#!/usr/bin/env bash # Flyway validate using migration files from repo root; JDBC from env (staging / CI DB). # Env: EMS_CI_FLYWAY_URL — if unset, skips (warn). Optional: EMS_CI_FLYWAY_USER, EMS_CI_FLYWAY_PASSWORD, FLYWAY_IMAGE # # CI notes: # - Flyway runs in a throwaway container; without --network host, jdbc:…//localhost… hits the # container loopback, not the host (connection refused). # - Some runners set missing secrets to the literal string "null"; passing FLYWAY_USER=null # overrides credentials embedded in the JDBC URL and yields "user 'null'" from the driver. set -euo pipefail if [[ -z "${EMS_CI_FLYWAY_URL:-}" ]]; then echo "WARN: EMS_CI_FLYWAY_URL not set — skipping remote Flyway validate (set Gitea secret for CI)." exit 0 fi # Treat empty / JSON-null placeholders as unset so we do not override URL credentials. _ci_sanitize_secret() { local v="${1-}" v="${v#"${v%%[![:space:]]*}"}" v="${v%"${v##*[![:space:]]}"}" case "${v,,}" in ''|'null'|'') printf '%s' '' ;; *) printf '%s' "$v" ;; esac } EMS_CI_FLYWAY_USER="$(_ci_sanitize_secret "${EMS_CI_FLYWAY_USER-}")" EMS_CI_FLYWAY_PASSWORD="$(_ci_sanitize_secret "${EMS_CI_FLYWAY_PASSWORD-}")" ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)" cd "$ROOT" IMG="${FLYWAY_IMAGE:-flyway/flyway:12}" args=( run --rm --network host -v "$ROOT/db/migration:/flyway/sql/migration" -v "$ROOT/db/routines:/flyway/sql/routines" -v "$ROOT/db/views:/flyway/sql/views" -e "FLYWAY_URL=${EMS_CI_FLYWAY_URL}" -e "FLYWAY_SCHEMAS=ems" -e "FLYWAY_LOCATIONS=filesystem:/flyway/sql/migration,filesystem:/flyway/sql/routines,filesystem:/flyway/sql/views" ) if [[ -n "$EMS_CI_FLYWAY_USER" ]]; then args+=(-e "FLYWAY_USER=${EMS_CI_FLYWAY_USER}") fi if [[ -n "$EMS_CI_FLYWAY_PASSWORD" ]]; then args+=(-e "FLYWAY_PASSWORD=${EMS_CI_FLYWAY_PASSWORD}") fi args+=("$IMG" validate) echo "Running Flyway validate against remote DB (schema ems)…" docker "${args[@]}"