fix: CI environment variable passing and caching issues

.github/workflows/deploy.yml

@@ -31,6 +31,7 @@ jobs:
     if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
     outputs:
       is_production: ${{ steps.meta.outputs.is_production }}
+      pr_number: ${{ steps.meta.outputs.pr_number }}
     steps:
       - name: Download build artifacts from workflow
         if: ${{ github.event_name == 'workflow_run' }}
@@ -68,6 +69,7 @@ jobs:
             else
               echo "is_production=false" >> $GITHUB_OUTPUT
             fi
+            echo "pr_number=0" >> $GITHUB_OUTPUT
           else
             # Auto deployment from workflow_run - check ref
             REF=$(cat ./artifacts/build-meta/ref 2>/dev/null || echo "unknown")
@@ -76,6 +78,9 @@ jobs:
             else
               echo "is_production=false" >> $GITHUB_OUTPUT
             fi
+            # Read PR number from build-meta
+            PR_NUMBER=$(cat ./artifacts/build-meta/pr_number 2>/dev/null || echo "0")
+            echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
           fi
 
       - name: Upload artifacts for deploy job
@@ -160,6 +165,10 @@ jobs:
           AVATAR: ${{ steps.config.outputs.avatar || '' }}
           PAGE_SIZE: ${{ steps.config.outputs.page_size || '5' }}
           RSS_ENABLE: ${{ steps.config.outputs.rss_enable || 'false' }}
+          S3_CACHE_FOLDER: ${{ vars.S3_CACHE_FOLDER || 'cache/' }}
+          S3_FOLDER: ${{ vars.S3_FOLDER || 'images/' }}
+          S3_REGION: ${{ vars.S3_REGION || 'auto' }}
+          S3_FORCE_PATH_STYLE: ${{ vars.S3_FORCE_PATH_STYLE || 'false' }}
           R2_BUCKET_NAME: ${{ vars.R2_BUCKET_NAME || '' }}
           S3_ENDPOINT: ${{ secrets.S3_ENDPOINT || '' }}
           S3_ACCESS_HOST: ${{ secrets.S3_ACCESS_HOST || '' }}
@@ -174,7 +183,22 @@ jobs:
           WEBHOOK_URL: ${{ vars.WEBHOOK_URL || '' }}
           RSS_TITLE: ${{ vars.RSS_TITLE || '' }}
           RSS_DESCRIPTION: ${{ vars.RSS_DESCRIPTION || '' }}
+          CACHE_STORAGE_MODE: ${{ vars.CACHE_STORAGE_MODE || 's3' }}
         run: |
           bun run deploy
           echo "url=https://${WORKER_NAME}.${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.workers.dev" >> $GITHUB_OUTPUT
 
+      - name: Comment on PR
+        if: needs.prepare.outputs.pr_number != '0'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const url = '${{ steps.deploy.outputs.url }}';
+            const prNumber = parseInt('${{ needs.prepare.outputs.pr_number }}');
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+              body: `🚀 **Preview deployed!**\n\n🔗 ${url}`
+            });
+

docs/docs/en/env.md

@@ -1,66 +1,155 @@
-# Environment Variables List
+# Environment Variables Configuration Guide
 
-## Site Configuration Variables
+Rin requires two types of environment variables: **Variables (plaintext)** and **Secrets (encrypted)**.
 
-:::tip
-Site configuration (name, description, avatar, pagination size, etc.) is now served dynamically from the backend, eliminating the need for frontend environment variables at build time.
+## Quick Reference
 
-Configuration priority: **Settings Page** > **Environment Variables** > **Default Values**
-:::
+| Type | Storage | Purpose | Examples |
+|------|---------|---------|----------|
+| **Variables** | Plaintext in `wrangler.toml` | Configuration parameters, feature flags | Bucket name, cache mode |
+| **Secrets** | Encrypted in Cloudflare | Sensitive credentials, keys | API keys, passwords, tokens |
 
