blob: 18d59035b78fce136bcb0532bca4ce1fc69492d7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# This file is a template, and might need editing before it works on your project.
# Here is a live project example that is using this template:
# https://gitlab.com/szandany/h2
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/liquibase.gitlab-ci.yml
# This template must be configured with CI/CD variables before it will work.
# See https://www.liquibase.com/blog/secure-database-developer-flow-using-gitlab-pipelines
# to learn how to configure the Liquibase template by using variables.
# Be sure to add the variables before running pipelines with this template.
# You may not want to run all the jobs in this template. You can comment out or delete the jobs you don't wish to use.
# List of stages for jobs and their order of execution.
stages:
- build
- test
- deploy
- compare
# Helper functions to determine if the database is ready for deployments (function isUpToDate) or rollbacks (function isRollback) when tag is applied.
.functions: &functions |
function isUpToDate(){
status=$(liquibase status --verbose)
if [[ $status == *'is up to date'* ]]; then
echo "database is already up to date" & exit 0
fi;
}
function isRollback(){
if [ -z "$TAG" ]; then
echo "No TAG provided, running any pending changes"
elif [[ "$(liquibase rollbackSQL $TAG)" ]]; then
liquibase --logLevel=info --logFile=${CI_JOB_NAME}_${CI_PIPELINE_ID}.log rollback $TAG && exit 0
else exit 0
fi;
}
# This is a series of Liquibase commands that can be run while doing database migrations from Liquibase docs at https://docs.liquibase.com/commands/home.html
.liquibase_job:
image: liquibase/liquibase:latest # Using the Liquibase Docker Image at - https://hub.docker.com/r/liquibase/liquibase
before_script:
- liquibase --version
- *functions
- isRollback
- isUpToDate
- liquibase checks run
- liquibase update
- liquibase rollbackOneUpdate --force # This is a Pro command. Try Pro free trial here - https://liquibase.org/try-liquibase-pro-free
- liquibase tag $CI_PIPELINE_ID
- liquibase --logFile=${CI_JOB_NAME}_${CI_PIPELINE_ID}.log --logLevel=info update
- liquibase history
artifacts:
paths:
- ${CI_JOB_NAME}_${CI_PIPELINE_ID}.log
expire_in: 1 week
# This job runs in the build stage, which runs first.
build-job:
extends: .liquibase_job
stage: build
environment:
name: DEV
script:
- echo "This job tested successfully with liquibase in DEV environment"
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
# This job runs in the test stage. It only starts when the job in the build stage completes successfully.
test-job:
extends: .liquibase_job
stage: test
environment:
name: TEST
script:
- echo "This job testsed successfully with liquibase in TEST environment"
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
# This job runs in the deploy stage. It only starts when the jobs in the test stage completes successfully.
deploy-prod:
extends: .liquibase_job
stage: deploy
environment:
name: PROD
script:
- echo "This job deployed successfully Liquibase in a production environment from the $CI_COMMIT_BRANCH branch."
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
# This job compares dev database with test database to detect any drifts in the pipeline. Learn more about comparing database with Liquibase here https://docs.liquibase.com/commands/diff.html
DEV->TEST:
image: liquibase/liquibase:latest # Using the Liquibase Docker Image
stage: compare
environment:
name: TEST
script:
- echo "Comparing databases DEV --> TEST"
- liquibase diff
- liquibase --outputFile=diff_between_DEV_TEST.json diff --format=json
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
artifacts:
paths:
- diff_between_DEV_TEST.json
expire_in: 1 week
# This job compares test database with prod database to detect any drifts in the pipeline.
TEST->PROD:
image: liquibase/liquibase:latest # Using the Liquibase Docker Image
stage: compare
environment:
name: PROD
script:
- echo "Comparing databases TEST --> PROD"
- liquibase diff
- liquibase --outputFile=diff_between_TEST_PROD.json diff --format=json
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
artifacts:
paths:
- diff_between_TEST_PROD.json
expire_in: 1 week
# This job creates a snapshot of prod database. You can use the snapshot file to run comparisons with the production database to investigate for any potential issues. https://www.liquibase.com/devsecops
snapshot PROD:
image: liquibase/liquibase:latest # Using the Liquibase Docker Image
stage: .post
environment:
name: PROD
script:
- echo "Snapshotting database PROD"
- liquibase --outputFile=snapshot_PROD_${CI_PIPELINE_ID}.json snapshot --snapshotFormat=json --log-level debug
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
artifacts:
paths:
- snapshot_PROD_${CI_PIPELINE_ID}.json
expire_in: 1 week
|
