From 4f85375581c2ba978c34cb89ff42e9ccbe71e297 Mon Sep 17 00:00:00 2001
From: JSchripsema-IDM <jen.schripsema@gatesfoundation.org>
Date: Wed, 10 Jun 2026 16:09:03 -0600
Subject: [PATCH] moved the cname file under docs/ and added cloudflare cache
 purge

---
 .github/workflows/cloudflare-purge.yml | 39 ++++++++++++++++++++++++++
 CNAME => docs/CNAME                    |  0
 2 files changed, 39 insertions(+)
 create mode 100644 .github/workflows/cloudflare-purge.yml
 rename CNAME => docs/CNAME (100%)

diff --git a/.github/workflows/cloudflare-purge.yml b/.github/workflows/cloudflare-purge.yml
new file mode 100644
index 0000000..8f8a3a4
--- /dev/null
+++ b/.github/workflows/cloudflare-purge.yml
@@ -0,0 +1,39 @@
+name: Purge Cloudflare cache
+
+# Chains off GitHub's auto-generated "pages build and deployment" workflow,
+# which runs after mkdocs gh-deploy pushes to the gh-pages branch and is what
+# actually publishes the site. We use workflow_run (not deployment_status):
+# the Pages deployment and its status are created by github-pages[bot] using
+# GITHUB_TOKEN, and GitHub does not start new workflow runs from events
+# generated by GITHUB_TOKEN, so deployment_status never fires here. workflow_run
+# is the supported way to chain and is not subject to that restriction. Gating
+# on conclusion == 'success' ensures we only purge once the docs are live,
+# avoiding the race where Cloudflare re-caches stale content.
+on:
+  workflow_run:
+    workflows: ["pages-build-deployment"]
+    types:
+      - completed
+
+permissions:
+  contents: read
+
+jobs:
+  purge:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Purge Cloudflare cache for laser.idmod.org
+        env:
+          CF_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+          CF_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+        run: |
+          response=$(curl --silent --show-error -X POST \
+            "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/purge_cache" \
+            -H "Authorization: Bearer ${CF_API_TOKEN}" \
+            -H "Content-Type: application/json" \
+            --data '{"hosts":["laser.idmod.org"]}')
+          echo "$response"
+          # Cloudflare returns HTTP 200 with {"success": false, ...} on
+          # logical errors, so check the body rather than just the status code.
+          echo "$response" | jq -e '.success == true' > /dev/null
diff --git a/CNAME b/docs/CNAME
similarity index 100%
rename from CNAME
rename to docs/CNAME