflare Cache Purge

on:
  push:
    branches:
      - test-cloudflare-purge
  workflow_dispatch:

jobs:
  test_cloudflare_purge:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Print Configuration
        run: |
          echo "Branch: ${{ github.ref_name }}"
          echo "Commit: ${{ github.sha }}"
          echo "Host: polygon-docs.polygon.technology"

      - name: Verify Cloudflare Token
        run: |
          # Get raw values first (before any processing)
          RAW_ZONE_ID="${{ secrets.CLOUDFLARE_ZONE }}"
          RAW_AUTH_TOKEN="${{ secrets.CLOUDFLARE_AUTH_KEY }}"

          echo "=== Raw Secret Inspection ==="
          echo "Raw Zone ID length: ${#RAW_ZONE_ID}"
          echo "Raw Token length: ${#RAW_AUTH_TOKEN}"
          echo "Raw Token first 10 chars (hex): $(echo -n "$RAW_AUTH_TOKEN" | head -c 10 | xxd -p 2>/dev/null || echo 'xxd not available')"
          echo "Raw Token first 10 chars (visible): $(echo -n "$RAW_AUTH_TOKEN" | head -c 10 | cat -A)"

          # Process values (trim whitespace)
          ZONE_ID=$(echo "$RAW_ZONE_ID" | tr -d '[:space:]')
          AUTH_TOKEN=$(echo "$RAW_AUTH_TOKEN" | tr -d '[:space:]')

          echo ""
          echo "=== After Processing ==="
          echo "Zone ID length: ${#ZONE_ID}"
          echo "Zone ID: ${ZONE_ID:0:8}...${ZONE_ID: -8}"
          echo "Token length: ${#AUTH_TOKEN}"

          # Show token preview more safely
          if [ ${#AUTH_TOKEN} -ge 15 ]; then
            TOKEN_START="${AUTH_TOKEN:0:10}"
            TOKEN_END="${AUTH_TOKEN: -10}"
            echo "Token preview: ${TOKEN_START}...${TOKEN_END}"
            echo "Token starts with: ${AUTH_TOKEN:0:3}"
            echo "Token ends with: ${AUTH_TOKEN: -3}"
          else
            echo "⚠️  WARNING: Token seems too short (${#AUTH_TOKEN} chars). API tokens are typically 40+ characters."
            echo "Token preview: ${AUTH_TOKEN:0:4}...${AUTH_TOKEN: -4}"
          fi

          # Check if token matches expected start
          if [ "${AUTH_TOKEN:0:3}" != "fjx" ]; then
            echo ""
            echo "⚠️  WARNING: Token does not start with 'fjx' as expected!"
            echo "   Expected: starts with 'fjx'"
            echo "   Actual: starts with '${AUTH_TOKEN:0:3}'"
            echo ""
            echo "This suggests the GitHub secret may not have been updated correctly."
            echo "Please verify:"
            echo "1. Go to: Settings → Secrets and variables → Actions"
            echo "2. Check CLOUDFLARE_AUTH_KEY value"
            echo "3. Make sure you saved the secret after updating it"
            echo "4. Wait a few seconds for GitHub to propagate the secret"
          fi

          # Check token type hints
          if [ ${#AUTH_TOKEN} -lt 45 ]; then
            echo ""
            echo "⚠️  Token length suggests it might be:"
            echo "   - A Global API Key (~37 chars) - requires email + key authentication"
            echo "   - An incomplete/truncated API Token"
            echo ""
            echo "For API Tokens:"
            echo "   - Should be 40+ characters long"
            echo "   - Created in: Cloudflare Dashboard → My Profile → API Tokens"
            echo "   - Needs 'Zone.Cache Purge' permission"
            echo "   - Used with: Authorization: Bearer <token>"
          fi

          echo ""
          echo "Testing token by fetching zone info..."
          VERIFY_RESPONSE=$(curl -s -w "\n%{http_code}" -X GET \
            "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}" \
            -H "Authorization: Bearer ${AUTH_TOKEN}" \
            -H "Content-Type: application/json")

          VERIFY_HTTP_CODE=$(echo "$VERIFY_RESPONSE" | tail -n1)
          VERIFY_BODY=$(echo "$VERIFY_RESPONSE" | sed '$d')

          echo "Verify HTTP Status: $VERIFY_HTTP_CODE"
          if [ "$VERIFY_HTTP_CODE" -ne 200 ]; then
            echo "❌ Token verification failed!"
            echo "$VERIFY_BODY" | jq '.' || echo "$VERIFY_BODY"
            echo ""
            echo "=== Troubleshooting ==="
            ERROR_CODE=$(echo "$VERIFY_BODY" | jq -r '.errors[0].code' 2>/dev/null || echo "")
            if [ "$ERROR_CODE" = "9109" ]; then
              echo "Error 9109: Invalid access token"
              echo ""
              echo "This usually means:"
              echo "1. The token is not a valid API Token"
              echo "2. The token might be a Global API Key (requires different auth method)"
              echo "3. The token was incorrectly copied (check for extra spaces/newlines)"
              echo "4. The token is expired or revoked"
              echo ""
              echo "To create a proper API Token:"
              echo "1. Go to: https://dash.cloudflare.com/profile/api-tokens"
              echo "2. Click 'Create Token'"
              echo "3. Use 'Edit zone DNS' template or create custom token with:"
              echo "   - Zone: Zone Settings:Read"
              echo "   - Zone: Zone:Read"
              echo "   - Zone: Cache Purge:Edit"
              echo "4. Copy the ENTIRE token (it's long!)"
            else
              echo "Common issues:"
              echo "1. Token may be invalid or expired"
              echo "2. Token may not have 'Zone.Read' permission"
              echo "3. Zone ID may be incorrect"
            fi
            exit 1
          else
            ZONE_NAME=$(echo "$VERIFY_BODY" | jq -r '.result.name' 2>/dev/null || echo "unknown")
            echo "✅ Token verified! Zone: $ZONE_NAME"
            echo "ZONE_ID=${ZONE_ID}" >> $GITHUB_ENV
            echo "AUTH_TOKEN=${AUTH_TOKEN}" >> $GITHUB_ENV
          fi

      - name: Cloudflare Cache Purge
        run: |
          HOST="polygon-docs.polygon.technology"

          echo "Purging cache for host: $HOST"

          RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
            "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/purge_cache" \
            -H "Authorization: Bearer ${AUTH_TOKEN}" \
            -H "Content-Type: application/json" \
            --data "{\"hosts\":[\"${HOST}\"]}")

          HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
          BODY=$(echo "$RESPONSE" | sed '$d')

          echo "HTTP Status Code: $HTTP_CODE"
          echo "Response:"
          echo "$BODY" | jq '.' || echo "$BODY"

          if [ "$HTTP_CODE" -eq 200 ]; then
            SUCCESS=$(echo "$BODY" | jq -r '.success' 2>/dev/null || echo "false")
            if [ "$SUCCESS" = "true" ]; then
              echo "✅ Cache purge successful!"
              exit 0
            else
              echo "❌ Cache purge failed - success field is false"
              echo "$BODY" | jq -r '.errors[]? | "Error \(.code): \(.message)"' 2>/dev/null || echo "$BODY"
              exit 1
            fi
          else
            echo "❌ HTTP request failed with status $HTTP_CODE"
            if [ "$HTTP_CODE" -eq 401 ]; then
              echo ""
              echo "Authentication failed. Please verify:"
              echo "1. The API token is valid and not expired"
              echo "2. The token has 'Zone.Cache Purge' permission"
              echo "3. The token is for the correct Cloudflare account"
            fi
            exit 1
          fi