diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
index 3339a31..b4f1ffa 100644
--- a/.github/workflows/pipeline.yaml
+++ b/.github/workflows/pipeline.yaml
@@ -16,6 +16,7 @@ on:
       - "scripts/github-actions/render-frontend-runtime-env.sh"
       - "scripts/github-actions/prepare-frontend-build-context.sh"
       - "scripts/github-actions/run-console-deploy-playbook.sh"
+      - "scripts/github-actions/run-cloudflare-svc-plus-dns-playbook.sh"
       - "scripts/github-actions/verify-frontend-release.sh"
       - "scripts/prebuild.sh"
       - "contentlayer.config.ts"
@@ -47,6 +48,11 @@ concurrency:
 env:
   CANONICAL_DOMAIN: www.svc.plus
   SERVED_DOMAINS: www.svc.plus,console.svc.plus
+  APP_BASE_URL: https://www.svc.plus
+  NEXT_PUBLIC_APP_BASE_URL: https://www.svc.plus
+  NEXT_PUBLIC_SITE_URL: https://www.svc.plus
+  RUNTIME_HOSTNAME: www.svc.plus
+  NEXT_RUNTIME_HOSTNAME: www.svc.plus
   NEXT_PUBLIC_RUNTIME_ENVIRONMENT: prod
   NEXT_PUBLIC_RUNTIME_REGION: cn
   ACCOUNT_SERVICE_URL: https://accounts.svc.plus
@@ -166,6 +172,12 @@ jobs:
           ANSIBLE_HOST_KEY_CHECKING: "False"
         run: bash ../scripts/github-actions/run-console-deploy-playbook.sh
 
+      - name: Update Cloudflare svc.plus DNS
+        working-directory: playbooks
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: "False"
+        run: bash ../scripts/github-actions/run-cloudflare-svc-plus-dns-playbook.sh
+
   validate:
     name: Validate
     runs-on: ubuntu-latest
diff --git a/scripts/github-actions/render-frontend-runtime-env.sh b/scripts/github-actions/render-frontend-runtime-env.sh
index 103576b..d580581 100755
--- a/scripts/github-actions/render-frontend-runtime-env.sh
+++ b/scripts/github-actions/render-frontend-runtime-env.sh
@@ -42,7 +42,7 @@ append_env SESSION_COOKIE_SECURE "${SESSION_COOKIE_SECURE:-true}"
 append_env NEXT_PUBLIC_SESSION_COOKIE_SECURE "${NEXT_PUBLIC_SESSION_COOKIE_SECURE:-true}"
 append_env RUNTIME_HOSTNAME "${RUNTIME_HOSTNAME:-${CANONICAL_DOMAIN}}"
 append_env NEXT_RUNTIME_HOSTNAME "${NEXT_RUNTIME_HOSTNAME:-${CANONICAL_DOMAIN}}"
-append_env DEPLOYMENT_HOSTNAME "${DEPLOYMENT_HOSTNAME:-${CANONICAL_DOMAIN}}"
+append_env DEPLOYMENT_HOSTNAME "${DEPLOYMENT_HOSTNAME-}"
 append_env NEXT_PUBLIC_RUNTIME_ENVIRONMENT "${NEXT_PUBLIC_RUNTIME_ENVIRONMENT:-prod}"
 append_env NEXT_PUBLIC_RUNTIME_REGION "${NEXT_PUBLIC_RUNTIME_REGION:-cn}"
 append_env ACCOUNT_SERVICE_URL "${ACCOUNT_SERVICE_URL:-https://accounts.svc.plus}"
diff --git a/scripts/github-actions/run-cloudflare-svc-plus-dns-playbook.sh b/scripts/github-actions/run-cloudflare-svc-plus-dns-playbook.sh
new file mode 100755
index 0000000..985a25a
--- /dev/null
+++ b/scripts/github-actions/run-cloudflare-svc-plus-dns-playbook.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+target_host="${TARGET_HOST:?TARGET_HOST is required}"
+run_apply="${RUN_APPLY:?RUN_APPLY is required}"
+
+ansible_args=(
+  -i inventory.ini
+  update_cloudflare_svc_plus_dns.yml
+  -e "{\"cloudflare_dns_source_hosts\":[\"${target_host}\"]}"
+  -e "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN:?CLOUDFLARE_API_TOKEN is required}"
+  -e "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN:?CLOUDFLARE_DNS_API_TOKEN is required}"
+)
+
+if [[ "${run_apply}" != "true" ]]; then
+  ansible_args=(-C "${ansible_args[@]}")
+fi
+
+ansible-playbook "${ansible_args[@]}"