Skip to content

feat(flyio): support automatic redeployment on Fly.io after secret ch…#5447

Merged
IgorHorta merged 2 commits intomainfrom
igor/flyio-auto-redeploy-clean
Feb 11, 2026
Merged

feat(flyio): support automatic redeployment on Fly.io after secret ch…#5447
IgorHorta merged 2 commits intomainfrom
igor/flyio-auto-redeploy-clean

Conversation

@IgorHorta
Copy link
Contributor

@IgorHorta IgorHorta commented Feb 11, 2026
edited
Loading

Context

fixes #1942

Adds automatic redeployment of Fly.io applications after secret changes, similar to Kubernetes’ secrets.infisical.com/auto-reload: "true" and Render’s autoRedeployServices. Updating secrets in Infisical does not guarantee that running Fly.io machines pick up the new values until they are restarted. This feature triggers a rolling restart of all machines in the app after syncing or removing secrets.

Changes:

  • New opt-in sync option: Auto Redeploy On Secret Change
  • Uses Fly.io Machines API (POST /apps/{app_name}/machines/{machine_id}/restart) to restart machines after setSecrets/unsetSecrets
  • Stores optional appName in destination config (from app list) to avoid extra GraphQL calls when resolving app name for the Machines API
  • Falls back to GraphQL app lookup when appName is not set (existing syncs)

Related: Closes #1942, Linear ENG-4492

Screenshots

New "Auto Redeploy On Secret Change" toggle in Fly.io sync options (create/edit flow).

Steps to verify the change

  1. Create a Fly.io Connection and a Fly.io Sync.
  2. In sync options, enable Auto Redeploy On Secret Change.
  3. Add or change a secret in the synced path.
  4. After sync completes, confirm in the Fly.io dashboard that the app’s machines were restarted.
  5. (Optional) Create a sync without auto redeploy and confirm machines are not restarted on sync.

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Read the contributing guide

fixes #1942

@IgorHorta @cursoragent
feat(flyio): support automatic redeployment on Fly.io after secret ch…
2d5670f 
…anges

- Add autoRedeploy sync option to trigger machine restarts after secret sync/remove
- Use Machines API to update machines with min_secrets_version for redeploy
- Use list machines response directly (per Fly.io API spec) instead of GET per machine
- Always resolve app name from appId via GraphQL (no stored appName)
- Add FlyioSyncOptionsFields, FlyioSyncOptionsSection, FlyioSyncOptionsReviewFields
- Update frontend forms, review, and details to support auto redeploy option
- Update API docs and Fly.io integration documentation

Co-authored-by: Cursor <cursoragent@cursor.com>
@maidul98
Copy link
Collaborator

maidul98 commented Feb 11, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 11, 2026

Greptile Overview

Greptile Summary

This PR adds an opt-in Fly.io secret-sync option to automatically redeploy (restart) all Fly.io machines after setSecrets/unsetSecrets runs, so running machines pick up updated secret values immediately. Backend changes integrate Fly’s Machines REST API alongside existing GraphQL usage and add an autoRedeploy sync option to the Fly.io schemas/types. Frontend changes expose the toggle in create/edit flows and display it in review/details views, and docs were updated to describe the feature and API shape.

Confidence Score: 3/5

  • This PR is close to mergeable, but the new Fly.io auto-redeploy path has a couple of unhandled upstream response cases that can crash syncs.
  • Core behavior is straightforward and docs/UI are updated, but getAppNameByAppId does not handle GraphQL errors/null app, and the machines list response is not validated before using machine.id, which can lead to hard failures on unexpected upstream responses.
  • backend/src/services/secret-sync/flyio/flyio-sync-fns.ts

Important Files Changed

Filename Overview
backend/src/lib/api-docs/constants.ts Adds Fly.io autoRedeploy additional sync option description; no functional changes.
backend/src/services/integration-auth/integration-list.ts Adds Fly.io Machines API base URL constant; isolated change.
backend/src/services/secret-sync/flyio/flyio-sync-fns.ts Adds Fly.io Machines API rolling restart after secrets changes; missing GraphQL error/null handling in getAppNameByAppId and no element validation for machines list can cause runtime crashes.
backend/src/services/secret-sync/flyio/flyio-sync-schemas.ts Introduces syncOptions.autoRedeploy into Fly.io secret sync schemas via Base/Generic schema helpers.
backend/src/services/secret-sync/flyio/flyio-sync-types.ts Adds Fly.io GraphQL response/error types for detecting errors in 200 responses.
docs/integrations/secret-syncs/flyio.mdx Documents new 'Auto Redeploy On Secret Change' option and adds sample request/response fields.
frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/FlyioSyncOptionsFields.tsx Adds Fly.io-specific options UI toggle with tooltip for auto redeploy.
frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/FlyioSyncReviewFields.tsx Shows app display name in review and adds auto redeploy review badge; uses app list query.
frontend/src/hooks/api/secretSyncs/mutations.tsx Updates cache on secret sync update mutation by setting byId query data, avoiding extra refetch.
frontend/src/pages/secret-manager/SecretSyncDetailsByIDPage/components/SecretSyncOptionsSection/FlyioSyncOptionsSection.tsx Adds details page section showing Fly.io auto redeploy option state.

greptile-apps[bot]
greptile-apps bot reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

18 files reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

@IgorHorta @cursoragent
refactor(flyio): remove fallback GET, use list response only for mach…
3554034 
…ine deploy

Co-authored-by: Cursor <cursoragent@cursor.com>
@IgorHorta IgorHorta merged commit c5d8e39 into main Feb 11, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akhilmhdh akhilmhdh akhilmhdh approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for automatic redeployment on fly.io after secret change

3 participants

@IgorHorta @maidul98 @akhilmhdh