From 3299c1c7fd2c86df4ace73d239e5d189424e250a Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 7 Oct 2025 18:12:42 +0100
Subject: [PATCH 1/4] add open-next deployment github workflow

---
 .../tmp-cloudflare-open-next-deploy.yml       | 64 +++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 .github/workflows/tmp-cloudflare-open-next-deploy.yml

diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
new file mode 100644
index 0000000000000..e350722991693
--- /dev/null
+++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
@@ -0,0 +1,64 @@
+# Security Notes
+# Only selected Actions are allowed within this repository. Please refer to (https://github.com/nodejs/nodejs.org/settings/actions)
+# for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions.
+# REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!!
+# AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags.
+
+# Note: this is a temporary workflow for deploying the OpenNext version of the site (hosted on https://node-test.org)
+#       this version of the site is just used for testing purposes and ideally we want to keep it in sync with the
+#       official website
+
+name: Deploy the Cloudflare OpenNext test version of the site (https://node-test.org)
+
+on:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  actions: read
+
+jobs:
+  playwright:
+    name: Deploy Open-Next site
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          egress-policy: audit
+
+      - name: Git Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 2
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install packages
+        run: pnpm install --frozen-lockfile
+
+      - name: Build open-next site
+        working-directory: apps/site
+        run: node --run cloudflare:build:worker
+
+      - name: Deploy open-next site
+        working-directory: apps/site
+        run: node --run cloudflare:deploy
+        env:
+          CF_WORKERS_SCRIPTS_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_FOR_OPEN_NEXT_SITE }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_FOR_OPEN_NEXT_SITE }}

From 472fd59894912a67378b2e2a9c4457680fa4a4a5 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario.piotrowicz@gmail.com>
Date: Tue, 7 Oct 2025 19:11:32 +0100
Subject: [PATCH 2/4] add workflow_dispatch event

Co-authored-by: Aviv Keller <me@aviv.sh>
Signed-off-by: Dario Piotrowicz <dario.piotrowicz@gmail.com>
---
 .github/workflows/tmp-cloudflare-open-next-deploy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
index e350722991693..1dcf1f538b26f 100644
--- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml
+++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
@@ -11,6 +11,7 @@
 name: Deploy the Cloudflare OpenNext test version of the site (https://node-test.org)
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main

From 32af2050ea1cf9a901f8b930661710088a18ca0d Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 7 Oct 2025 19:08:32 +0100
Subject: [PATCH 3/4] remove unnecessary permission

---
 .github/workflows/tmp-cloudflare-open-next-deploy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
index 1dcf1f538b26f..43e0f62aea00c 100644
--- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml
+++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
@@ -22,7 +22,6 @@ concurrency:
 
 permissions:
   contents: read
-  actions: read
 
 jobs:
   playwright:

From 5e086143a027504ec79d2a0565679a96126f7f78 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Tue, 7 Oct 2025 19:16:39 +0100
Subject: [PATCH 4/4] update token secret name

---
 .github/workflows/tmp-cloudflare-open-next-deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
index 43e0f62aea00c..f045e00f6dd53 100644
--- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml
+++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml
@@ -60,5 +60,5 @@ jobs:
         working-directory: apps/site
         run: node --run cloudflare:deploy
         env:
-          CF_WORKERS_SCRIPTS_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_FOR_OPEN_NEXT_SITE }}
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_FOR_OPEN_NEXT_SITE }}
+          CF_WORKERS_SCRIPTS_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}