| name | pagebin-release-deploy |
| description | Deploy the PageBin Cloudflare Worker or publish a PageBin CLI release safely. Use when asked to deploy PageBin, cut a release, tag or publish a version, verify production after deployment, or determine whether Worker and CLI release state are aligned. |
PageBin release and deploy
Treat Worker deployment and CLI release as separate operations. Do only the operation the user requested and report explicitly what remains local, unpushed, untagged, or unpublished.
Preflight
- Inspect
git status, the current branch, recent tags, and the remote release state.
- Preserve unrelated user changes. Stop if the requested release cannot be isolated safely.
- Run
bun test, bun run typecheck, bun run build, and git diff --check in proportion to the change.
- Run the requested review boundary and resolve true positives before publishing.
- Never print, inspect, source verbosely, or include
.envrc in tool output.
Deploy the Worker
The repo's Nix shell provides tools; direnv loads the repo-scoped credentials. Deploy with:
direnv exec . bun run deploy
Capture the Cloudflare Worker version ID. Verify production with read-only checks:
https://page-bin.com/robots.txt returns 200.
- A missing public route returns the branded HTML 404.
- A missing API route returns a plain-text 404.
- If the change affects the authenticated dashboard, verify it through Cloudflare Access without exposing capability URLs.
Do not treat a successful Worker upload as a CLI release.
Publish a CLI release
- Confirm the intended semantic version and that it does not already exist remotely.
- Update
package.json, the lockfile if needed, and CHANGELOG.md together.
- Re-run the complete verification gates after version changes.
- Commit the release, create the annotated tag, and push only when explicitly authorized.
- Publish the GitHub release and its expected build artifacts/checksums using the repository's current release workflow.
- Verify the remote tag, release, and downloadable artifact rather than inferring success from a local tag.
Report
Return the commit, Worker version ID or CLI version, live checks performed, and whether the branch, tag, or release was pushed. Never include credentials, deployment-token values, publish tokens, or artifact capability URLs.