From 6fd5656fbadd163bbe5a39b510df5df35a0b6234 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 13 May 2025 13:28:28 +0100
Subject: [PATCH 1/8] chore: remove Cloudflare related pre-scripts in favour of
 turbo `dependsOn` configs

---
 apps/site/package.json |  6 ++----
 apps/site/turbo.json   | 16 +++++++++++++++-
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/apps/site/package.json b/apps/site/package.json
index fef3e1e59e307..df0e3bd45cd11 100644
--- a/apps/site/package.json
+++ b/apps/site/package.json
@@ -2,11 +2,9 @@
   "name": "@node-core/website",
   "type": "module",
   "scripts": {
-    "prebuild": "pnpm build-blog-data",
     "build": "cross-env NODE_NO_WARNINGS=1 next build",
     "check-types": "tsc --noEmit",
     "deploy": "cross-env NEXT_PUBLIC_STATIC_EXPORT=true NODE_NO_WARNINGS=1 next build",
-    "predev": "pnpm build-blog-data",
     "dev": "cross-env NODE_NO_WARNINGS=1 next dev",
     "lint": "turbo run lint:md lint:js lint:css",
     "lint:css": "stylelint \"**/*.css\" --allow-empty-input --cache --cache-strategy=content --cache-location=.stylelintcache",
@@ -23,8 +21,8 @@
     "build-blog-data": "node ./scripts/blog-data/generate.mjs",
     "build-blog-data:watch": "node --watch --watch-path=pages/en/blog ./scripts/blog-data/generate.mjs",
     "cloudflare:build:worker": "opennextjs-cloudflare build",
-    "cloudflare:preview": "pnpm run cloudflare:build:worker && wrangler dev",
-    "cloudflare:deploy": "pnpm run cloudflare:build:worker && wrangler deploy"
+    "cloudflare:preview": "wrangler dev",
+    "cloudflare:deploy": "wrangler deploy"
   },
   "dependencies": {
     "@heroicons/react": "~2.2.0",
diff --git a/apps/site/turbo.json b/apps/site/turbo.json
index e8a826992df66..c7cbeb7bb7025 100644
--- a/apps/site/turbo.json
+++ b/apps/site/turbo.json
@@ -4,6 +4,7 @@
   "globalEnv": ["NODE_ENV"],
   "tasks": {
     "dev": {
+      "dependsOn": ["build-blog-data"],
       "cache": false,
       "persistent": true,
       "env": [
@@ -24,7 +25,7 @@
       ]
     },
     "build": {
-      "dependsOn": ["^build"],
+      "dependsOn": ["build-blog-data", "^build"],
       "inputs": [
         "{app,components,hooks,i18n,layouts,middlewares,pages,providers,types,util}/**/*.{ts,tsx}",
         "{app,components,layouts,pages,styles}/**/*.css",
@@ -133,7 +134,19 @@
       "inputs": ["{pages}/**/*.{mdx,md}"],
       "outputs": ["public/blog-data.json"]
     },
+    "cloudflare:build:worker": {
+      "dependsOn": ["build-blog-data"],
+      "inputs": [
+        "{app,components,hooks,i18n,layouts,middlewares,pages,providers,types,util}/**/*.{ts,tsx}",
+        "{app,components,layouts,pages,styles}/**/*.css",
+        "{next-data,scripts,i18n}/**/*.{mjs,json}",
+        "{app,pages}/**/*.{mdx,md}",
+        "*.{md,mdx,json,ts,tsx,mjs,yml}"
+      ],
+      "outputs": [".open-next/**"]
+    },
     "cloudflare:preview": {
+      "dependsOn": ["cloudflare:build:worker"],
       "inputs": [
         "{app,components,hooks,i18n,layouts,middlewares,pages,providers,types,util}/**/*.{ts,tsx}",
         "{app,components,layouts,pages,styles}/**/*.css",
@@ -144,6 +157,7 @@
       "outputs": [".open-next/**"]
     },
     "cloudflare:deploy": {
+      "dependsOn": ["cloudflare:build:worker"],
       "inputs": [
         "{app,components,hooks,i18n,layouts,middlewares,pages,providers,types,util}/**/*.{ts,tsx}",
         "{app,components,layouts,pages,styles}/**/*.css",

