ServerSpotter

How to Use Cloudflare R2 for Code Review

A practical guide to using Cloudflare R2 for code review: workflow, tips, and when to use something else.

ServerSpotter Team··6 min read

Why Use Cloudflare R2 for Code Review?

Code review workflows generate substantial data that needs reliable, accessible storage. You're dealing with Git repositories, build artifacts, test reports, code coverage files, and screenshot comparisons that can quickly consume terabytes of space. Traditional cloud storage hits you with egress fees every time your CI/CD pipeline downloads these files or when developers access review materials.

Cloudflare R2 eliminates egress costs entirely while providing S3-compatible APIs your existing tools already understand. At $0.015/GB/month for storage and $0 for data transfer, R2 becomes cost-effective once you're moving more than 1-2GB of data monthly. For code review workflows involving multiple developers, automated testing, and artifact storage, those savings add up fast.

R2 integrates seamlessly with popular code review platforms like GitHub, GitLab, and Bitbucket through standard S3 APIs. Your CI/CD pipelines can store and retrieve build artifacts, test results, and code coverage reports without modification. The global Cloudflare network ensures low-latency access for distributed development teams.

Getting Started with Cloudflare R2

You'll need a Cloudflare account with R2 enabled. R2 requires a paid Cloudflare plan (starts at $5/month) plus usage-based storage costs. Navigate to the R2 Object Storage section in your Cloudflare dashboard and create your first bucket.

R2 provides S3-compatible endpoints, but you'll use Cloudflare's specific URLs:

  • Account-level endpoint: `https://.r2.cloudflarestorage.com`
  • Bucket-level endpoint: `https://..r2.cloudflarestorage.com`
Generate API tokens with R2 permissions from the Cloudflare dashboard. You'll need `Zone:Zone:Read`, `Zone:Zone Settings:Edit`, and `Account:Cloudflare R2:Edit` permissions. Store these credentials securely — you'll configure them in your CI/CD environment variables.

Step-by-Step Setup

1. Create Your R2 Bucket

In the Cloudflare dashboard, navigate to R2 Object Storage and click "Create bucket". Choose a globally unique name like `mycompany-code-review-artifacts`. Select your preferred region — R2 automatically replicates data across Cloudflare's network, but choose the region closest to your primary development team.

2. Configure AWS CLI or SDK

R2 uses S3-compatible APIs, so configure the AWS CLI with your R2 credentials:

```bash aws configure set aws_access_key_id YOUR_R2_ACCESS_KEY aws configure set aws_secret_access_key YOUR_R2_SECRET_KEY aws configure set region auto ```

Test connectivity: ```bash aws s3 ls --endpoint-url https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com ```

3. Set Up CI/CD Integration

For GitHub Actions, add R2 credentials to your repository secrets and configure your workflow:

```yaml name: Store Code Review Artifacts on: [pull_request]

jobs: code-review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run tests and generate coverage run: | npm test -- --coverage - name: Upload coverage reports env: AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_KEY }} AWS_ENDPOINT_URL: https://${{ secrets.R2_ACCOUNT_ID }}.r2.cloudflarestorage.com run: | aws s3 cp coverage/ s3://mycompany-code-review-artifacts/pr-${{ github.event.number }}/coverage/ --recursive ```

4. Store Build Artifacts

Configure your build process to upload artifacts after successful compilation:

```bash

Upload build artifacts

aws s3 cp dist/ s3://mycompany-code-review-artifacts/builds/${COMMIT_SHA}/ --recursive --endpoint-url https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com

Upload test reports

aws s3 cp test-reports/ s3://mycompany-code-review-artifacts/tests/${BUILD_ID}/ --recursive --endpoint-url https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com ```

5. Configure Code Review Tool Integration

Popular code review tools can access R2-stored artifacts through presigned URLs or direct S3 API calls:

```javascript // Generate presigned URL for artifact access const AWS = require('aws-sdk');

const s3 = new AWS.S3({ endpoint: `https://${ACCOUNT_ID}.r2.cloudflarestorage.com`, accessKeyId: R2_ACCESS_KEY, secretAccessKey: R2_SECRET_KEY, region: 'auto', signatureVersion: 'v4' });

const presignedUrl = s3.getSignedUrl('getObject', { Bucket: 'mycompany-code-review-artifacts', Key: `pr-${prNumber}/coverage/index.html`, Expires: 3600 // 1 hour }); ```

