Remote Production

architecture Architecture Dashboard

Remote Production Solution Landscape

CI/CD Deployment Strategy

Two-platform deployment architecture aligning with our hybrid cloud strategy: Cloudflare Native Git Integration for edge deployments and GitHub Actions for Private Cloud infrastructure.

lightbulb Core Principle

Cloudflare deployments use Native Git Integration. Private Cloud deployments use GitHub Actions.

compare_arrows Two Deployment Workflows

verified Enterprise Standard - Mandated CI/CD pattern for all Remote Production services

Cloudflare (Native Git)

flowchart TB
    A1[👨‍💻 Developer] -->|push| B1[GitHub]
    B1 -->|webhook| C1[Cloudflare Builds]
    C1 -->|deploy| D1[Workers / Pages
D1 / R2 / KV]
    C1 -->|status + preview URL| B1
    B1 -->|webhook| E1[Atlassian Compass]

    style C1 fill:#f6821f,stroke:#e65100,stroke-width:2px,color:#fff
    style D1 fill:#f6821f,stroke:#e65100,stroke-width:2px,color:#fff

Private Cloud (GitHub Actions)

flowchart TB
    A2[👨‍💻 Developer] -->|push| B2[GitHub]
    B2 -->|trigger| C2[GitHub Actions]
    C2 -->|test & build| C2
    C2 -->|SSH via Cloudflared| D2[Proxmox VMs]
    C2 -->|docker deploy| D3[Docker Swarm]
    C2 -->|status| B2
    B2 -->|webhook| E2[Atlassian Compass]

    style C2 fill:#2ea44f,stroke:#22863a,stroke-width:2px,color:#fff
    style D2 fill:#388e3c,stroke:#1b5e20,stroke-width:2px,color:#fff
    style D3 fill:#2496ed,stroke:#1a6fb5,stroke-width:2px,color:#fff
cloud

Cloudflare (Edge Platform)

Method: Native Git Integration

Targets: Workers, Pages, D1, R2, KV

Features:

  • Automatic builds on push
  • Preview URLs for feature branches
  • Check runs posted to GitHub
  • No workflow files needed
  • Instant rollback via dashboard
dns

Private Cloud (Proxmox)

Method: GitHub Actions

Targets: VMs, Containers, Storage

Features:

  • Full control over deployment
  • SSH via Cloudflared tunnels
  • Custom test & build pipelines
  • Workflow files in repository
  • Audit trail in Actions logs

cloud Cloudflare Native Git Integration 

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub
    participant CF as Cloudflare
    participant Compass as Atlassian Compass

    Dev->>GH: Push to feature branch
    GH-->>Compass: Webhook (commit event)
    GH->>CF: Webhook triggers build
    CF->>CF: Build & Deploy Preview
    CF->>GH: Post Check Run (status + preview URL)

    Note over Dev: Review preview deployment

    Dev->>GH: Merge PR to main
    GH-->>Compass: Webhook (commit to main)
    GH->>CF: Webhook triggers build
    CF->>CF: Build & Deploy Production
    CF->>GH: Post Check Run (status)

    Note over Compass: Shows "Commit on main"

Why Native Git Integration?

Cloudflare's Recommended Approach

Native Git is Cloudflare's official guidance for Workers and Pages deployments

🛠

Simpler Configuration

No GitHub Actions workflows to maintain for Cloudflare deployments

🔗

Automatic Preview URLs

Every PR gets a unique preview deployment automatically

Instant Rollback

Rollback via Cloudflare dashboard or git revert

dns Private Cloud GitHub Actions 

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub
    participant Actions as GitHub Actions
    participant Tunnel as Cloudflared Tunnel
    participant Proxmox as Proxmox Private Cloud

    Dev->>GH: Push to main
    GH->>Actions: Trigger workflow
    Actions->>Actions: Run tests
    Actions->>Actions: Build artifacts

