feat: add workflow integration for multi-tenant deployment from Infisical

Co-authored-by: hakalb <16068945+hakalb@users.noreply.github.com>

Author: Copilot

.github/workflows/fly-deployment.yml

@@ -98,8 +98,20 @@ jobs:
           main-branch-name: main
           set-environment-variables-for-job: true
 
-      # TODO: Fetch all tenants and make a deployment for each with their `TENANT_ID`
-      # TODO: Alternatively, create a new input with multi-tenant values
+      - name: Fetch tenants from Infisical
+        id: fetch-tenants
+        run: |
+          echo "Fetching tenants from Infisical..."
+          TENANTS=$(tsx scripts/fetch-tenants.ts)
+          echo "tenants<<EOF" >> $GITHUB_OUTPUT
+          echo "$TENANTS" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+        env:
+          INFISICAL_CLIENT_ID: ${{ secrets.INFISICAL_READ_CLIENT_ID }}
+          INFISICAL_CLIENT_SECRET: ${{ secrets.INFISICAL_READ_CLIENT_SECRET }}
+          INFISICAL_PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
+          DEPLOY_ENV: ${{ needs.deploy-env.outputs.environment }}
+
       - name: Run Deployment to Fly
         id: deployment
         uses: ./packages/nx-fly-deployment-action
@@ -108,8 +120,7 @@ jobs:
           fly-org: ${{ vars.FLY_ORG }}
           fly-region: ${{ vars.FLY_REGION }}
           token: ${{ steps.generate-token.outputs.token }}
-          env: |
-            TENANT_ID=demo
+          tenants: ${{ steps.fetch-tenants.outputs.tenants }}
           secrets: |
             INFISICAL_CLIENT_ID=${{ secrets.INFISICAL_READ_CLIENT_ID }}
             INFISICAL_CLIENT_SECRET=${{ secrets.INFISICAL_READ_CLIENT_SECRET }}

packages/nx-fly-deployment-action/README.md

@@ -92,6 +92,25 @@ See [action.yaml](action.yml) for descriptions of the inputs.
 
 ### Additional input details
 
+`tenants`
+
+When deploying multi-tenant applications, you can provide a list of tenant IDs. Each affected project will be deployed once per tenant with:
+- A unique app name: `<base-app-name>-<tenant-id>` (e.g., `cdwr-web-demo`, `cdwr-web-customer1`)
+- The `TENANT_ID` environment variable set to the tenant ID
+
+Provide the tenant IDs as multiline values.
+
+```yaml
+- uses: ./packages/nx-fly-deployment-action
+  with:
+    tenants: |
+      demo
+      customer1
+      customer2
+```
+
+If no tenants are provided, the action behaves as before (single deployment per project).
+
 `postgres-preview`
 
 When a Fly Postgres cluser has been created, you can attach the application to a postgres database automatically on deployment to the `preview` environment.

scripts/fetch-tenants.ts

@@ -0,0 +1,70 @@
+#!/usr/bin/env tsx
+
+/**
+ * Fetch tenant IDs from Infisical
+ * 
+ * This script connects to Infisical and retrieves all tenant IDs
+ * from the /web/tenants path structure.
+ * 
+ * Outputs tenant IDs as newline-separated values to stdout.
+ * Logs and errors are written to stderr.
+ */
+
+// @ts-ignore - Module resolution handled by tsx at runtime
+import { withInfisical } from '@codeware/shared/feature/infisical';
+
+async function main() {
+  try {
+    console.error('[fetch-tenants] Connecting to Infisical...');
+
+    // Fetch all secrets from /web/tenants/* paths recursively
+    const secrets = await withInfisical({
+      environment: process.env.DEPLOY_ENV || 'production',
+      filter: { path: '/web/tenants', recurse: true },
+      silent: false,
+      site: 'eu'
+    });
+
+    if (!secrets || secrets.length === 0) {
+      console.error('[fetch-tenants] No tenants found in Infisical');
+      process.exit(0);
+    }
+
+    // Extract unique tenant IDs from secret paths
+    // Path format: /web/tenants/<tenant-id>
+    const tenantIds = new Set<string>();
+
+    for (const secret of secrets) {
+      const { secretPath } = secret;
+      if (!secretPath) continue;
+
+      const match = secretPath.match(/^\/web\/tenants\/([^/]+)$/);
+      if (match && match[1]) {
+        tenantIds.add(match[1]);
+      }
+    }
+
+    const tenants = Array.from(tenantIds).sort();
+
+    console.error(`[fetch-tenants] Found ${tenants.length} tenant(s): ${tenants.join(', ')}`);
+
+    // Output tenant IDs to stdout (one per line)
+    for (const tenantId of tenants) {
+      console.log(tenantId);
+    }
+  } catch (error) {
+    if (error instanceof Error) {
+      console.error('[fetch-tenants] Error:', error.message);
+      // @ts-ignore - Error.cause is available in Node 16+
+      if (error.cause) {
+        // @ts-ignore
+        console.error('[fetch-tenants] Cause:', error.cause);
+      }
+    } else {
+      console.error('[fetch-tenants] Unknown error:', error);
+    }
+    process.exit(1);
+  }
+}
+
+main();