-| Name         | Required | Description                             | Default Value | Config Key          |
-|--------------|----------|-----------------------------------------|---------------|--------------------|
-| NAME         | No       | Site Name & Title                       | Rin           | `site.name`        |
-| DESCRIPTION  | No       | Site Description                        | A lightweight personal blogging system | `site.description` |
-| AVATAR       | No       | Site Avatar URL                         | None          | `site.avatar`      |
-| PAGE_SIZE    | No       | Default pagination limit                | 5             | `site.page_size`   |
-| RSS_ENABLE   | No       | Enable RSS (displays RSS link at the bottom of the site if enabled) | false | `rss`              |
+---
 
-:::note
-You can modify these configurations after deployment via the **Settings Page** in the "Site Information" section. Environment variables are only used as initial default values.
-:::
+## Variables (Plaintext)
+
+These variables are stored in plaintext in `wrangler.toml` and control feature flags and basic parameters.
 
-**Deployment Environment Variables**
+### Site Configuration
 
-:::caution
-The following environment variables are required for deployment to Cloudflare Pages and cannot be modified.
+| Variable | Required | Description | Default | Config Key |
+|----------|----------|-------------|---------|------------|
+| `NAME` | No | Site name & title | Rin | `site.name` |
+| `DESCRIPTION` | No | Site description | A lightweight personal blogging system | `site.description` |
+| `AVATAR` | No | Site avatar URL | - | `site.avatar` |
+| `PAGE_SIZE` | No | Default pagination size | 5 | `site.page_size` |
+| `RSS_ENABLE` | No | Enable RSS link | false | `rss` |
+
+:::tip
+Site configuration can be modified via the **Settings Page** after deployment. Environment variables serve as initial defaults only.
 :::
 
-| Name                     | Value                                                     | Description                   |
-|--------------------------|-----------------------------------------------------------|-------------------------------|
-| SKIP_DEPENDENCY_INSTALL  | true                                                      | Skip the default npm install command |
-| UNSTABLE_PRE_BUILD       | asdf install bun latest && asdf global bun latest && bun i | Install and use Bun for dependency installation |
+### Storage Configuration
+
+| Variable | Required | Description | Default | Example |
+|----------|----------|-------------|---------|---------|
+| `S3_FOLDER` | Yes | Image storage path | images/ | `images/` |
+| `S3_CACHE_FOLDER` | No | Cache file path | cache/ | `cache/` |
+| `S3_BUCKET` | Yes | S3 bucket name | - | `my-bucket` |
+| `S3_REGION` | Yes | S3 region (use 'auto' for R2) | - | `auto` |
+| `S3_ENDPOINT` | Yes | S3 endpoint URL | - | `https://xxx.r2.cloudflarestorage.com` |
+| `S3_ACCESS_HOST` | No | Public access URL | Same as S3_ENDPOINT | `https://cdn.example.com` |
+| `S3_FORCE_PATH_STYLE` | No | Force path-style URLs | false | `false` |
 
-## Backend Environment Variables List
+### Feature Flags
 
-**Plaintext Environment Variables**
+| Variable | Required | Description | Default | Recommended |
+|----------|----------|-------------|---------|-------------|
+| `CACHE_STORAGE_MODE` | No | Cache mode: s3/database | s3 | **database** |
+| `WEBHOOK_URL` | No | Comment notification webhook | - | - |
+| `RSS_TITLE` | No | RSS feed title | - | - |
+| `RSS_DESCRIPTION` | No | RSS feed description | - | - |
 
-:::note
-The following variables can remain unencrypted in Cloudflare Workers.
+:::tip For New Users
+We recommend setting `CACHE_STORAGE_MODE` to `database` to reduce deployment complexity without additional S3 cache configuration.
 :::
 
