fix: use CF_PURGE_TOKEN secret name to avoid org secret conflict

sshrihar · sshrihar · commit 7aaa3cd7a6ba · 2025-12-08T18:24:11.000+04:00
diff --git a/.github/workflows/test_cloudflare_purge.yml b/.github/workflows/test_cloudflare_purge.yml
@@ -10,6 +10,7 @@ on:
         required: false
         type: string
         description: "Cloudflare API Token (overrides secret if provided)"
+        default: ""
 
 jobs:
   test_cloudflare_purge:
@@ -37,12 +38,16 @@ jobs:
           # Get raw values first (before any processing)
           RAW_ZONE_ID="${{ secrets.CLOUDFLARE_ZONE }}"
           
-          # Check if input token is provided (overrides secret)
-          if [ -n "${{ inputs.cloudflare_auth_key }}" ]; then
-            echo "✅ Using token from workflow input (overrides organization secret)"
+          # Try repository-specific secret first (won't conflict with org secrets)
+          # If not found, fall back to the standard name
+          if [ -n "${{ secrets.CF_PURGE_TOKEN }}" ]; then
+            echo "✅ Using token from repository secret: CF_PURGE_TOKEN"
+            RAW_AUTH_TOKEN="${{ secrets.CF_PURGE_TOKEN }}"
+          elif [ -n "${{ inputs.cloudflare_auth_key }}" ]; then
+            echo "✅ Using token from workflow input"
             RAW_AUTH_TOKEN="${{ inputs.cloudflare_auth_key }}"
           else
-            echo "Using token from secrets (may be from organization level)"
+            echo "Using token from CLOUDFLARE_AUTH_KEY (may be from organization level)"
             RAW_AUTH_TOKEN="${{ secrets.CLOUDFLARE_AUTH_KEY }}"
             
             # Check if we're reading the old token (from org secrets)
@@ -52,16 +57,16 @@ jobs:
               echo "   Token starts with: ${RAW_AUTH_TOKEN:0:3}"
               echo "   This is the OLD token that should be deleted."
               echo ""
-              echo "The organization secret is overriding your repository secret."
+              echo "SOLUTION: Create a repository secret named 'CF_PURGE_TOKEN' with your new token:"
+              echo "1. Go to: Settings → Secrets and variables → Actions"
+              echo "2. Click 'New repository secret'"
+              echo "3. Name: CF_PURGE_TOKEN"
+              echo "4. Value: Your new token (starting with 'fjx')"
+              echo "5. Click 'Add secret'"
               echo ""
-              echo "SOLUTIONS:"
-              echo "1. Ask an org admin to delete CLOUDFLARE_AUTH_KEY from org secrets"
-              echo "2. OR use workflow_dispatch with input parameter to override:"
-              echo "   - Go to Actions → Test Cloudflare Cache Purge → Run workflow"
-              echo "   - Enter your NEW token (starting with 'fjx') in 'cloudflare_auth_key' field"
-              echo "   - This will override the org secret"
+              echo "This secret name won't conflict with organization secrets."
               echo ""
-              echo "❌ Cannot proceed with old token. Please use workflow_dispatch with token input."
+              echo "❌ Cannot proceed with old token. Please create CF_PURGE_TOKEN secret."
               exit 1
             fi
           fi
