feat(ci): add Fly deploy step to publish-platform-image workflow

After pushing the tenant image to registry.fly.io, the workflow now lists all running/stopped molecule-tenant machines and updates each to the newly pushed image tag. Gracefully skips if no machines exist (control plane provisions on demand). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 07:29:42 -07:00 · 2026-04-16 07:29:42 -07:00 · d7161f5877
commit d7161f5877
parent 1453ef91b6
1 changed files with 21 additions and 0 deletions
--- a/.github/workflows/publish-platform-image.yml
+++ b/.github/workflows/publish-platform-image.yml
@ -165,3 +165,24 @@ JSON
            org.opencontainers.image.source=https://github.com/${{ github.repository }}
            org.opencontainers.image.revision=${{ github.sha }}
            org.opencontainers.image.description=Molecule AI tenant platform (one instance per org)
+
+      - name: Install flyctl
+        uses: superfly/flyctl-actions/setup-flyctl@master
+
+      - name: Deploy to Fly tenant machines
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+        run: |
+          MACHINES=$(flyctl machines list -a molecule-tenant --json | jq -r '.[] | select(.state == "started" or .state == "stopped") | .id')
+          if [ -z "$MACHINES" ]; then
+            echo "No tenant machines found — skipping deploy (control plane provisions on demand)"
+            exit 0
+          fi
+          for id in $MACHINES; do
+            echo "Updating machine $id to sha-${{ steps.tags.outputs.sha }}..."
+            flyctl machines update "$id" \
+              --image "${{ env.FLY_IMAGE_NAME }}:sha-${{ steps.tags.outputs.sha }}" \
+              -a molecule-tenant \
+              --yes
+          done
+          echo "All tenant machines updated to sha-${{ steps.tags.outputs.sha }}"