-| Name              | Required | Description                                           | Default Value  | Example Value                                                     |
-|-------------------|----------|-------------------------------------------------------|----------------|-------------------------------------------------------------------|
-| S3_FOLDER         | Yes      | File path for storing resources when uploading images | None           | images/                                                           |
-| S3_BUCKET         | Yes      | Name of the S3 bucket                                 | None           | images                                                            |
-| S3_REGION         | Yes      | Region of the S3 bucket, use 'auto' for Cloudflare R2 | None           | auto                                                              |
-| S3_ENDPOINT       | Yes      | Endpoint address of the S3 bucket                     | None           | https://1234567890abcdef1234567890abcd.r2.cloudflarestorage.com   |
-| WEBHOOK_URL       | No       | Target address for sending Webhook notifications when a new comment is added | None  | https://webhook.example.com/webhook                               |
-| S3_ACCESS_HOST    | No       | Access address of the S3 bucket                       | S3_ENDPOINT    | https://image.xeu.life                                            |
-| S3_CACHE_FOLDER   | No       | S3 cache folder (for SEO and high-frequency request caching) | cache/  | cache/                                                            |
+---
 
-**Encrypted Environment Variables**
+## Secrets (Encrypted)
 
-:::note
-All of the following variables are required (except Webhook) and must be encrypted after debugging in Cloudflare Workers. Unencrypted variables will be cleared during deployment if not listed in `wrangler.toml`.
+These sensitive values must be configured as **Cloudflare Workers Secrets**, entered via CLI during deployment or set in advance.
+
+### Authentication (Configure at least one)
+
+| Variable | Purpose | How to Obtain |
+|----------|---------|---------------|
+| `RIN_GITHUB_CLIENT_ID` | GitHub OAuth client ID | GitHub OAuth App settings |
+| `RIN_GITHUB_CLIENT_SECRET` | GitHub OAuth client secret | GitHub OAuth App settings |
+| `ADMIN_USERNAME` | Username for password login | Set yourself |
+| `ADMIN_PASSWORD` | Password for password login | Set yourself |
+| `JWT_SECRET` | JWT signing key (any random string) | Generate yourself |
+
+:::warning Authentication Required
+You must configure either **GitHub OAuth** or **Username/Password** authentication, otherwise you cannot access the admin panel.
 :::
 
-| Name                     | Description                                              | Example Value                                                   |
-|--------------------------|----------------------------------------------------------|-----------------------------------------------------------------|
-| RIN_GITHUB_CLIENT_ID     | Client ID for GitHub OAuth (optional, alternative to username/password) | Ux66poMrKi1k11M1Q1b2                                            |
-| RIN_GITHUB_CLIENT_SECRET | Client secret for GitHub OAuth (optional, alternative to username/password) | 1234567890abcdef1234567890abcdef12345678                        |
-| ADMIN_USERNAME           | Username for username/password login (optional, alternative to GitHub OAuth) | admin                                                           |
-| ADMIN_PASSWORD           | Password for username/password login (optional, alternative to GitHub OAuth) | your_secure_password                                            |
-| JWT_SECRET               | Secret key required for JWT authentication, can be any regular format password | J0sT%Ch@nge#Me1                                                |
-| S3_ACCESS_KEY_ID         | KEY ID required for accessing the S3 bucket, for Cloudflare R2 use an API token ID with R2 edit permissions | 1234567890abcdef1234567890abcd                                  |
-| S3_SECRET_ACCESS_KEY     | Secret required for accessing the S3 bucket, for Cloudflare R2 use an API token with R2 edit permissions | 1234567890abcdef1234567890abcd|
+### S3 Storage Credentials
+
+| Variable | Purpose | How to Obtain |
+|----------|---------|---------------|
+| `S3_ACCESS_KEY_ID` | S3 access key ID | R2 API Token ID |
+| `S3_SECRET_ACCESS_KEY` | S3 secret access key | R2 API Token |
+
+### Cloudflare Deployment Credentials
+
+| Variable | Purpose | How to Obtain |
+|----------|---------|---------------|
+| `CLOUDFLARE_API_TOKEN` | Cloudflare API access token | Cloudflare Dashboard → My Profile → API Tokens |
+| `CLOUDFLARE_ACCOUNT_ID` | Cloudflare account ID | Right sidebar in Cloudflare Dashboard |
+
+---
+
+## GitHub Actions Variables
+
+When using GitHub Actions for automated deployment, configure these in your Repository settings:
+
+### Repository Variables (Settings → Secrets and variables → Variables)
+
+```
+NAME                    # Site name
+DESCRIPTION             # Site description
+AVATAR                  # Site avatar URL
+PAGE_SIZE               # Pagination size
+RSS_ENABLE              # Enable RSS
+CACHE_STORAGE_MODE      # Cache mode (recommended: database)
+R2_BUCKET_NAME          # R2 bucket name (optional)
+WORKER_NAME             # Worker name (optional)
+DB_NAME                 # D1 database name (optional)
+```
+
+### Repository Secrets (Settings → Secrets and variables → Secrets)
+
+```
+CLOUDFLARE_API_TOKEN          # Cloudflare API token
+CLOUDFLARE_ACCOUNT_ID         # Cloudflare account ID
+S3_ENDPOINT                   # S3/R2 endpoint URL
+S3_ACCESS_HOST                # S3/R2 access domain
+S3_BUCKET                     # S3 bucket name
+S3_ACCESS_KEY_ID              # S3 access key ID
+S3_SECRET_ACCESS_KEY          # S3 secret access key
+RIN_GITHUB_CLIENT_ID          # GitHub OAuth ID (optional)
+RIN_GITHUB_CLIENT_SECRET      # GitHub OAuth Secret (optional)
+ADMIN_USERNAME                # Admin username (optional)
+ADMIN_PASSWORD                # Admin password (optional)
+JWT_SECRET                    # JWT secret key
+```
+
+---
+
+## Local Development Environment
+
+For local development, use `.env` file (see `.env.example`):
+
+```bash
+# Site Configuration
+NAME="My Blog"
+DESCRIPTION="A personal blog"
+
+# S3 Storage (R2 or MinIO)
+S3_ENDPOINT=https://xxx.r2.cloudflarestorage.com
+S3_BUCKET=my-bucket
+S3_ACCESS_KEY_ID=xxx
+S3_SECRET_ACCESS_KEY=xxx
+
+# Authentication (GitHub or Username/Password)
+RIN_GITHUB_CLIENT_ID=xxx
+RIN_GITHUB_CLIENT_SECRET=xxx
+# OR
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=secure_password
+
+# Others
+JWT_SECRET=random_secret_key
+CACHE_STORAGE_MODE=database
+```

