Architecture
accounts@→GitHub org + private repo→Cloudflare Pages→Firebase Auth + Firestore
One-Time Setup
Create GitHub account
Use accounts@cloudberrie.com; recommended username cb-engops. Verify email and turn on 2FA.
Create GitHub organization
Create cloudberrie-studio and use accounts@ as contact email.
Create private repository
Name: cloudberrie-studio-board. Leave README, .gitignore, and license unchecked if files already exist locally.
Push code
git init\ngit add .\ngit commit -m "Initial commit: Cloudberrie Studio Board"\ngit branch -M main\ngit remote add origin https://github.com/cloudberrie-studio/cloudberrie-studio-board.git\ngit push -u origin main
Create Cloudflare account
Use accounts@cloudberrie.com and enable 2FA.
Deploy to Pages
Workers & Pages → Create → Pages → Connect to Git. Static settings: Framework None, build command blank, output directory /.
Protect staging
Use Cloudflare Access / Zero Trust to allow only @cloudberrie.com identities.
Publish Firestore rules
Firebase Console → Firestore Database → Rules → paste firestore.rules → Publish. Cloudflare never deploys Firestore rules.
Staging vs Production
| Staging | Production |
|---|---|
| pages.dev URL, Cloudflare Access, review and testing | board.cloudberrie.com after cloudberrie.com DNS is safely managed in Cloudflare |
| Realistic test data only | Real Firestore records only; no sample data |
| Rules and authentication verified | Monitoring, backup, permissions, and release approval required |
Production rule: do not show sample or demo records when logged into production mode. Only Firestore production records may be displayed.