moved the cname file under docs/ and added cloudflare cache purge

.github/workflows/cloudflare-purge.yml

@@ -0,0 +1,39 @@
+name: Purge Cloudflare cache
+
+# Chains off GitHub's auto-generated "pages build and deployment" workflow,
+# which runs after mkdocs gh-deploy pushes to the gh-pages branch and is what
+# actually publishes the site. We use workflow_run (not deployment_status):
+# the Pages deployment and its status are created by github-pages[bot] using
+# GITHUB_TOKEN, and GitHub does not start new workflow runs from events
+# generated by GITHUB_TOKEN, so deployment_status never fires here. workflow_run
+# is the supported way to chain and is not subject to that restriction. Gating
+# on conclusion == 'success' ensures we only purge once the docs are live,
+# avoiding the race where Cloudflare re-caches stale content.
+on:
+  workflow_run:
+    workflows: ["pages-build-deployment"]
+    types:
+      - completed
+
+permissions:
+  contents: read
+
+jobs:
+  purge:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Purge Cloudflare cache for laser.idmod.org
+        env:
+          CF_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+          CF_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+        run: |
+          response=$(curl --silent --show-error -X POST \
+            "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/purge_cache" \
+            -H "Authorization: Bearer ${CF_API_TOKEN}" \
+            -H "Content-Type: application/json" \
+            --data '{"hosts":["laser.idmod.org"]}')
+          echo "$response"
+          # Cloudflare returns HTTP 200 with {"success": false, ...} on
+          # logical errors, so check the body rather than just the status code.
+          echo "$response" | jq -e '.success == true' > /dev/null