tripplan.ing

Appearance

Secrets and Env

At a glance

  • The unified worker and docs deploys are CI-managed via .github/workflows/apps-ci.yml.
  • GitHub Environments are the source of truth for deployment vars and secrets.
  • Copy-ready examples live in:
    • .github/environments/development.env.example
    • .github/environments/production.env.example

Do this

  1. Create GitHub Environments:

    • development
    • production

  2. Populate each environment using the matching example file.

Development example (development):

bash
# Environment Variables (vars)
CF_ACCOUNT_ID=TODO_CF_ACCOUNT_ID
WORKER_NAME=tripplan-dev
D1_DATABASE_ID=TODO_D1_DATABASE_ID
D1_DATABASE_NAME=tripplan-db-dev
KV_NAMESPACE_ID=TODO_KV_NAMESPACE_ID
R2_BUCKET_NAME=tripplan-storage-dev
PLATFORM_DOMAIN_SUFFIX=dev.tripplan.ing
PLATFORM_OPERATOR_EMAILS=operator@tripplan.ing
DOCS_WORKER_NAME=tripplan-docs-dev

# Environment Secrets (secrets)
CF_DEPLOY_API_TOKEN=TODO_CF_DEPLOY_API_TOKEN
STRIPE_SECRET_KEY=TODO_STRIPE_SECRET_KEY
STRIPE_WEBHOOK_SECRET=TODO_STRIPE_WEBHOOK_SECRET
MAILGUN_API_KEY=TODO_MAILGUN_API_KEY
MAILGUN_DOMAIN=TODO_MAILGUN_DOMAIN

Production example (production):

bash
# Environment Variables (vars)
CF_ACCOUNT_ID=TODO_CF_ACCOUNT_ID
WORKER_NAME=tripplan
D1_DATABASE_ID=TODO_D1_DATABASE_ID
D1_DATABASE_NAME=tripplan-db
KV_NAMESPACE_ID=TODO_KV_NAMESPACE_ID
R2_BUCKET_NAME=tripplan-storage
PLATFORM_DOMAIN_SUFFIX=tripplan.ing
PLATFORM_OPERATOR_EMAILS=operator@tripplan.ing
DOCS_WORKER_NAME=tripplan-docs

# Environment Secrets (secrets)
CF_DEPLOY_API_TOKEN=TODO_CF_DEPLOY_API_TOKEN
STRIPE_SECRET_KEY=TODO_STRIPE_SECRET_KEY
STRIPE_WEBHOOK_SECRET=TODO_STRIPE_WEBHOOK_SECRET
MAILGUN_API_KEY=TODO_MAILGUN_API_KEY
MAILGUN_DOMAIN=TODO_MAILGUN_DOMAIN
  1. Push to main to trigger .github/workflows/apps-ci.yml, which validates and deploys the unified worker.

Runtime secret mapping

The CI workflow pushes these as Wrangler secrets to the deployed worker:

  • STRIPE_SECRET_KEY
  • STRIPE_WEBHOOK_SECRET
  • MAILGUN_API_KEY
  • MAILGUN_DOMAIN

Platform-specific env vars are set as worker bindings via wrangler.toml:

  • PLATFORM_OPERATOR_EMAILS -- comma-separated list of platform operator emails
  • PLATFORM_DOMAIN_SUFFIX -- default domain suffix (e.g., tripplan.ing)

When it fails

  • Deploy job unauthorized: verify CF_DEPLOY_API_TOKEN permissions and scopes.
  • Cloudflare API failures: verify CF_ACCOUNT_ID matches the target account.
  • Missing bindings: ensure D1_DATABASE_ID, KV_NAMESPACE_ID, and R2_BUCKET_NAME are set correctly.
  • See Troubleshooting.

Released under the MIT License.

Copyright 2026 tripplan.ing contributors