Refactor Cloudflare Tunnel setup in README and CI workflow#39
Refactor Cloudflare Tunnel setup in README and CI workflow#39fakebizprez merged 3 commits intomasterfrom
Conversation
- Updated README to clarify the automatic start of the Cloudflare Tunnel service and simplified the startup command. - Adjusted CI workflow to remove the cloudflare profile specification during deployment, ensuring a more straightforward process. - Retained the restart policy in docker-compose.yml for the tunnel service.
WalkthroughRemoved Cloudflare profile gating so the cloudflared service starts automatically. CI deployment no longer uses Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested labels
Poem
Pre-merge checks✅ Passed checks (3 passed)
📜 Recent review detailsConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
🧰 Additional context used🧠 Learnings (7)📚 Learning: 2025-11-27T09:21:56.117ZApplied to files:
📚 Learning: 2025-11-27T09:21:56.117ZApplied to files:
📚 Learning: 2025-11-27T09:21:56.117ZApplied to files:
📚 Learning: 2026-01-03T19:06:09.139ZApplied to files:
📚 Learning: 2026-01-03T19:06:09.139ZApplied to files:
📚 Learning: 2025-11-27T09:21:56.117ZApplied to files:
📚 Learning: 2026-01-03T19:06:09.139ZApplied to files:
🪛 LanguageToolREADME.md[uncategorized] ~236-~236: The official name of this software platform is spelled with a capital “H”. (GITHUB) ⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
🔇 Additional comments (3)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@greptileai review |
|
| Filename | Overview |
|---|---|
| docker-compose.yml | Removed cloudflare profile from cloudflared service, making tunnel start automatically with docker compose up |
| README.md | Updated instructions to reflect automatic Cloudflare Tunnel startup, removing --profile cloudflare flag requirement |
| .github/workflows/ci.yml | Removed --profile cloudflare flag from deployment command and updated comment for clarity |
Sequence Diagram
sequenceDiagram
participant GH as GitHub Actions
participant Runner as Self-Hosted Runner
participant Secrets as GitHub Secrets
participant FS as File System
participant Docker as Docker Compose
participant TM as temp-monitor Service
participant CF as cloudflared Service
GH->>Runner: Trigger deploy job (push/release)
Runner->>Runner: Checkout code
Runner->>Secrets: Request BEARER_TOKEN
Runner->>Secrets: Request CLOUDFLARED_TOKEN
Runner->>Secrets: Request SLACK_WEBHOOK_URL
Runner->>Runner: Validate BEARER_TOKEN exists
Runner->>Runner: Validate CLOUDFLARED_TOKEN exists
Runner->>FS: Create .env file with secrets
Runner->>FS: mkdir -p logs
Runner->>Docker: docker compose up -d --build
Docker->>Docker: Build temp-monitor image
Docker->>TM: Start temp-monitor service
Docker->>CF: Start cloudflared service (automatic)
CF->>CF: tunnel run --token ${CLOUDFLARED_TOKEN}
CF->>TM: Proxy traffic to temp-monitor:8080
TM-->>Docker: Health check every 30s
Docker-->>GH: Deployment complete
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
docker-compose.yml (1)
26-31: Consider whether cloudflared should remain optional via profile.Removing the profile gating means the cloudflared service will always attempt to start. If
CLOUDFLARED_TOKENis not set, the service will fail repeatedly (even withrestart: unless-stopped), generating error logs. This makes Cloudflare Tunnel effectively mandatory rather than optional.Options:
- Restore the profile approach:
profiles: ["cloudflare"]to keep it truly optional- Add clear documentation that CLOUDFLARED_TOKEN is now mandatory for all deployments
- Make the service more resilient by adding a healthcheck or startup condition
Note: The main temp-monitor service should continue working even if cloudflared fails, but the deployment will show a degraded state.
.github/workflows/ci.yml (1)
79-91: Remove redundant conditional logic for CLOUDFLARED_TOKEN.Lines 79-83 validate that
CLOUDFLARED_TOKENis required and fail the workflow if missing. However, lines 88-91 then check if the token is set before adding it to the.envfile. This conditional logic is now redundant since line 80 ensuresCLOUDFLARED_TOKENis always non-empty at that point.🔎 Proposed fix to remove redundant logic
# Create .env file with required configuration echo "BEARER_TOKEN=${BEARER_TOKEN}" > .env - # Add optional Cloudflare Tunnel token if configured - if [ -n "${CLOUDFLARED_TOKEN}" ]; then - echo "CLOUDFLARED_TOKEN=${CLOUDFLARED_TOKEN}" >> .env - fi + # Add Cloudflare Tunnel token (validated as required above) + echo "CLOUDFLARED_TOKEN=${CLOUDFLARED_TOKEN}" >> .env
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/ci.ymlREADME.mddocker-compose.yml
🧰 Additional context used
📓 Path-based instructions (1)
{Dockerfile,docker-compose.yml}
📄 CodeRabbit inference engine (CLAUDE.md)
Use Docker Compose with ARM build support for deployment and include privileged mode, I2C device mounting, and /sys read-only access for hardware interaction
Files:
docker-compose.yml
🧠 Learnings (2)
📚 Learning: 2025-11-27T09:21:56.117Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-27T09:21:56.117Z
Learning: Applies to **/CLAUDE.md : Update CLAUDE.md when making architectural changes, adding new configuration options, or modifying core algorithms
Applied to files:
README.md
📚 Learning: 2026-01-03T19:06:09.139Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T19:06:09.139Z
Learning: Applies to {Dockerfile,docker-compose.yml} : Use Docker Compose with ARM build support for deployment and include privileged mode, I2C device mounting, and /sys read-only access for hardware interaction
Applied to files:
README.md.github/workflows/ci.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Greptile Review
🔇 Additional comments (1)
.github/workflows/ci.yml (1)
119-119: LGTM! Deployment command correctly reflects the removal of profile gating.The removal of
--profile cloudflareis consistent with the docker-compose.yml changes where the cloudflared service no longer uses profile-based gating.
