Deploy Cloudflare Workers and Pages projects using the Wrangler CLI.

• A Cloudflare account
• A Cloudflare API Token
• Your Cloudflare Account ID (found in the Cloudflare Dashboard)
• For Workers: a wrangler.toml config file or an existing Worker
• For Pages: a Pages project created in the Cloudflare Dashboard (Direct Upload type)

CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID are sensitive credentials. It's recommended to store them in a CNB Secret Repository and inject them into pipeline environment variables via imports.

Go to the CNB platform Create Repository page and select Secret Repository as the repository type.

Create an envs.yml file in the secret repository via the web interface with the following content:

CLOUDFLARE_API_TOKEN: your_api_token_here
CLOUDFLARE_ACCOUNT_ID: your_account_id_here

# Access control (recommended)
allow_slugs:
  - 'your-org/**'
# allow_events:
#   - push
#   - tag_push
# allow_branches:
#   - main

Access Control Reference:

Field	Description	Example
allow_slugs	Restrict which repositories can reference	your-org/** (all repos under the org)
allow_events	Restrict which event types can reference	push, tag_push, tag_deploy.*
allow_branches	Restrict which branches can reference	main, v*

Once allow_* rules are configured, the system will validate access entirely based on these rules. See File Reference Authorization for details.

This plugin supports two modes: Settings mode (simple configuration) and Script mode (flexible customization). Authentication is handled exclusively via imports from a secret repository — no credentials should be configured in settings.

⚠️ Security Notice: CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID must only be injected via imports as environment variables. Passing them via settings is not allowed.

Pass deployment parameters via settings, and the plugin will automatically build and execute the wrangler command. Authentication is provided by environment variables injected via imports.

Parameter	Required	Description
deploy_type	No	Deployment type: workers (default) or pages
working_directory	No	Working directory path
extra_args	No	Additional command-line arguments

main:
  push:
    - imports:
        - https://cnb.cool/<org>/<secret-repo>/-/blob/main/envs.yml
      stages:
        - name: build
          image: node:20-alpine
          script: npm install && npm run build
        - name: deploy to cloudflare pages
          image: docker.cnb.cool/prevailna/deploy-cloudflare:latest
          settings:
            deploy_type: pages
            project_name: my-pages-project
            directory: ./dist
            branch: main

Parameter	Required	Description
directory	Yes	Static assets directory path
project_name	Yes	Pages project name
branch	No	Deployment branch name

main:
  push:
    - imports:
        - https://cnb.cool/<org>/<secret-repo>/-/blob/main/envs.yml
      stages:
        - name: deploy worker
          image: docker.cnb.cool/prevailna/deploy-cloudflare:latest
          settings:
            deploy_type: workers
            worker_name: my-worker

Parameter	Required	Description
worker_name	No	Worker name (overrides wrangler.toml)

Write wrangler commands directly in the script block for complex or custom deployment scenarios.

main:
  push:
    - imports:
        - https://cnb.cool/<org>/<secret-repo>/-/blob/main/envs.yml
      stages:
        - name: build
          image: node:20-alpine
          script: npm install && npm run build
        - name: deploy to cloudflare pages
          image: docker.cnb.cool/prevailna/deploy-cloudflare:latest
          script: wrangler pages deploy ./dist --project-name=my-project

main:
  push:
    - imports:
        - https://cnb.cool/<org>/<secret-repo>/-/blob/main/envs.yml
      stages:
        - name: deploy worker
          image: docker.cnb.cool/prevailna/deploy-cloudflare:latest
          script: wrangler deploy

Cloudflare Workers/Pages supports multi-environment deployment, which can be combined with CNB's custom deployment feature by configuring environments in .cnb/tag_deploy.

environments:
  - name: staging
    description: Staging environment deployment
  - name: production
    description: Production environment deployment
    require:
      - environmentName: staging
        after: 60

Triggered by tag_deploy.staging:

tag_deploy.staging:
  - imports:
      - https://cnb.cool/<org>/<secret-repo>/-/blob/main/envs.yml
    stages:
      - name: build
        image: node:20-alpine
        script: npm install && npm run build
      - name: Deploy staging environment
        image: docker.cnb.cool/prevailna/deploy-cloudflare:latest
        script: |
          wrangler pages deploy ./dist \
            -n my-project \
            --branch=preview

Triggered by tag_deploy.production:

tag_deploy.production:
  - imports:
      - https://cnb.cool/<org>/<secret-repo>/-/blob/main/envs.yml
    stages:
      - name: build
        image: node:20-alpine
        script: npm install && npm run build
      - name: Deploy production environment
        image: docker.cnb.cool/prevailna/deploy-cloudflare:latest
        script: |
          wrangler pages deploy ./dist \
            -n my-project

• Cloudflare Workers Docs
• Cloudflare Pages Docs
• Wrangler CLI Docs
• CNB Docs