    Note over Actions,Tunnel: Secure connection via Zero Trust

    Actions->>Tunnel: SSH connection request
    Tunnel->>Proxmox: Forward to target VM
    Actions->>Proxmox: Deploy via SSH/API
    Proxmox-->>Actions: Deployment result
    Actions->>GH: Update commit status

When to Use GitHub Actions

  • Proxmox VMs and containers - Node.js services, Python applications
  • On-premises storage - TrueNAS, Ceph deployments
  • Network infrastructure - UniFi, firewall configurations
  • Specialized hardware - Video processing nodes, GPU workloads

Security: Cloudflared Tunnels

All GitHub Actions deployments to Private Cloud use Cloudflared tunnels for secure SSH access. No direct SSH exposure to the internet - connections route through Cloudflare's Zero Trust network.

merge_type Branch Workflow & Preview Deployments 

flowchart LR
    A[main] --> B[commit]
    B --> C{branch}
    C -->|feature branch| D[commit]
    D --> E[commit]
    E -->|Preview URL| F[Preview Deploy]
    C -->|main| G[merge]
    E --> G
    G -->|Production| H[Production Deploy]
    H --> I[hotfix]
    I -->|Production| J[Production Deploy]

    style D fill:#fff3e0,stroke:#f57c00
    style E fill:#fff3e0,stroke:#f57c00
    style F fill:#f6821f,stroke:#e65100,color:#fff
    style H fill:#388e3c,stroke:#1b5e20,color:#fff
    style J fill:#388e3c,stroke:#1b5e20,color:#fff

Branch Build Controls

star

Production Branch

main

Deploys to production URL

preview

Preview Branches

feature/*, bugfix/*

Get unique preview URLs

block

Excluded Branches

dependabot/*, renovate/*

No automatic deployments

history Rollback Options

speed

Cloudflare Dashboard (Instant)

Speed: Instant

Git History: Unchanged

When to Use: Emergency rollback

  1. Navigate to Worker/Pages in dashboard
  2. Go to Deployments tab
  3. Find previous working deployment
  4. Click "Rollback to this deployment"
undo

Git Revert (Audit Trail)

Speed: ~30s build time

Git History: Creates revert commit

When to Use: Audit trail needed

git revert HEAD
git push origin main
# Cloudflare auto-deploys reverted state

label Cloudflare Resource Naming Convention

verified Mandatory Standard - All Cloudflare resources must follow this naming pattern

Pattern

{customer}-{project}-{environment}-{component}

Examples

Resource Type Example Name
Worker (API)allermedia-cuttingroom-prod-api
Worker (Staging)allermedia-cuttingroom-staging-api
Pages (UI)allermedia-cuttingroom-prod-ui
D1 Databaseallermedia-cuttingroom-prod-db
R2 Bucketallermedia-cuttingroom-prod-assets
KV Namespaceallermedia-cuttingroom-prod-cache

Segment Definitions

{customer}

Customer/tenant

allermedia, remoteproduction

{project}

Application name

cuttingroom, acme

{environment}

Deployment env

prod, staging, dev

{component}

Resource type

api, ui, db

moving Migration Strategy

1
New Projects

Mandatory: Use Native Git Integration from creation. No GitHub Actions workflows for Cloudflare resources.

2
Existing Workers

Connect Git via Settings → Builds → Git Repository. Remove GitHub Actions workflow after verification.

3
Existing Pages

Recreate project with Git Integration (cannot convert). Migrate DNS, then delete old project.

Important Note

Pages projects created without Git Integration cannot be converted. You must create a new project and migrate the custom domain.

explore Related Documentation

home

Overview

Solution architecture and system landscape

 account_tree

Process Landscape

Business processes and workflow orchestration

 hub

Application Cooperation

System integration patterns, APIs, and data flows

 open_in_new

Cloudflare Workers Builds

Official Cloudflare documentation for Git Integration

 open_in_new

Cloudflare Pages Git

Official Pages Git Integration documentation

 code

Architecture Repository

This dashboard's source code (Native Git example)