gitlab pipeline now generating scripts on dev branch, opens PR dev to main, deployment happens on main

Author: aguard-redgate

…tomated-capture-migration-per-object.ps1 …tomated-capture-migration-per-object.ps1CLI-autocapture-autoscript/automated-capture-migration-per-object.ps1 renamed to Deprecated-CLI-autocapture-autoscript/automated-capture-migration-per-object.ps1 CLI-autocapture-autoscript/automated-capture-migration-per-object.ps1 renamed to Deprecated-CLI-autocapture-autoscript/automated-capture-migration-per-object.ps1

@@ -0,0 +1,143 @@
+# =============================================================================
+# Flyway Dev Templates — Schema Model → Migration Script Generation
+# =============================================================================
+# Generate versioned migration SQL from schema-model changes using
+# `flyway diff model` and `flyway diff generate`.
+#
+# Include alongside flyway.yml in any pipeline:
+#   include:
+#     - local: '.gitlab/ci/flyway.yml'
+#     - local: '.gitlab/ci/dev.yml'
+#
+# Workflow:
+#   1. generate stage  — `flyway diff model` syncs SchemaModel with the Dev
+#      database, then `flyway diff generate` compares SchemaModel against
+#      existing Migrations to produce new V*__*.sql scripts.  Runs automatically.
+#   2. review stage    — Manual gate.  Reviewer inspects the generated SQL
+#      (available as job artifacts), then clicks ▶ Play to commit the
+#      scripts back to the branch.
+#   3. deploy stage    — Reviewer clicks ▶ Play to run flyway migrate
+#      (uses .flyway_migrate from flyway.yml).
+#
+# CI/CD Variables required (in addition to flyway.yml variables):
+#   TARGET_DATABASE_JDBC       — JDBC URL of the Dev database (diff source)
+#   TARGET_DATABASE_USER       — Dev database user
+#   TARGET_DATABASE_PASSWORD   — Dev database password
+#   SHADOW_DATABASE_JDBC       — JDBC URL of a shadow/build database (empty DB
+#                                 Flyway uses to rebuild from migrations)
+#
+# Optional CI/CD Variables:
+#   SHADOW_DATABASE_USER       — Shadow DB user (defaults to TARGET_DATABASE_USER)
+#   SHADOW_DATABASE_PASSWORD   — Shadow DB password (defaults to TARGET_DATABASE_PASSWORD)
+#   GENERATE_DESCRIPTION       — Description for generated migration (default: AutoGenerated)
+#   GENERATE_TYPES             — Migration types to generate (default: versioned,undo)
+#   GIT_PUSH_TOKEN             — Token with write_repository scope (if CI_JOB_TOKEN can't push)
+#   GITLAB_EXTERNAL_URL         — Browser-reachable GitLab URL for MR links
+#                                 (default: CI_SERVER_URL; set if behind port mapping,
+#                                  e.g. http://localhost:8080)
+#   MR_TARGET_BRANCH            — Branch the MR targets (default: main)
+#
+# Consumer repo structure:
+#   my-flyway-project/
+#   ├── flyway.toml             # Flyway project config
+#   ├── schema-model/           # Schema definitions (devs edit these)
+#   ├── migrations/             # Versioned SQL (generated + committed by CI)