6. Set Up Lifecycle Management

Configure lifecycle rules to automatically clean up old review artifacts:

```bash

Create lifecycle configuration

cat > lifecycle.json << EOF { "Rules": [ { "ID": "DeleteOldArtifacts", "Status": "Enabled", "Filter": {"Prefix": "pr-"}, "Expiration": {"Days": 30} } ] } EOF

aws s3api put-bucket-lifecycle-configuration \ --bucket mycompany-code-review-artifacts \ --lifecycle-configuration file://lifecycle.json \ --endpoint-url https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com ```

Tips and Best Practices

Organize with consistent prefixes. Structure your bucket with predictable paths like `pr-{number}/coverage/`, `builds/{commit-sha}/`, and `tests/{build-id}/`. This makes cleanup and access patterns more manageable.

Leverage presigned URLs for secure access. Rather than making artifacts publicly readable, generate time-limited presigned URLs for code review tools and team members. This maintains security while avoiding authentication complexity.

Set appropriate CORS policies if you're accessing R2 directly from web applications:

```bash aws s3api put-bucket-cors \ --bucket mycompany-code-review-artifacts \ --cors-configuration file://cors.json \ --endpoint-url https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com ```

Monitor storage costs using Cloudflare's analytics dashboard. While egress is free, storage costs accumulate. Implement aggressive lifecycle policies for temporary review artifacts versus long-term build archives.

Use multipart uploads for large artifacts. Files over 100MB should use multipart uploads for better reliability:

```bash aws s3 cp large-build-artifact.zip s3://bucket/path/ \ --endpoint-url https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com \ --cli-write-timeout 0 \ --cli-read-timeout 0 ```

Consider region selection carefully. While R2 replicates globally, choose your primary region based on where most CI/CD operations occur. This minimizes initial upload latency even though downloads are globally fast.

Implement retry logic in your CI/CD scripts. Network issues can cause temporary upload failures:

```bash for i in {1..3}; do aws s3 cp artifacts/ s3://bucket/path/ --recursive && break echo "Upload attempt $i failed, retrying..." sleep 5 done ```

When Cloudflare R2 Isn't the Right Fit

R2 has limitations that might make other solutions more appropriate for your code review workflow. Upload performance can be slower than AWS S3, especially for large files or high-frequency uploads. If your CI/CD pipeline generates hundreds of artifacts per hour, the upload bottleneck might outweigh cost savings.

Feature limitations compared to full AWS S3 include missing server-side encryption options, limited metadata support, and no native integration with AWS services like Lambda or CloudFormation. If your code review process relies heavily on AWS ecosystem tools, staying within S3 might be simpler.

API rate limits exist, though Cloudflare doesn't publish specific numbers. High-volume operations might hit throttling that doesn't occur with established cloud providers. Test your peak usage patterns before committing.

Geographic restrictions mean R2 isn't available in all regions. If your development team operates primarily in areas where Cloudflare has limited presence, latency benefits disappear.

Compliance requirements might favor more established cloud providers with extensive certifications. R2 is newer and may not meet specific regulatory requirements your organization faces.

Consider alternatives if you need advanced features like AWS S3 Transfer Acceleration, extensive monitoring and alerting, or tight integration with other cloud services. The zero egress cost advantage diminishes if you're primarily storing artifacts for internal use without frequent downloads.

Conclusion

Cloudflare R2 excels for code review workflows where egress costs and global accessibility matter. The S3-compatible API ensures easy integration with existing tools, while zero egress fees make it cost-effective for teams frequently downloading artifacts, coverage reports, and build outputs.

Start with a pilot project to test R2's performance characteristics with your specific workflow. The combination of competitive storage pricing and eliminated egress costs often results in 60-80% cost reductions compared to traditional cloud storage, especially for globally distributed teams accessing review artifacts regularly.

Compare Cloudflare R2 with alternatives on ServerSpotter.

Tools mentioned in this article

Cloudflare R2 logo

Cloudflare R2

Zero egress S3 storage on Cloudflare's network

CDN ProvidersFree tier
5.0 (203)
300 locations99.9% SLA
View Tool →

Share this article

Stay in the loop

Get weekly updates on the best new AI tools, deals, and comparisons.

No spam. Unsubscribe anytime.