@@ -33,211 +33,9 @@ jobs:
3333 echo ""
3434 echo "Please check ALL of these locations to fully remove the secret."
3535
36- name : Verify Cloudflare Token
37- run : |
38- # Get raw values first (before any processing)
39- RAW_ZONE_ID="${{ secrets.CLOUDFLARE_ZONE }}"
40-
41- # Try repository-specific secret first (won't conflict with org secrets)
42- # If not found, fall back to the standard name
43- if [ -n "${{ secrets.CF_PURGE_TOKEN }}" ]; then
44- echo "✅ Using token from repository secret: CF_PURGE_TOKEN"
45- RAW_AUTH_TOKEN="${{ secrets.CF_PURGE_TOKEN }}"
46- elif [ -n "${{ inputs.cloudflare_auth_key }}" ]; then
47- echo "✅ Using token from workflow input"
48- RAW_AUTH_TOKEN="${{ inputs.cloudflare_auth_key }}"
49- else
50- echo "Using token from CLOUDFLARE_AUTH_KEY (may be from organization level)"
51- RAW_AUTH_TOKEN="${{ secrets.CLOUDFLARE_AUTH_KEY }}"
52-
53- # Check if we're reading the old token (from org secrets)
54- if [ -n "$RAW_AUTH_TOKEN" ] && [ "${RAW_AUTH_TOKEN:0:3}" = "ObW" ]; then
55- echo ""
56- echo "⚠️ WARNING: Reading OLD token from organization secrets!"
57- echo " Token starts with: ${RAW_AUTH_TOKEN:0:3}"
58- echo " This is the OLD token that should be deleted."
59- echo ""
60- echo "SOLUTION: Create a repository secret named 'CF_PURGE_TOKEN' with your new token:"
61- echo "1. Go to: Settings → Secrets and variables → Actions"
62- echo "2. Click 'New repository secret'"
63- echo "3. Name: CF_PURGE_TOKEN"
64- echo "4. Value: Your new token (starting with 'fjx')"
65- echo "5. Click 'Add secret'"
66- echo ""
67- echo "This secret name won't conflict with organization secrets."
68- echo ""
69- echo "❌ Cannot proceed with old token. Please create CF_PURGE_TOKEN secret."
70- exit 1
71- fi
72- fi
73-
74- # Check if token is empty
75- if [ -z "$RAW_AUTH_TOKEN" ]; then
76- echo "❌ ERROR: CLOUDFLARE_AUTH_KEY is empty!"
77- echo ""
78- echo "SOLUTION: Use workflow_dispatch and provide the token as an input:"
79- echo "1. Go to Actions → Test Cloudflare Cache Purge → Run workflow"
80- echo "2. Enter your token in 'cloudflare_auth_key' field"
81- echo "3. Click 'Run workflow'"
82- exit 1
83- fi
84-
85- echo "=== Raw Secret Inspection ==="
86- echo "Raw Zone ID length: ${#RAW_ZONE_ID}"
87- echo "Raw Token length: ${#RAW_AUTH_TOKEN}"
88- echo "Raw Token first 10 chars (hex): $(echo -n "$RAW_AUTH_TOKEN" | head -c 10 | xxd -p 2>/dev/null || echo 'xxd not available')"
89- echo "Raw Token first 10 chars (visible): $(echo -n "$RAW_AUTH_TOKEN" | head -c 10 | cat -A)"
90-
91- # Process values (trim whitespace)
92- ZONE_ID=$(echo "$RAW_ZONE_ID" | tr -d '[:space:]')
93- AUTH_TOKEN=$(echo "$RAW_AUTH_TOKEN" | tr -d '[:space:]')
94-
95- echo ""
96- echo "=== After Processing ==="
97- echo "Zone ID length: ${#ZONE_ID}"
98- echo "Zone ID: ${ZONE_ID:0:8}...${ZONE_ID: -8}"
99- echo "Token length: ${#AUTH_TOKEN}"
100-
101- # Show token preview more safely
102- if [ ${#AUTH_TOKEN} -ge 15 ]; then
103- TOKEN_START="${AUTH_TOKEN:0:10}"
104- TOKEN_END="${AUTH_TOKEN: -10}"
105- echo "Token preview: ${TOKEN_START}...${TOKEN_END}"
106- echo "Token starts with: ${AUTH_TOKEN:0:3}"
107- echo "Token ends with: ${AUTH_TOKEN: -3}"
108- else
109- echo "⚠️ WARNING: Token seems too short (${#AUTH_TOKEN} chars). API tokens are typically 40+ characters."
110- echo "Token preview: ${AUTH_TOKEN:0:4}...${AUTH_TOKEN: -4}"
111- fi
112-
113- # Check if token matches expected start
114- if [ "${AUTH_TOKEN:0:3}" != "fjx" ]; then
115- echo ""
116- echo "⚠️ WARNING: Token does not start with 'fjx' as expected!"
117- echo " Expected: starts with 'fjx'"
118- echo " Actual: starts with '${AUTH_TOKEN:0:3}'"
119- echo ""
120- echo "🔍 The secret is still being read even though you deleted it."
121- echo "This means the secret exists in one of these locations:"
122- echo ""
123- echo "1. ORGANIZATION SECRETS (most likely):"
124- echo " - Go to: https://github.com/organizations/0xPolygon/settings/secrets/actions"
125- echo " - Or: Organization Settings → Secrets and variables → Actions"
126- echo " - Look for CLOUDFLARE_AUTH_KEY and delete it there"
127- echo ""
128- echo "2. ENVIRONMENT SECRETS:"
129- echo " - Go to: Repository Settings → Environments"
130- echo " - Check each environment (dev, staging, prod, etc.)"
131- echo " - Look for CLOUDFLARE_AUTH_KEY in environment secrets"
132- echo ""
133- echo "3. REPOSITORY SECRETS (double-check):"
134- echo " - Go to: Settings → Secrets and variables → Actions"
135- echo " - Verify CLOUDFLARE_AUTH_KEY is actually deleted"
136- echo ""
137- echo "GitHub secrets hierarchy (highest priority first):"
138- echo " Environment secrets > Organization secrets > Repository secrets"
139- fi
140-
141- # Check token type hints
142- if [ ${#AUTH_TOKEN} -lt 45 ]; then
143- echo ""
144- echo "⚠️ Token length suggests it might be:"
145- echo " - A Global API Key (~37 chars) - requires email + key authentication"
146- echo " - An incomplete/truncated API Token"
147- echo ""
148- echo "For API Tokens:"
149- echo " - Should be 40+ characters long"
150- echo " - Created in: Cloudflare Dashboard → My Profile → API Tokens"
151- echo " - Needs 'Zone.Cache Purge' permission"
152- echo " - Used with: Authorization: Bearer <token>"
153- fi
154-
155- echo ""
156- echo "Testing token by fetching zone info..."
157- VERIFY_RESPONSE=$(curl -s -w "\n%{http_code}" -X GET \
158- "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}" \
159- -H "Authorization: Bearer ${AUTH_TOKEN}" \
160- -H "Content-Type: application/json")
161-
162- VERIFY_HTTP_CODE=$(echo "$VERIFY_RESPONSE" | tail -n1)
163- VERIFY_BODY=$(echo "$VERIFY_RESPONSE" | sed '$d')
164-
165- echo "Verify HTTP Status: $VERIFY_HTTP_CODE"
166- if [ "$VERIFY_HTTP_CODE" -ne 200 ]; then
167- echo "❌ Token verification failed!"
168- echo "$VERIFY_BODY" | jq '.' || echo "$VERIFY_BODY"
169- echo ""
170- echo "=== Troubleshooting ==="
171- ERROR_CODE=$(echo "$VERIFY_BODY" | jq -r '.errors[0].code' 2>/dev/null || echo "")
172- if [ "$ERROR_CODE" = "9109" ]; then
173- echo "Error 9109: Invalid access token"
174- echo ""
175- echo "This usually means:"
176- echo "1. The token is not a valid API Token"
177- echo "2. The token might be a Global API Key (requires different auth method)"
178- echo "3. The token was incorrectly copied (check for extra spaces/newlines)"
179- echo "4. The token is expired or revoked"
180- echo ""
181- echo "To create a proper API Token:"
182- echo "1. Go to: https://dash.cloudflare.com/profile/api-tokens"
183- echo "2. Click 'Create Token'"
184- echo "3. Use 'Edit zone DNS' template or create custom token with:"
185- echo " - Zone: Zone Settings:Read"
186- echo " - Zone: Zone:Read"
187- echo " - Zone: Cache Purge:Edit"
188- echo "4. Copy the ENTIRE token (it's long!)"
189- else
190- echo "Common issues:"
191- echo "1. Token may be invalid or expired"
192- echo "2. Token may not have 'Zone.Read' permission"
193- echo "3. Zone ID may be incorrect"
194- fi
195- exit 1
196- else
197- ZONE_NAME=$(echo "$VERIFY_BODY" | jq -r '.result.name' 2>/dev/null || echo "unknown")
198- echo "✅ Token verified! Zone: $ZONE_NAME"
199- echo "ZONE_ID=${ZONE_ID}" >> $GITHUB_ENV
200- echo "AUTH_TOKEN=${AUTH_TOKEN}" >> $GITHUB_ENV
201- fi
202-
20336name : Cloudflare Cache Purge
204- run : |
205- HOST="polygon-docs.polygon.technology"
206-
207- echo "Purging cache for host: $HOST"
208-
209- RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
210- "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/purge_cache" \
211- -H "Authorization: Bearer ${AUTH_TOKEN}" \
212- -H "Content-Type: application/json" \
213- --data "{\"hosts\":[\"${HOST}\"]}")
214-
215- HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
216- BODY=$(echo "$RESPONSE" | sed '$d')
217-
218- echo "HTTP Status Code: $HTTP_CODE"
219- echo "Response:"
220- echo "$BODY" | jq '.' || echo "$BODY"
221-
222- if [ "$HTTP_CODE" -eq 200 ]; then
223- SUCCESS=$(echo "$BODY" | jq -r '.success' 2>/dev/null || echo "false")
224- if [ "$SUCCESS" = "true" ]; then
225- echo "✅ Cache purge successful!"
226- exit 0
227- else
228- echo "❌ Cache purge failed - success field is false"
229- echo "$BODY" | jq -r '.errors[]? | "Error \(.code): \(.message)"' 2>/dev/null || echo "$BODY"
230- exit 1
231- fi
232- else
233- echo "❌ HTTP request failed with status $HTTP_CODE"
234- if [ "$HTTP_CODE" -eq 401 ]; then
235- echo ""
236- echo "Authentication failed. Please verify:"
237- echo "1. The API token is valid and not expired"
238- echo "2. The token has 'Zone.Cache Purge' permission"
239- echo "3. The token is for the correct Cloudflare account"
240- fi
241- exit 1
242- fi
243-
37+ uses : nathanvaughn/actions-cloudflare-purge@master
38+ with :
39+ cf_zone : ${{ secrets.CLOUDFLARE_ZONE }}
40+ cf_auth : ${{ secrets.CLOUDFLARE_AUTH_KEY }}
41+ hosts : polygon-docs-dev.polygon.technology
0 commit comments