docs/docs/en/guide/deploy.mdx

@@ -106,9 +106,25 @@ After deployment is complete, you can access your blog through the following add
 
 ### Image Storage Configuration
 
-By default, Rin uses Cloudflare R2 for image storage. If you need to configure S3-compatible storage:
+Rin supports two storage methods: **Cloudflare R2** (recommended) or **S3-compatible storage**.
 
-Add the following Secrets:
+#### Using Cloudflare R2 (Recommended)
+
+If no S3 environment variables are configured, the deployment script will automatically attempt to use Cloudflare R2. You only need to set the following in GitHub Variables:
+
+| Variable Name | Description | Example |
+|--------------|-------------|---------|
+| `R2_BUCKET_NAME` | R2 bucket name | `my-blog-images` |
+
+The deployment script will automatically construct the R2 endpoint and access host. If you want to use a custom domain for images, you can additionally set:
+
+| Variable Name | Description | Example |
+|--------------|-------------|---------|
+| `S3_ACCESS_HOST` | Image access domain (optional) | `https://images.myblog.com` |
+
+#### Using S3-Compatible Storage
+
+If you need to use other S3-compatible storage (such as AWS S3, MinIO, etc.), you need to fully configure the following Secrets:
 
 | Secret Name | Description |
 |-------------|-------------|
@@ -117,6 +133,15 @@ Add the following Secrets:
 | `S3_SECRET_ACCESS_KEY` | Secret Access Key |
 | `S3_BUCKET` | Bucket name |
 
+And the following Variables (optional):
+
+| Variable Name | Description | Default |
+|--------------|-------------|---------|
+| `S3_ACCESS_HOST` | Image access domain | Same as `S3_ENDPOINT` |
+| `S3_REGION` | Storage region | `auto` |
+| `S3_FOLDER` | Image storage path | `images/` |
+| `S3_FORCE_PATH_STYLE` | Use path-style URLs | `false` |
+
 ### GitHub OAuth Configuration
 
 If you want to log in with your GitHub account: