feat(repo): refactor and improve multi-tenant deployment workflow

closed COD-258

Author: hakalb

.github/workflows/fly-deployment.yml

@@ -28,15 +28,17 @@ concurrency:
   group: ${{ github.ref }}
 
 jobs:
-  deploy-env:
+  pre-deploy:
     if: |
       !startsWith(github.head_ref || github.ref_name, 'renovate') &&
       !startsWith(github.head_ref || github.ref_name, 'update-nx-workspace')
 
     runs-on: ubuntu-latest
 
     outputs:
-      environment: ${{ steps.environment.outputs.environment }}
+      apps: ${{ steps.pre-deploy.outputs.apps }}
+      environment: ${{ steps.pre-deploy.outputs.environment }}
+      app-tenants: ${{ steps.pre-deploy.outputs.app-tenants }}
 
     steps:
       - uses: actions/checkout@v4
@@ -50,19 +52,25 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
-      - name: Build action
-        run: pnpm nx build deploy-env-action
+      - name: Build pre-deploy action
+        run: pnpm nx build nx-pre-deploy-action
 
-      - name: Determine environment
-        id: environment
-        uses: ./packages/deploy-env-action
+      - name: Run pre-deploy
+        id: pre-deploy
+        uses: ./packages/nx-pre-deploy-action
+        with:
+          infisical-client-id: ${{ secrets.INFISICAL_READ_CLIENT_ID }}
+          infisical-client-secret: ${{ secrets.INFISICAL_READ_CLIENT_SECRET }}
+          infisical-project-id: ${{ secrets.INFISICAL_PROJECT_ID }}
 
   fly-deployment:
-    needs: deploy-env
+    if: ${{ needs.pre-deploy.outputs.environment != '' }}
+
+    needs: pre-deploy
     runs-on: ubuntu-latest
 
     # Not possible to provide url since we might have multiple deployments
-    environment: ${{ needs.deploy-env.outputs.environment }}
+    environment: ${{ needs.pre-deploy.outputs.environment }}
 
     steps:
       - uses: actions/create-github-app-token@v1
@@ -84,34 +92,20 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
-      - name: Build action
+      - name: Build fly deployment action
         run: pnpm nx build nx-fly-deployment-action
 
       - name: Install Fly CLI
         uses: superfly/flyctl-actions/setup-flyctl@master
         with:
           version: 0.3.45
 
-      - name: Analyze affected projects to deploy
+      - name: Set SHAs for affected calculations
         uses: nrwl/nx-set-shas@v4
         with:
           main-branch-name: main
           set-environment-variables-for-job: true
 
-      - name: Fetch tenants from Infisical
-        id: fetch-tenants
-        run: |
-          echo "Fetching tenants from Infisical..."
-          TENANTS=$(npx tsx scripts/fetch-tenants.ts)
-          echo "tenants<<EOF" >> $GITHUB_OUTPUT
-          echo "$TENANTS" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-        env:
-          INFISICAL_CLIENT_ID: ${{ secrets.INFISICAL_READ_CLIENT_ID }}
-          INFISICAL_CLIENT_SECRET: ${{ secrets.INFISICAL_READ_CLIENT_SECRET }}
-          INFISICAL_PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
-          DEPLOY_ENV: ${{ needs.deploy-env.outputs.environment }}
-
       - name: Run Deployment to Fly
         id: deployment
         uses: ./packages/nx-fly-deployment-action
@@ -120,7 +114,7 @@ jobs:
           fly-org: ${{ vars.FLY_ORG }}
           fly-region: ${{ vars.FLY_REGION }}
           token: ${{ steps.generate-token.outputs.token }}
-          tenants: ${{ steps.fetch-tenants.outputs.tenants }}
+          app-details: ${{ needs.pre-deploy.outputs.app-tenants }}
           secrets: |
             INFISICAL_CLIENT_ID=${{ secrets.INFISICAL_READ_CLIENT_ID }}
             INFISICAL_CLIENT_SECRET=${{ secrets.INFISICAL_READ_CLIENT_SECRET }}