- Updated README to indicate that `CLOUDFLARED_TOKEN` is required for the Cloudflare Tunnel service to start. - Modified CI workflow comments to reflect the necessity of the Cloudflare Tunnel token during environment setup.
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/ci.yml (1)
79-91: Redundant conditional logic after required validation.Lines 79-83 validate that
CLOUDFLARED_TOKENexists and exit if it's missing, establishing it as required. However, lines 89-91 then conditionally add the token only "if [ -n "${CLOUDFLARED_TOKEN}" ]", which is redundant since we've already confirmed it exists.Additionally, line 88's comment changed from "optional" to "required", but the conditional logic suggests optional behavior, creating confusion about the actual requirement.
🔎 Suggested simplification
- # Add required Cloudflare Tunnel token - if [ -n "${CLOUDFLARED_TOKEN}" ]; then - echo "CLOUDFLARED_TOKEN=${CLOUDFLARED_TOKEN}" >> .env - fi + # Add required Cloudflare Tunnel token (validated above) + echo "CLOUDFLARED_TOKEN=${CLOUDFLARED_TOKEN}" >> .env
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/ci.ymlREADME.md
🧰 Additional context used
🧠 Learnings (6)
📚 Learning: 2025-11-27T09:21:56.117Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-27T09:21:56.117Z
Learning: Applies to **/CLAUDE.md : Update CLAUDE.md when making architectural changes, adding new configuration options, or modifying core algorithms
Applied to files:
README.md
📚 Learning: 2025-11-27T09:21:56.117Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-27T09:21:56.117Z
Learning: Applies to **/temp_monitor.py : Store BEARER_TOKEN in .env file (never committed to git) and load at application startup; auto-generate token if .env is missing
Applied to files:
README.md.github/workflows/ci.yml
📚 Learning: 2025-11-27T09:21:56.117Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-27T09:21:56.117Z
Learning: Applies to **/temp_monitor.py : Use environment variables (loaded via python-dotenv) for configurable paths: LOG_FILE, LOGO_PATH, FAVICON_PATH, BEARER_TOKEN
Applied to files:
README.md.github/workflows/ci.yml
📚 Learning: 2026-01-03T19:06:09.139Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T19:06:09.139Z
Learning: Applies to {Dockerfile,docker-compose.yml} : Use Docker Compose with ARM build support for deployment and include privileged mode, I2C device mounting, and /sys read-only access for hardware interaction
Applied to files:
README.md.github/workflows/ci.yml
📚 Learning: 2026-01-03T19:06:09.139Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T19:06:09.139Z
Learning: Applies to .env.example : Generate API Bearer token using python3 -c "import secrets; print(secrets.token_hex(32))" and store securely in .env file
Applied to files:
.github/workflows/ci.yml
📚 Learning: 2026-01-03T19:06:09.139Z
Learnt from: CR
Repo: freightCognition/temp_monitor PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T19:06:09.139Z
Learning: Applies to **/*.py : Use environment variables from .env file for configuration (LOG_FILE, BEARER_TOKEN, SLACK_WEBHOOK_URL, WEBHOOK_*, ALERT_*, STATUS_UPDATE_*) managed through python-dotenv
Applied to files:
.github/workflows/ci.yml
🔇 Additional comments (2)
README.md (1)
236-237: Good addition addressing previous review feedback.The added note clearly explains the behavior when
CLOUDFLARED_TOKENis not set and provides guidance for running without Cloudflare Tunnel. This directly addresses the concern raised in the previous review about documenting failure behavior.</review_comment_end>
.github/workflows/ci.yml (1)
119-119: Approved: Profile flag removal aligns with docker-compose changes.Removing
--profile cloudflareis consistent with the broader refactoring to make the Cloudflare Tunnel service start automatically when the token is present, rather than requiring explicit profile activation.</review_comment_end>
- Updated README to specify that `CLOUDFLARED_TOKEN` is required for CI/production environments, while being optional for local development. - Enhanced notes on the Cloudflare Tunnel service startup process and its implications for local and CI deployments.
|
baz review |
![baz-reviewer[bot]](https://avatars.githubusercontent.com/in/933528?s=60&v=4){kind=small}
|
Skipped: This PR does not contain any of your configured labels: ( |
1 participant
Summary by CodeRabbit
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.