4d1313a3bc
Změněná repeatable (R__047 current_a) je proti prod DB 'pending' a validate bez ignore patternu selhával — design gate počítal jen s checksum mismatch verzovaných (ty hlídá ci_check_migration_immutability.sh). Ověřeno lokálně proti prod DB: Successfully validated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
70 lines
2.7 KiB
Bash
Executable File
70 lines
2.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Flyway validate using migration files from repo root; JDBC from env (staging / CI DB).
|
|
# Env: EMS_CI_FLYWAY_URL — if unset, skips (warn). Optional: EMS_CI_FLYWAY_USER, EMS_CI_FLYWAY_PASSWORD, FLYWAY_IMAGE
|
|
#
|
|
# CI notes:
|
|
# - Flyway runs in a throwaway container; without --network host, jdbc:…//localhost… hits the
|
|
# container loopback, not the host (connection refused).
|
|
# - Some runners set missing secrets to the literal string "null"; passing FLYWAY_USER=null
|
|
# overrides credentials embedded in the JDBC URL and yields "user 'null'" from the driver.
|
|
set -euo pipefail
|
|
|
|
if [[ -z "${EMS_CI_FLYWAY_URL:-}" ]]; then
|
|
echo "WARN: EMS_CI_FLYWAY_URL not set — skipping remote Flyway validate (set Gitea secret for CI)."
|
|
exit 0
|
|
fi
|
|
|
|
# Treat empty / JSON-null placeholders as unset so we do not override URL credentials.
|
|
_ci_sanitize_secret() {
|
|
local v="${1-}"
|
|
v="${v#"${v%%[![:space:]]*}"}"
|
|
v="${v%"${v##*[![:space:]]}"}"
|
|
case "${v,,}" in ''|'null'|'<null>') printf '%s' '' ;; *) printf '%s' "$v" ;; esac
|
|
}
|
|
|
|
EMS_CI_FLYWAY_USER="$(_ci_sanitize_secret "${EMS_CI_FLYWAY_USER-}")"
|
|
EMS_CI_FLYWAY_PASSWORD="$(_ci_sanitize_secret "${EMS_CI_FLYWAY_PASSWORD-}")"
|
|
|
|
ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
|
|
cd "$ROOT"
|
|
|
|
IMG="${FLYWAY_IMAGE:-flyway/flyway:12}"
|
|
|
|
# POZOR: žádné -v bind mounty! Docker CLI mluví s HOSTOVSKÝM daemonem; když job
|
|
# běží v kontejneru (container mód runneru), cesty checkoutu na hostu neexistují
|
|
# a flyway dostane prázdné adresáře ("applied migration not resolved locally").
|
|
# docker cp streamuje soubory od klienta → funguje v host i container módu.
|
|
# /sql (ne /flyway/sql): image deklaruje /flyway/sql jako VOLUME — anonymní volume
|
|
# by při startu zastínil soubory nakopírované přes docker cp do vrstvy kontejneru.
|
|
args=(
|
|
create
|
|
--network host
|
|
-e "FLYWAY_URL=${EMS_CI_FLYWAY_URL}"
|
|
-e "FLYWAY_SCHEMAS=ems"
|
|
-e "FLYWAY_LOCATIONS=filesystem:/sql/migration,filesystem:/sql/routines,filesystem:/sql/views"
|
|
# Změněná/nová repeatable je proti DB "pending" — to není chyba (aplikuje ji
|
|
# deploy migrate). Immutabilitu VERZOVANÝCH hlídá ci_check_migration_immutability.sh.
|
|
-e "FLYWAY_IGNORE_MIGRATION_PATTERNS=*:pending"
|
|
)
|
|
|
|
if [[ -n "$EMS_CI_FLYWAY_USER" ]]; then
|
|
args+=(-e "FLYWAY_USER=${EMS_CI_FLYWAY_USER}")
|
|
fi
|
|
if [[ -n "$EMS_CI_FLYWAY_PASSWORD" ]]; then
|
|
args+=(-e "FLYWAY_PASSWORD=${EMS_CI_FLYWAY_PASSWORD}")
|
|
fi
|
|
|
|
args+=("$IMG" validate)
|
|
|
|
echo "Running Flyway validate against remote DB (schema ems)…"
|
|
cid="$(docker "${args[@]}")"
|
|
cleanup() { docker rm -f "$cid" >/dev/null 2>&1 || true; }
|
|
trap cleanup EXIT
|
|
|
|
docker cp "$ROOT/db" "$cid:/sql"
|
|
|
|
docker start "$cid" >/dev/null
|
|
rc="$(docker wait "$cid")"
|
|
docker logs "$cid"
|
|
exit "$rc"
|