From adc9091ec8e30f8a1af3ef63fa568431c8e79f22 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 13 May 2025 13:31:23 +0100
Subject: [PATCH 2/8] chore: add workflow to test Cloudflare Worker build on
 PRs and pushes

---
 .../workflows/cloudflare-open-next-build.yml  | 69 +++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 .github/workflows/cloudflare-open-next-build.yml

diff --git a/.github/workflows/cloudflare-open-next-build.yml b/.github/workflows/cloudflare-open-next-build.yml
new file mode 100644
index 0000000000000..50808bc76bf49
--- /dev/null
+++ b/.github/workflows/cloudflare-open-next-build.yml
@@ -0,0 +1,69 @@
+# Security Notes
+# Only selected Actions are allowed within this repository. Please refer to (https://github.com/nodejs/nodejs.org/settings/actions)
+# for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions.
+# REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!!
+# AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags.
+
+name: Cloudflare OpenNext Build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request_target:
+    branches:
+      - main
+    types:
+      - labeled
+
+defaults:
+  run:
+    # This ensures that the working directory is the root of the repository
+    working-directory: ./
+
+permissions:
+  contents: read
+  actions: read
+
+env:
+  # See https://turbo.build/repo/docs/reference/command-line-reference/run#--cache-dir
+  TURBO_ARGS: --cache-dir=.turbo/cache
+  # See https://turbo.build/repo/docs/reference/command-line-reference/run#--force
+  TURBO_FORCE: true
+
+jobs:
+  build-cloudflare-worker:
+    name: Build Cloudflare Worker on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Git Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        with:
+          cache: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install packages
+        run: pnpm install --frozen-lockfile
+
+      - name: Build Cloudflare Worker
+        run: pnpm turbo run --filter=@node-core/website cloudflare:build:worker

From 8f96831a07697bc5f6c0f284cb816cd5a1aa0a36 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 13 May 2025 15:20:57 +0100
Subject: [PATCH 3/8] fixup! chore: add workflow to test Cloudflare Worker
 build on PRs and pushes

remove windows since the OpenNext adapter is not compatible with it
---
 .github/workflows/cloudflare-open-next-build.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/cloudflare-open-next-build.yml b/.github/workflows/cloudflare-open-next-build.yml
index 50808bc76bf49..bb1674f73546b 100644
--- a/.github/workflows/cloudflare-open-next-build.yml
+++ b/.github/workflows/cloudflare-open-next-build.yml
@@ -33,13 +33,8 @@ env:
 
 jobs:
   build-cloudflare-worker:
-    name: Build Cloudflare Worker on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, windows-latest]
+    name: Build Cloudflare Worker (on ubuntu)
+    runs-on: ubuntu-latest
 
     steps:
       - name: Harden Runner

From b3d62fa1c06b00609b596f236534f0c29f4caa1f Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 13 May 2025 15:23:12 +0100
Subject: [PATCH 4/8] fixup! chore: remove Cloudflare related pre-scripts in
 favour of turbo `dependsOn` configs

add back `prebuild` script as that is needed for the vercel deployment
---
 apps/site/package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/site/package.json b/apps/site/package.json
index df0e3bd45cd11..a840c139bb22f 100644
--- a/apps/site/package.json
+++ b/apps/site/package.json
@@ -2,6 +2,7 @@
   "name": "@node-core/website",
   "type": "module",
   "scripts": {
+    "prebuild": "pnpm build-blog-data",
     "build": "cross-env NODE_NO_WARNINGS=1 next build",
     "check-types": "tsc --noEmit",
     "deploy": "cross-env NEXT_PUBLIC_STATIC_EXPORT=true NODE_NO_WARNINGS=1 next build",