+#   └── .gitlab-ci.yml
+# =============================================================================
+
+# ---------------------------------------------------------------------------
+# Base: shared image + variables for flyway diff jobs
+# ---------------------------------------------------------------------------
+.flyway_dev_base:
+  image:
+    name: redgate/flyway:latest
+    entrypoint: [""]
+  variables:
+    SOURCE_DATABASE_JDBC: "${TARGET_DATABASE_JDBC}"
+    SOURCE_DATABASE_USER: "${TARGET_DATABASE_USER}"
+    SOURCE_DATABASE_PASSWORD: "${TARGET_DATABASE_PASSWORD}"
+    SHADOW_DATABASE_USER: "${TARGET_DATABASE_USER}"
+    SHADOW_DATABASE_PASSWORD: "${TARGET_DATABASE_PASSWORD}"
+    GENERATE_DESCRIPTION: "AutoGenerated"
+    GENERATE_TYPES: "versioned,undo"
+    WORKING_DIRECTORY: "."
+  before_script:
+    - "echo =========================================="
+    - "echo Flyway — Migration Script Generation"
+    - "echo =========================================="
+    - "echo Source Dev DB: $SOURCE_DATABASE_JDBC"
+    - "echo Shadow DB:      $SHADOW_DATABASE_JDBC"
+    - "echo =========================================="
+
+# ---------------------------------------------------------------------------
+# Generate migration scripts from schema-model changes
+# ---------------------------------------------------------------------------
+# Two-step workflow using `flyway diff`:
+#   1. flyway diff model  — syncs SchemaModel folder with the Dev database
+#   2. flyway diff generate — compares SchemaModel to Migrations (via a
+#      shadow/build DB) and generates new V*__*.sql + U*__*.sql scripts
+#
+# Generated scripts are saved as artifacts for review.
+# ---------------------------------------------------------------------------
+.flyway_generate_migrations:
+  extends: .flyway_dev_base
+  script:
+    - "echo '--- Step 1: Sync SchemaModel with Dev database ---'"
+    - "flyway diff model -workingDirectory=${WORKING_DIRECTORY} -diff.source=dev -diff.target=schemaModel -environments.dev.url=${SOURCE_DATABASE_JDBC} -environments.dev.user=${SOURCE_DATABASE_USER} -environments.dev.password=${SOURCE_DATABASE_PASSWORD} -email=${FLYWAY_EMAIL} -token=${FLYWAY_TOKEN}"
+    - "echo '--- Step 2: Generate migration scripts ---'"
+    - "flyway diff generate -workingDirectory=${WORKING_DIRECTORY} -diff.source=schemaModel -diff.target=migrations -generate.types=${GENERATE_TYPES} -generate.description=${GENERATE_DESCRIPTION} -diff.buildEnvironment=shadow -environments.shadow.url=${SHADOW_DATABASE_JDBC} -environments.shadow.user=${SHADOW_DATABASE_USER} -environments.shadow.password=${SHADOW_DATABASE_PASSWORD} -email=${FLYWAY_EMAIL} -token=${FLYWAY_TOKEN}"
+    - "echo '=== Generated migration files ==='"
+    - "ls -la migrations/"
+  artifacts:
+    paths:
+      - migrations/
+    expire_in: 1 week
+  allow_failure: false
+
+# ---------------------------------------------------------------------------
+# Commit generated migrations to the dev branch and open MR to main
+# ---------------------------------------------------------------------------
+# This is a MANUAL job.  Click ▶ Play to:
+#   1. Commit the generated scripts to the current (dev) branch
+#   2. Open a merge request from dev → main
+#
+# The MR diff shows exactly what migration SQL will be added.  You can
+# edit files inline in the MR view before merging.  Merging into main
+# triggers the deploy stages.
+#
+# Authentication: Set GIT_PUSH_TOKEN (PAT with api scope) as a CI/CD
+# variable.  See README → Git Push Authentication.
+# ---------------------------------------------------------------------------
+.flyway_commit_migrations:
+  image: alpine:latest
+  variables:
+    MIGRATIONS_PATH: "./migrations"
+    GIT_COMMIT_MESSAGE: "chore: add auto-generated migration scripts"
+    MR_TITLE: "Flyway: auto-generated migration scripts"
+    MR_TARGET_BRANCH: "main"
+  before_script:
+    - "apk add --no-cache git curl jq >/dev/null 2>&1"
+  script:
+    - "git config user.email gitlab-ci@${CI_SERVER_HOST}"
+    - "git config user.name 'GitLab CI'"
+    - "git add ${MIGRATIONS_PATH}/"
+    - "if git diff --cached --quiet; then echo 'No new migration scripts — nothing to do.'; exit 0; fi"
+    - "git diff --cached --stat"
+    - "git commit -m \"${GIT_COMMIT_MESSAGE}\""
+    - "if [ -n \"${GIT_PUSH_TOKEN}\" ]; then CURRENT_URL=$(git remote get-url origin); PUSH_URL=$(echo \"${CURRENT_URL}\" | sed \"s|gitlab-ci-token:[^@]*|gitlab-ci-token:${GIT_PUSH_TOKEN}|\"); git remote set-url origin \"${PUSH_URL}\"; fi"
+    - "git push origin HEAD:${CI_COMMIT_REF_NAME}"
+    - "echo '--- Creating merge request ---'"
+    - "API_TOKEN=${GIT_PUSH_TOKEN:-${CI_JOB_TOKEN}}"
+    - "GITLAB_API_URL=$(git remote get-url origin | sed 's|/[^/]*/[^/]*\\.git$||')/api/v4"
+    - "EXISTING_MR=$(curl -sf --header \"PRIVATE-TOKEN: ${API_TOKEN}\" \"${GITLAB_API_URL}/projects/${CI_PROJECT_ID}/merge_requests?source_branch=${CI_COMMIT_REF_NAME}&target_branch=${MR_TARGET_BRANCH}&state=opened\" | jq '.[0].iid // empty')"
+    - "if [ -n \"${EXISTING_MR}\" ]; then echo \"Merge request already exists (MR !${EXISTING_MR})\"; MR_IID=${EXISTING_MR}; else MR_RESPONSE=$(curl -sf --header \"PRIVATE-TOKEN: ${API_TOKEN}\" --header \"Content-Type: application/json\" --data \"{\\\"source_branch\\\": \\\"${CI_COMMIT_REF_NAME}\\\", \\\"target_branch\\\": \\\"${MR_TARGET_BRANCH}\\\", \\\"title\\\": \\\"${MR_TITLE}\\\", \\\"remove_source_branch\\\": false}\" \"${GITLAB_API_URL}/projects/${CI_PROJECT_ID}/merge_requests\"); MR_IID=$(echo \"${MR_RESPONSE}\" | jq -r .iid); fi"
+    - "BROWSE_URL=${GITLAB_EXTERNAL_URL:-${CI_SERVER_URL}}/${CI_PROJECT_PATH}/-/merge_requests/${MR_IID}"
+    - "echo '========================================'"
+    - "echo \"Review and merge: ${BROWSE_URL}\""
+    - "echo '========================================'"
+  environment:
+    name: "review/$CI_COMMIT_REF_NAME"
+    url: "http://localhost:8080/$CI_PROJECT_PATH/-/merge_requests"
+    action: prepare
+  when: manual
+  allow_failure: false

…capture-autoscript/automated-capture.ps1 …capture-autoscript/automated-capture.ps1CLI-autocapture-autoscript/automated-capture.ps1 renamed to Deprecated-CLI-autocapture-autoscript/automated-capture.ps1 CLI-autocapture-autoscript/automated-capture.ps1 renamed to Deprecated-CLI-autocapture-autoscript/automated-capture.ps1

@@ -7,6 +7,10 @@
 #   include:
 #     - local: '.gitlab/ci/flyway.yml'
 #
+# For schema-model → migration-script generation, also include:
+#   include:
+#     - local: '.gitlab/ci/dev.yml'
+#
 # For dynamic multi-database deployments driven by the jdbc_table_store
 # registry, also include:
 #   include:

…capture-autoscript/snapshotDriftCheck.sh …capture-autoscript/snapshotDriftCheck.shCLI-autocapture-autoscript/snapshotDriftCheck.sh renamed to Deprecated-CLI-autocapture-autoscript/snapshotDriftCheck.sh CLI-autocapture-autoscript/snapshotDriftCheck.sh renamed to Deprecated-CLI-autocapture-autoscript/snapshotDriftCheck.sh

@@ -92,7 +92,7 @@
     # Set TEMPLATE_PROJECT to your templates repo path so the generated child
     # pipeline can find flyway.yml. Leave empty if templates are in the same repo.
     # -------------------------------------------------------------------------
-    # TEMPLATE_PROJECT: "your-group/flyway-ci-templates"
+    # TEMPLATE_PROJECT: "root/templatized-with-parser"
     # TEMPLATE_REF:     "v1.0.0"
 
     # -------------------------------------------------------------------------
@@ -108,5 +108,3 @@
     expire_in: 2 hours
   rules:
     - when: always
-  rules:
-    - when: always

Gitlab-Templatized/.gitlab/ci/dev.yml

@@ -15,9 +15,9 @@
    TARGET_DATABASE_PASSWORD = your-password (Protected + Masked)
    ```
 
-3. **Choose pipeline template**
+3. **Choose pipeline template** from `usage-examples/`
    ```bash
-   cp .gitlab-ci-example-dev.yml .gitlab-ci.yml
+   cp usage-examples/single-db-dev.gitlab-ci.yml .gitlab-ci.yml
    ```
 
 4. **Add SQL migrations**
@@ -82,13 +82,14 @@ TARGET_DATABASE_JDBC     (scope: production)
 
 ## Pipeline Template Selection
 
-| Databases | Template to Use | Command |
-|-----------|----------------|---------|
-| **1 database** | `.gitlab-ci-example-dev.yml` | `cp .gitlab-ci-example-dev.yml .gitlab-ci.yml` |
-| **Dev + Staging + Prod** | `.gitlab-ci-example-prod.yml` | `cp .gitlab-ci-example-prod.yml .gitlab-ci.yml` |
-| **2-10 databases** | `.gitlab-ci-example-multi-db.yml` | `cp .gitlab-ci-example-multi-db.yml .gitlab-ci.yml` |
-| **10-100 databases** | `.gitlab-ci-example-matrix.yml` | `cp .gitlab-ci-example-matrix.yml .gitlab-ci.yml` |
-| **100+ databases** | See SETUP_GUIDE.md | Dynamic child pipelines |
+| Databases | Template (in `usage-examples/`) | Command |
+|-----------|--------------------------------|--------|
+| **1 database** | `single-db-dev.gitlab-ci.yml` | `cp usage-examples/single-db-dev.gitlab-ci.yml .gitlab-ci.yml` |
+| **Schema-model workflow** | `schema-model.gitlab-ci.yml` | `cp usage-examples/schema-model.gitlab-ci.yml .gitlab-ci.yml` |
+| **Dev + Staging + Prod** | `staging-and-production.gitlab-ci.yml` | `cp usage-examples/staging-and-production.gitlab-ci.yml .gitlab-ci.yml` |
+| **2-10 databases** | `multi-database.gitlab-ci.yml` | `cp usage-examples/multi-database.gitlab-ci.yml .gitlab-ci.yml` |
+| **10-100 databases** | `matrix.gitlab-ci.yml` | `cp usage-examples/matrix.gitlab-ci.yml .gitlab-ci.yml` |
+| **100+ databases** | `dynamic-pipeline.gitlab-ci.yml` | `cp usage-examples/dynamic-pipeline.gitlab-ci.yml .gitlab-ci.yml` |
 
 ---
 

Gitlab-Templatized/.gitlab/ci/flyway.yml

@@ -8,6 +8,7 @@ Your Flyway project repo includes these templates via GitLab's cross-project `in
 
 ```
 .gitlab/ci/flyway.yml         # Flyway job templates (.flyway_validate, .flyway_migrate, etc.)
+.gitlab/ci/dev.yml            # Schema-model → migration generation templates (.flyway_generate_migrations, etc.)
 .gitlab/ci/generate.yml       # Dynamic pipeline generation template (.generate_pipeline)
 scripts/generate_pipeline.py  # Queries registry sproc → builds JDBCs → writes child pipeline YAML
 scripts/requirements.txt      # Python dependencies (pymssql, PyYAML)
@@ -35,8 +36,8 @@ In your Flyway project's `.gitlab-ci.yml`:
 
 ```yaml
 include:
-  - project: 'your-group/flyway-ci-templates'   # path to THIS repo
-    ref: 'v1.0.0'                                # pin to a tag
+  - project: 'root/templatized-with-parser'      # path to THIS repo
+    ref: 'main'                                  # pin to a tag or branch
     file: '/.gitlab/ci/flyway.yml'
 ```
 
@@ -97,14 +98,62 @@ migrate:custom:
     FLYWAY_OUT_OF_ORDER: "true"
 ```
 
+### dev.yml — Schema Model → Migration Generation
+
+Generate versioned migration scripts from schema-model changes using `flyway diff model` and `flyway diff generate`.  Includes a manual gate that creates a **merge request** so reviewers can inspect the generated SQL diff before merging.
+
+| Template | Purpose | Notes |
+|----------|---------|-------|
+| `.flyway_generate_migrations` | `flyway diff model` + `flyway diff generate` | Auto-generates V*__*.sql from schema-model diffs |
+| `.flyway_commit_migrations` | Push branch + create merge request | Manual gate — opens MR for script review |
+
+Additional CI/CD variables for schema-model workflows:
+
+| Variable | Example | Required | Notes |
+|----------|---------|----------|-------|
+| `TARGET_DATABASE_JDBC` | `jdbc:sqlserver://host:1433;databaseName=mydb;encrypt=true` | Yes | Dev database (diff source) |
+| `SHADOW_DATABASE_JDBC` | `jdbc:sqlserver://host:1433;databaseName=mydb_shadow;encrypt=true` | Yes | Empty DB Flyway rebuilds from migrations |
+| `GIT_PUSH_TOKEN` | `glpat-xxxxxxxxxxxx` | Yes* | PAT with `api` scope — see [Git Push Authentication](#git-push-authentication) |
+| `GITLAB_EXTERNAL_URL` | `http://localhost:8080` | No | Browser-reachable GitLab URL for MR links (defaults to `CI_SERVER_URL`; set when behind port mapping) |
+| `MR_TARGET_BRANCH` | `main` | No | Branch the MR targets (default: `main`) |
+
+\* Required unless CI job token permissions are enabled (Option B below).
+
+See [`usage-examples/schema-model.gitlab-ci.yml`](usage-examples/schema-model.gitlab-ci.yml) for a complete example.
+
+#### Git Push Authentication
+
+The `.flyway_commit_migrations` job pushes a branch and creates a merge request via the GitLab API. This requires write access. Two options:
+
+**Option A — Personal Access Token (recommended for self-hosted GitLab)**
+
+1. Go to your GitLab instance → **Profile → Access Tokens**
+2. Create a token with the **`api`** scope (covers both git push and MR creation)
+3. Add it as a **CI/CD variable** in your project:
+   - **Key:** `GIT_PUSH_TOKEN`
+   - **Value:** the token
+   - **Protected:** ✓  **Masked:** ✓
+
+This is the simplest approach and works on all GitLab versions.
+
+**Option B — CI Job Token permissions (GitLab 15.9+, GitLab.com)**
+
+1. Go to your project → **Settings → CI/CD → Token permissions**
+2. Enable **"Allow CI job token to push to this project"**
+3. Under **Settings → Repository → Protected branches**, ensure the job token role can push
+
+With this option, no `GIT_PUSH_TOKEN` variable is needed — the pipeline uses the built-in `CI_JOB_TOKEN`. However, not all GitLab versions support this, and some self-hosted instances restrict job token API access.
+
+> **Which should I use?** Option A is more reliable, especially for local or self-hosted GitLab. Option B is cleaner for GitLab.com since it requires no extra secrets.
+
 ### generate.yml — Dynamic Pipeline (100+ Databases)
 
 For large-scale deployments driven by a SQL Server registry database. A single Python script (`scripts/generate_pipeline.py`) calls `dbo.usp_GetFlywayTargets`, builds JDBC URLs from the `dbserver` and `db` columns, and writes a child pipeline with one migrate job per target.
 
 ```yaml
 include:
-  - project: 'your-group/flyway-ci-templates'
-    ref: 'v1.0.0'
+  - project: 'root/templatized-with-parser'
+    ref: 'main'
     file:
       - '/.gitlab/ci/flyway.yml'
       - '/.gitlab/ci/generate.yml'
@@ -175,11 +224,17 @@ See [`usage-examples/`](usage-examples/) for complete `.gitlab-ci.yml` files:
 | File | Scenario |
 |------|----------|
 | `single-db-dev.gitlab-ci.yml` | Single database, dev branch |
+| `schema-model.gitlab-ci.yml` | Schema-model → generated migrations with approval gate |
+| `schema-model-dynamic.gitlab-ci.yml` | Schema-model + registry-driven dynamic deploy to all targets |
 | `staging-and-production.gitlab-ci.yml` | Staging → production with manual approval |
 | `multi-database.gitlab-ci.yml` | 2–10 databases with explicit jobs |
-
-For parallel matrix (10–100 DBs), see `.gitlab-ci-example-matrix.yml`.
-For registry-driven dynamic pipelines (100+ DBs), see `.gitlab-ci-example-all-regions.yml`.
+| `variable-driven.gitlab-ci.yml` | Variable-driven, no registry or Python |
+| `matrix.gitlab-ci.yml` | Parallel matrix for 10–100 databases |
+| `dynamic-pipeline.gitlab-ci.yml` | Registry-driven dynamic child pipeline |
+| `all-regions.gitlab-ci.yml` | Dynamic pipeline — all regions |
+| `region-london.gitlab-ci.yml` | Dynamic pipeline — London only |
+| `region-new-york.gitlab-ci.yml` | Dynamic pipeline — New York only |
+| `region-tokyo.gitlab-ci.yml` | Dynamic pipeline — Tokyo only |
 
 ## Environment-Scoped Variables
 

Gitlab-Templatized/.gitlab/ci/generate.yml

@@ -156,7 +156,7 @@ jdbc:oracle:thin:@//hostname:1521/service_name
 Copy the development example to create your active pipeline:
 
 ```bash
-cp .gitlab-ci-example-dev.yml .gitlab-ci.yml
+cp usage-examples/single-db-dev.gitlab-ci.yml .gitlab-ci.yml
 ```
 
 ### Step 2: Review and Customize (Optional)
@@ -244,7 +244,7 @@ git push origin dev
 Use the multi-database example:
 
 ```bash
-cp .gitlab-ci-example-multi-db.yml .gitlab-ci.yml
+cp usage-examples/multi-database.gitlab-ci.yml .gitlab-ci.yml
 ```
 
 Edit `.gitlab-ci.yml` to match your databases:

Gitlab-Templatized/QUICK_REFERENCE.md

@@ -159,6 +159,26 @@ if ($runnerConfig -notmatch '\[\[runners\]\]') {
     }
 }
 
+# ---------------------------------------------------------------------------
+# Configure Git SSH to use port 2222 for localhost (idempotent)
+# ---------------------------------------------------------------------------
+$sshDir = Join-Path $env:USERPROFILE ".ssh"
+if (-not (Test-Path $sshDir)) { New-Item -ItemType Directory -Path $sshDir -Force | Out-Null }
+$sshConfig = Join-Path $sshDir "config"
+$hostBlock = @"
+# GitLab local (added by startup-services.ps1)
+Host localhost
+  Port 2222
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+"@
+if ((Test-Path $sshConfig) -and (Get-Content $sshConfig -Raw) -match 'GitLab local') {
+    Write-Host "SSH config for localhost:2222 already exists." -ForegroundColor Gray
+} else {
+    Add-Content -Path $sshConfig -Value "`n$hostBlock`n"
+    Write-Host "Added SSH config: localhost → port 2222" -ForegroundColor Green
+}
+
 # ---------------------------------------------------------------------------
 # Summary
 # ---------------------------------------------------------------------------