|
2 | 2 |
|
3 | 3 | Docker container used to deploy the Confidence Rust resolver to CloudFlare. |
4 | 4 |
|
5 | | -# Build the image |
| 5 | +## Build |
6 | 6 |
|
7 | 7 | From the **root of the repository**, run: |
8 | 8 |
|
9 | | -``` |
10 | | -docker build -f confidence-cloudflare-resolver/deployer/Dockerfile -t <YOUR_IMAGE_NAME> . |
| 9 | +```bash |
| 10 | +docker build --target confidence-cloudflare-resolver.deployer -t cloudflare-deployer . |
11 | 11 | ``` |
12 | 12 |
|
13 | | -# Usage |
| 13 | +## Usage |
14 | 14 |
|
15 | | -``` |
| 15 | +Only 2 environment variables are required: |
| 16 | + |
| 17 | +```bash |
16 | 18 | docker run -it \ |
17 | | - -e CLOUDFLARE_API_TOKEN='<>' \ |
18 | | - -e CONFIDENCE_CLIENT_SECRET='<>' \ |
19 | | - image-name |
| 19 | + -e CLOUDFLARE_API_TOKEN='<your-cloudflare-api-token>' \ |
| 20 | + -e CONFIDENCE_CLIENT_SECRET='<your-confidence-client-secret>' \ |
| 21 | + cloudflare-deployer |
20 | 22 | ``` |
21 | 23 |
|
22 | | -The following are automatically detected: |
23 | | -- **Cloudflare account ID**: Detected from the API token. If the token has access to multiple accounts, you must set `CLOUDFLARE_ACCOUNT_ID` explicitly. |
24 | | -- **Resolver state**: Fetched from the Confidence CDN using a SHA256 hash of your client secret. |
25 | | -- **Resolver URL**: Detected using the Cloudflare API to check the current deployment's etag and avoid unnecessary re-deploys. |
26 | | - |
27 | | -Additional optional variables: |
28 | | -- CLOUDFLARE_ACCOUNT_ID: Required only if the API token has access to multiple accounts; |
29 | | -- RESOLVE_TOKEN_ENCRYPTION_KEY: AES-128 (16 bytes) key, base64 encoded. Used internally in the resolver. Defaults to empty if not set; |
30 | | -- CONFIDENCE_RESOLVER_STATE_URL: Point to a custom resolver state URL (overrides CDN); |
31 | | -- CONFIDENCE_RESOLVER_ALLOWED_ORIGIN: Configure allowed origins in the wrangler used to deploy the resolver; |
32 | | -- FORCE_DEPLOY: Re-deploy the resolver worker, regardless if the state is detected as changed or not. |
33 | | - |
34 | | -# Sticky Assignments |
35 | | -Sticky assignments are currently not supported with the CloudFlare resolver. |
36 | | -If a flag with sticky assignment rules is encountered, it is ignored by the resolver and the evaluation will return a "flag not found". |
| 24 | +Everything else is automatically detected: |
| 25 | +- **Cloudflare account ID**: Detected from the API token (fails with helpful message if token has access to multiple accounts) |
| 26 | +- **Resolver state**: Fetched from Confidence CDN using SHA256 hash of your client secret |
| 27 | +- **Resolver URL**: Detected from Cloudflare API to check etag and avoid unnecessary re-deploys |
| 28 | + |
| 29 | +## Optional Variables |
| 30 | + |
| 31 | +| Variable | Description | |
| 32 | +|----------|-------------| |
| 33 | +| `CLOUDFLARE_ACCOUNT_ID` | Required only if the API token has access to multiple accounts | |
| 34 | +| `CONFIDENCE_RESOLVER_STATE_URL` | Custom resolver state URL (overrides CDN) | |
| 35 | +| `CONFIDENCE_RESOLVER_ALLOWED_ORIGIN` | Configure allowed origins for CORS | |
| 36 | +| `RESOLVE_TOKEN_ENCRYPTION_KEY` | AES-128 key (base64 encoded) used to encrypt resolve tokens when `apply=false`. Not needed since the resolver defaults `apply` to `true` | |
| 37 | +| `FORCE_DEPLOY` | Force re-deploy regardless of state changes | |
| 38 | +| `NO_DEPLOY` | Build only, skip deployment | |
| 39 | + |
| 40 | +## Sticky Assignments |
| 41 | + |
| 42 | +Sticky assignments are not currently supported with the CloudFlare resolver. |
| 43 | +Flags with sticky assignment rules will return "flag not found". |
0 commit comments