From 33da97db671d05471700154f6530bfba8b68834b Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario.piotrowicz@gmail.com>
Date: Tue, 13 May 2025 15:31:07 +0100
Subject: [PATCH 5/8] fixup! chore: add workflow to test Cloudflare Worker
 build on PRs and pushes

Apply suggestions from code review

Co-authored-by: Aviv Keller <me@aviv.sh>
Signed-off-by: Dario Piotrowicz <dario.piotrowicz@gmail.com>
---
 .github/workflows/cloudflare-open-next-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cloudflare-open-next-build.yml b/.github/workflows/cloudflare-open-next-build.yml
index bb1674f73546b..0b3cf5d448bef 100644
--- a/.github/workflows/cloudflare-open-next-build.yml
+++ b/.github/workflows/cloudflare-open-next-build.yml
@@ -61,4 +61,4 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: Build Cloudflare Worker
-        run: pnpm turbo run --filter=@node-core/website cloudflare:build:worker
+        run: pnpm exec turbo run --filter=@node-core/website cloudflare:build:worker ${{ env.TURBO_ARGS }}

From a2f84804577d9bea9db4648bd30ac15d43891d0d Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 13 May 2025 15:32:33 +0100
Subject: [PATCH 6/8] fixup! chore: add workflow to test Cloudflare Worker
 build on PRs and pushes

remove unnecessary filter
---
 .github/workflows/cloudflare-open-next-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cloudflare-open-next-build.yml b/.github/workflows/cloudflare-open-next-build.yml
index 0b3cf5d448bef..ef8293a5a7b08 100644
--- a/.github/workflows/cloudflare-open-next-build.yml
+++ b/.github/workflows/cloudflare-open-next-build.yml
@@ -61,4 +61,4 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: Build Cloudflare Worker
-        run: pnpm exec turbo run --filter=@node-core/website cloudflare:build:worker ${{ env.TURBO_ARGS }}
+        run: pnpm exec turbo run cloudflare:build:worker ${{ env.TURBO_ARGS }}

From e2991be04d63f697e634737e8bb6ed47574ce6a8 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 13 May 2025 15:35:59 +0100
Subject: [PATCH 7/8] fixup! chore: add workflow to test Cloudflare Worker
 build on PRs and pushes

update incorrect `pull_request_target` to `pull_request`
---
 .github/workflows/cloudflare-open-next-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cloudflare-open-next-build.yml b/.github/workflows/cloudflare-open-next-build.yml
index ef8293a5a7b08..cd1bd4bb24a2a 100644
--- a/.github/workflows/cloudflare-open-next-build.yml
+++ b/.github/workflows/cloudflare-open-next-build.yml
@@ -10,7 +10,7 @@ on:
   push:
     branches:
       - main
-  pull_request_target:
+  pull_request:
     branches:
       - main
     types:

From b301016eaf93910ca3dc5c45378b5132e06a118a Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario.piotrowicz@gmail.com>
Date: Tue, 13 May 2025 19:28:36 +0100
Subject: [PATCH 8/8] Apply suggestions from code review

Co-authored-by: Aviv Keller <me@aviv.sh>
Signed-off-by: Dario Piotrowicz <dario.piotrowicz@gmail.com>
---
 .github/workflows/cloudflare-open-next-build.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/cloudflare-open-next-build.yml b/.github/workflows/cloudflare-open-next-build.yml
index cd1bd4bb24a2a..67df12fd7103c 100644
--- a/.github/workflows/cloudflare-open-next-build.yml
+++ b/.github/workflows/cloudflare-open-next-build.yml
@@ -13,8 +13,6 @@ on:
   pull_request:
     branches:
       - main
-    types:
-      - labeled
 
 defaults:
   run:
@@ -33,7 +31,7 @@ env:
 
 jobs:
   build-cloudflare-worker:
-    name: Build Cloudflare Worker (on ubuntu)
+    name: Build Cloudflare Worker
     runs-on: ubuntu-latest
 
     steps: