|
| 1 | +# ============================================================================= |
| 2 | +# Harness Open Source — Full Flyway Workflow Pipeline |
| 3 | +# ============================================================================= |
| 4 | +# Equivalent of the GitLab schema-model-dynamic.gitlab-ci.yml. |
| 5 | +# |
| 6 | +# Complete workflow in a single pipeline: |
| 7 | +# 1. Generate migration scripts from schema-model changes |
| 8 | +# 2. Commit generated scripts back to the branch |
| 9 | +# 3. Run flyway migrate against the target database |
| 10 | +# |
| 11 | +# This is designed for a single-database deployment. For multi-database |
| 12 | +# registry-driven deployments, use flyway-registry-deploy.yaml instead. |
| 13 | +# |
| 14 | +# Environment variables (set in Harness repo/project secrets): |
| 15 | +# SOURCE_DATABASE_JDBC — JDBC URL of the Dev database |
| 16 | +# SOURCE_DATABASE_USER — Dev database username |
| 17 | +# SOURCE_DATABASE_PASSWORD — Dev database password (secret) |
| 18 | +# SHADOW_DATABASE_JDBC — JDBC URL of a shadow/build database |
| 19 | +# TARGET_DATABASE_JDBC — JDBC URL of the deployment target |
| 20 | +# TARGET_DATABASE_USER — Target database username |
| 21 | +# TARGET_DATABASE_PASSWORD — Target database password (secret) |
| 22 | +# FLYWAY_EMAIL — Flyway license email |
| 23 | +# FLYWAY_TOKEN — Flyway license token (secret) |
| 24 | +# GIT_PUSH_USER — Harness username for git push |
| 25 | +# GIT_PUSH_TOKEN — Harness PAT with repo write access (secret) |
| 26 | +# HARNESS_URL — Harness base URL (e.g. http://172.31.0.2:3000) |
| 27 | +# ============================================================================= |
| 28 | + |
| 29 | +kind: pipeline |
| 30 | +spec: |
| 31 | + stages: |
| 32 | + |
| 33 | + # ------------------------------------------------------------------- |
| 34 | + # Stage 1: Generate migration scripts from schema-model |
| 35 | + # ------------------------------------------------------------------- |
| 36 | + - type: ci |
| 37 | + name: generate-scripts |
| 38 | + spec: |
| 39 | + steps: |
| 40 | + - name: flyway_generate |
| 41 | + type: run |
| 42 | + spec: |
| 43 | + container: redgate/flyway:latest |
| 44 | + envs: |
| 45 | + SOURCE_DATABASE_JDBC: ${{ SOURCE_DATABASE_JDBC }} |
| 46 | + SOURCE_DATABASE_USER: ${{ SOURCE_DATABASE_USER }} |
| 47 | + SOURCE_DATABASE_PASSWORD: ${{ SOURCE_DATABASE_PASSWORD }} |
| 48 | + SHADOW_DATABASE_JDBC: ${{ SHADOW_DATABASE_JDBC }} |
| 49 | + SHADOW_DATABASE_USER: ${{ SOURCE_DATABASE_USER }} |
| 50 | + SHADOW_DATABASE_PASSWORD: ${{ SOURCE_DATABASE_PASSWORD }} |
| 51 | + FLYWAY_EMAIL: ${{ FLYWAY_EMAIL }} |
| 52 | + FLYWAY_TOKEN: ${{ FLYWAY_TOKEN }} |
| 53 | + script: | |
| 54 | + echo "==========================================" |
| 55 | + echo "Flyway -- Migration Script Generation" |
| 56 | + echo "==========================================" |
| 57 | + echo "Source Dev DB: ${SOURCE_DATABASE_JDBC}" |
| 58 | + echo "Shadow DB: ${SHADOW_DATABASE_JDBC}" |
| 59 | + echo "==========================================" |
| 60 | +
|
| 61 | + echo "--- Step 1: Sync SchemaModel with Dev database ---" |
| 62 | + flyway diff model \ |
| 63 | + -diff.source=dev \ |
| 64 | + -diff.target=schemaModel \ |
| 65 | + -environments.dev.url="${SOURCE_DATABASE_JDBC}" \ |
| 66 | + -environments.dev.user="${SOURCE_DATABASE_USER}" \ |
| 67 | + -environments.dev.password="${SOURCE_DATABASE_PASSWORD}" |
| 68 | +
|
| 69 | + echo "--- Step 2: Generate migration scripts ---" |
| 70 | + flyway diff generate \ |
| 71 | + -diff.source=schemaModel \ |
| 72 | + -diff.target=migrations \ |
| 73 | + -generate.types=versioned,undo \ |
| 74 | + -generate.description=AutoGenerated \ |
| 75 | + -diff.buildEnvironment=shadow \ |
| 76 | + -environments.shadow.url="${SHADOW_DATABASE_JDBC}" \ |
| 77 | + -environments.shadow.user="${SHADOW_DATABASE_USER}" \ |
| 78 | + -environments.shadow.password="${SHADOW_DATABASE_PASSWORD}" \ |
| 79 | + -redgateCompare.sqlserver.options.behavior.addObjectExistenceChecks=true |
| 80 | +
|
| 81 | + echo "" |
| 82 | + echo "========================================" |
| 83 | + echo " Generated Migration Scripts" |
| 84 | + echo "========================================" |
| 85 | + ls -la migrations/ || echo "No migrations directory" |
| 86 | + echo "========================================" |
| 87 | +
|
| 88 | + - name: commit_scripts |
| 89 | + type: run |
| 90 | + spec: |
| 91 | + container: alpine:latest |
| 92 | + envs: |
| 93 | + GIT_PUSH_USER: ${{ GIT_PUSH_USER }} |
| 94 | + GIT_PUSH_TOKEN: ${{ GIT_PUSH_TOKEN }} |
| 95 | + HARNESS_URL: ${{ HARNESS_URL }} |
| 96 | + script: | |
| 97 | + apk add --no-cache git >/dev/null 2>&1 |
| 98 | +
|
| 99 | + git config user.email "harness-ci@localhost" |
| 100 | + git config user.name "Harness CI" |
| 101 | +
|
| 102 | + git add migrations/ schema-model/ |
| 103 | +
|
| 104 | + if git diff --cached --quiet; then |
| 105 | + echo "No new migration scripts -- nothing to commit." |
| 106 | + exit 0 |
| 107 | + fi |
| 108 | +
|
| 109 | + git diff --cached --stat |
| 110 | + git commit -m "chore: add auto-generated migration scripts" |
| 111 | +
|
| 112 | + if [ -n "${GIT_PUSH_TOKEN}" ] && [ -n "${HARNESS_URL}" ]; then |
| 113 | + CURRENT_URL=$(git remote get-url origin) |
| 114 | + REPO_PATH=$(echo "${CURRENT_URL}" | sed 's|.*://[^/]*/||') |
| 115 | + AUTH_URL="${HARNESS_URL}/${REPO_PATH}" |
| 116 | + AUTH_URL=$(echo "${AUTH_URL}" | sed "s|://|://${GIT_PUSH_USER}:${GIT_PUSH_TOKEN}@|") |
| 117 | + git remote set-url origin "${AUTH_URL}" |
| 118 | + fi |
| 119 | +
|
| 120 | + BRANCH=$(git rev-parse --abbrev-ref HEAD) |
| 121 | + git push origin "HEAD:${BRANCH}" |
| 122 | +
|
| 123 | + echo "========================================" |
| 124 | + echo "Scripts committed to ${BRANCH}" |
| 125 | + echo "========================================" |
| 126 | +
|
| 127 | + # ------------------------------------------------------------------- |
| 128 | + # Stage 2: Check (drift + code analysis) |
| 129 | + # ------------------------------------------------------------------- |
| 130 | + - type: ci |
| 131 | + name: check |
| 132 | + spec: |
| 133 | + steps: |
| 134 | + - name: flyway_check |
| 135 | + type: run |
| 136 | + spec: |
| 137 | + container: redgate/flyway:latest |
| 138 | + envs: |
| 139 | + FLYWAY_URL: ${{ TARGET_DATABASE_JDBC }} |
| 140 | + FLYWAY_USER: ${{ TARGET_DATABASE_USER }} |
| 141 | + FLYWAY_PASSWORD: ${{ TARGET_DATABASE_PASSWORD }} |
| 142 | + FLYWAY_EMAIL: ${{ FLYWAY_EMAIL }} |
| 143 | + FLYWAY_TOKEN: ${{ FLYWAY_TOKEN }} |
| 144 | + FLYWAY_BASELINE_ON_MIGRATE: "true" |
| 145 | + script: | |
| 146 | + echo "==========================================" |
| 147 | + echo "Flyway -- Drift + Code Analysis" |
| 148 | + echo "==========================================" |
| 149 | + flyway -v |
| 150 | + echo "Target: ${FLYWAY_URL}" |
| 151 | + echo "==========================================" |
| 152 | +
|
| 153 | + mkdir -p reports |
| 154 | +
|
| 155 | + flyway check -drift -code -dryrun \ |
| 156 | + -check.deployedSnapshot=snapshothistory:current \ |
| 157 | + -check.failOnDrift=false \ |
| 158 | + -check.code.failOnError=false \ |
| 159 | + -reportFilename="reports/check-report.html" \ |
| 160 | + || true |
| 161 | +
|
| 162 | + echo "--- Check complete ---" |
| 163 | + failure: |
| 164 | + type: ignore |
| 165 | + |
| 166 | + # ------------------------------------------------------------------- |
| 167 | + # Stage 3: Migrate |
| 168 | + # ------------------------------------------------------------------- |
| 169 | + - type: ci |
| 170 | + name: migrate |
| 171 | + spec: |
| 172 | + steps: |
| 173 | + - name: flyway_migrate |
| 174 | + type: run |
| 175 | + spec: |
| 176 | + container: redgate/flyway:latest |
| 177 | + envs: |
| 178 | + FLYWAY_URL: ${{ TARGET_DATABASE_JDBC }} |
| 179 | + FLYWAY_USER: ${{ TARGET_DATABASE_USER }} |
| 180 | + FLYWAY_PASSWORD: ${{ TARGET_DATABASE_PASSWORD }} |
| 181 | + FLYWAY_EMAIL: ${{ FLYWAY_EMAIL }} |
| 182 | + FLYWAY_TOKEN: ${{ FLYWAY_TOKEN }} |
| 183 | + FLYWAY_BASELINE_ON_MIGRATE: "true" |
| 184 | + FLYWAY_MIXED: "true" |
| 185 | + FLYWAY_OUT_OF_ORDER: "true" |
| 186 | + script: | |
| 187 | + echo "==========================================" |
| 188 | + echo "Flyway -- Migration" |
| 189 | + echo "==========================================" |
| 190 | + flyway -v |
| 191 | + echo "Target: ${FLYWAY_URL}" |
| 192 | + echo "==========================================" |
| 193 | +
|
| 194 | + echo "--- Pre-Migration Info ---" |
| 195 | + flyway info |
| 196 | +
|
| 197 | + echo "--- Migrate ---" |
| 198 | + flyway migrate |
| 199 | +
|
| 200 | + echo "--- Post-Migration Snapshot ---" |
| 201 | + flyway snapshot -filename=snapshothistory:current |
| 202 | +
|
| 203 | + echo "--- Post-Migration Info ---" |
| 204 | + flyway info |
| 205 | +
|
| 206 | + echo "==========================================" |
| 207 | + echo " Migration complete" |
| 208 | + echo "==========================================" |
0 commit comments