CottageLabs · RK206 · Jan 8, 2026
diff --git a/ansible/README.md b/ansible/README.md
@@ -14,6 +14,11 @@ For this you'll also need your Digital Ocean personal access token,
 https://docs.digitalocean.com/reference/api/create-personal-access-token/
 and set the environment variable on your local machine `$DIGITALOCEAN_TOKEN`.
 
+For Cloudflare cache purging during deployment, you'll need a Cloudflare API Token and Zone ID:
+https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
+Set the environment variables `$CLOUDFLARE_API_TOKEN` and `$CLOUDFLARE_ZONE_ID` on your local machine.
+If these variables are not set, the Cloudflare purge step will fail if code changes are detected.
+
 See the documentation https://docs.digitalocean.com/reference/ansible/reference/ for more info.
 
 ---

diff --git a/ansible/purge-cloudflare.yml b/ansible/purge-cloudflare.yml
@@ -0,0 +1,14 @@
+---
+# example to run : ansible-playbook -i doaj-hosts.ini purge-cloudflare.yml -e '{"cloudflare_purge_files": ["https://doaj.org/static/css/style.css", "https://doaj.org/static/js/app.js"]}'
+- name: Purge Cloudflare Cache
+  hosts: localhost
+  connection: local
+  gather_facts: false
+
+  vars:
+    cloudflare_api_token: "{{ lookup('ansible.builtin.env', 'CLOUDFLARE_API_TOKEN') }}"
+    cloudflare_zone_id: "{{ lookup('ansible.builtin.env', 'CLOUDFLARE_ZONE_ID') }}"
+
+  tasks:
+    - name: Purge Cloudflare
+      include_tasks: tasks/purge_cloudflare_tasks.yml
diff --git a/ansible/tasks/purge_cloudflare_tasks.yml b/ansible/tasks/purge_cloudflare_tasks.yml
@@ -0,0 +1,35 @@
+---
+# Tasks for purging Cloudflare cache.
+# Requires:
+#   cloudflare_api_token
+#   cloudflare_zone_id
+#   cloudflare_purge_files (optional)
+
+- name: Fail if Cloudflare credentials are missing
+  fail:
+    msg: "CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID environment variables must be set."
+  when: (cloudflare_api_token is not defined or cloudflare_api_token == "") or (cloudflare_zone_id is not defined or cloudflare_zone_id == "")
+
+- name: Purge everything from Cloudflare cache
+  uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cloudflare_zone_id }}/purge_cache"
+    method: POST
+    headers:
+      Authorization: "Bearer {{ cloudflare_api_token }}"
+      Content-Type: "application/json"
+    body_format: json
+    body:
+      purge_everything: true
+  when: cloudflare_purge_files | default([]) | length == 0
+
+- name: Purge specific files from Cloudflare cache
+  uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cloudflare_zone_id }}/purge_cache"
+    method: POST
+    headers:
+      Authorization: "Bearer {{ cloudflare_api_token }}"
+      Content-Type: "application/json"
+    body_format: json
+    body:
+      files: "{{ cloudflare_purge_files }}"
+  when: cloudflare_purge_files | default([]) | length > 0
diff --git a/ansible/update-site.yml b/ansible/update-site.yml
@@ -21,3 +21,15 @@
     - name: Run the service deploy script if there were code changes
       shell: /home/cloo/doaj/deploy/deploy.sh production
       when: code_updated.changed
+
+- name: Purge Cloudflare cache if code was updated
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars:
+    cloudflare_api_token: "{{ lookup('ansible.builtin.env', 'CLOUDFLARE_API_TOKEN') }}"
+    cloudflare_zone_id: "{{ lookup('ansible.builtin.env', 'CLOUDFLARE_ZONE_ID') }}"
+  tasks:
+    - name: Import Cloudflare purge tasks
+      include_tasks: tasks/purge_cloudflare_tasks.yml
+      when: hostvars[groups['app'][0]]['code_updated']['changed'] | default(false)