Deployment
Put Dirework online on Cloudflare Workers
Dirework runs on Cloudflare Workers with a D1 (SQLite) database — two small workers and a database, all on Cloudflare's free plan. No servers, no Docker, no database to babysit.
The short version: create a Cloudflare API token, set five GitHub secrets, push to
main. GitHub Actions deploys both workers and the database for you.
What gets deployed
| Piece | Where | What it does |
|---|---|---|
dirework | dirework.<your-subdomain>.workers.dev | The web app — dashboard, overlays, bot page |
dirework-api | dirework-api.<your-subdomain>.workers.dev | The API — sign-in, tRPC, bot OAuth |
dirework-db | Cloudflare D1 | Your tasks, timer, and settings |
The web app proxies sign-in and dashboard traffic to the API worker behind the scenes,
so everything works from the one dirework.…workers.dev address.
Before you start
- A Cloudflare account (free plan is fine)
- Your two Twitch keys (client ID + secret)
- A fork or copy of the Dirework repository on GitHub
Step 1 — Create a Cloudflare API token
- Cloudflare dashboard → My Profile → API Tokens → Create Token
- Use the Edit Cloudflare Workers template, and add D1 → Edit permissions
- Copy the token — this is
CLOUDFLARE_API_TOKEN
Step 2 — Tell Twitch about your domain
In the Twitch Developer Console, open your app and add these two redirect URLs (swap in your workers.dev subdomain):
https://dirework.<your-subdomain>.workers.dev/api/auth/callback/twitch
https://dirework.<your-subdomain>.workers.dev/api/bot/callback/twitchYou can keep your localhost URLs in the list too, so local development still works.
Step 3 — Set your GitHub secrets
In your repository: Settings → Secrets and variables → Actions → New repository secret.
| Secret | Value |
|---|---|
CLOUDFLARE_API_TOKEN | the token from Step 1 |
ALCHEMY_PASSWORD | any long random string — encrypts deploy state (openssl rand -base64 32) |
BETTER_AUTH_SECRET | another long random string (openssl rand -base64 32) |
TWITCH_CLIENT_ID | from the Twitch console |
TWITCH_CLIENT_SECRET | from the Twitch console |
Generate fresh secrets for production — never reuse the ones from your computer.
If your workers.dev subdomain isn't mrdemonwolf, also edit the two URLs at the top of
.github/workflows/deploy.yml (BETTER_AUTH_URL and CORS_ORIGIN) to match yours.
Step 4 — Push to main
That's it. Every push to main runs the tests and then deploys via
Alchemy — both workers, the D1 database, and its migrations.
You can also trigger a deploy by hand from the Actions tab (Deploy → Run workflow).
✅ Visit https://dirework.<your-subdomain>.workers.dev. You should see the Dirework
welcome screen. Click Claim with Twitch to become the owner.
Deploying from your own machine (optional)
Prefer the command line? Put the same values in packages/infra/.env, then:
bun install
bun run deployTo tear everything down again: bun run destroy.
After you're live — quick checklist
- Both Twitch redirect URLs point at your
dirework.…workers.devdomain - You can sign in and claim the instance
- Your bot account connects (Dashboard → Bot)
- The bot page is added to OBS as a browser source (or pinned in a tab) — the bot only listens to chat while that page is open. See Chat Commands.
- The timer and task list overlays show up in OBS
Free plan limits (you're fine)
Workers' free plan allows 100,000 requests/day. Overlays poll every couple of seconds only while OBS has them open — a six-hour stream uses roughly 15–25k requests. D1's free tier (5M reads/day) barely notices a single streamer. If you somehow outgrow it, the $5 Workers paid plan raises every limit.