CI/CD Integration
CI/CD Integration
Section titled “CI/CD Integration”Run migrations and database operations in CI/CD pipelines with dbward’s approval workflow.
Key features for CI/CD
Section titled “Key features for CI/CD”- Exit code 2 = approval pending (pipeline can wait or notify)
--idempotency-key= prevent duplicate requests on retry--format json= machine-readable output- API tokens = no interactive login needed
GitHub Actions example
Section titled “GitHub Actions example”Migration on deploy
Section titled “Migration on deploy”name: Deployon: push: branches: [main]
jobs: migrate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4
- name: Install dbward run: | VERSION=$(curl -s https://api.github.com/repos/dbward-dev/dbward/releases/latest | grep -o '"tag_name": "v[^"]*"' | cut -d'"' -f4 | sed 's/^v//') curl -sL "https://github.com/dbward-dev/dbward/releases/latest/download/dbward-v${VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz chmod +x dbward sudo mv dbward /usr/local/bin/
- name: Run migrations env: DBWARD_TOKEN: ${{ secrets.DBWARD_TOKEN }} run: | cat > dbward.toml << EOF default_database = "app" [server] url = "${{ vars.DBWARD_SERVER_URL }}" token = "${DBWARD_TOKEN}" [databases.app] EOF
dbward --environment production migrate up \ --idempotency-key "deploy-${{ github.sha }}" \ --ticket "${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}" \ --repo "${{ github.repository }}"Handling pending approval
Section titled “Handling pending approval” - name: Run migrations id: migrate continue-on-error: true run: dbward --environment production migrate up --idempotency-key "deploy-${{ github.sha }}"
- name: Wait for approval if pending if: steps.migrate.outcome == 'failure' run: | # Exit code 2 = pending approval REQUEST_ID=$(dbward --environment production migrate status --format json | jq -r '.pending_request_id // empty') if [ -n "$REQUEST_ID" ]; then echo "⏳ Waiting for approval: $REQUEST_ID" echo "Approve with: dbward request approve $REQUEST_ID" # Optionally: poll until approved (with timeout) # dbward request resume $REQUEST_ID fiToken setup for CI
Section titled “Token setup for CI”Create a dedicated CI token with appropriate permissions:
dbward token create \ --subject "github-actions" \ --role developer \ --expires 90dStore the token as a repository secret (DBWARD_TOKEN).
Exit codes
Section titled “Exit codes”| Code | Meaning | CI action |
|---|---|---|
| 0 | Success | Continue pipeline |
| 1 | Error (auth failure, network, etc.) | Fail pipeline |
| 2 | Pending approval | Wait or notify |
Idempotency
Section titled “Idempotency”Use --idempotency-key to safely retry failed CI jobs:
dbward --environment production migrate up --idempotency-key "deploy-${GITHUB_SHA}"If the request already exists (same key), dbward returns the existing request status instead of creating a duplicate.
JSON output
Section titled “JSON output”Use --format json for machine-readable output:
dbward --format json --environment production migrate status{ "migrations": [ {"name": "20260501_create_users", "status": "applied"}, {"name": "20260502_add_index", "status": "pending"} ]}Auto-approve for staging
Section titled “Auto-approve for staging”Configure workflows to auto-approve non-production environments:
[[workflows]]database = "*"environment = "staging"# No steps = auto-approveThis lets CI deploy to staging without waiting, while production still requires human approval.
Slack notification for approvals
Section titled “Slack notification for approvals”Combine with webhooks so approvers are notified immediately:
[[webhooks]]url = "${SLACK_WEBHOOK_URL}"events = ["request_created"]format = "slack"When CI creates a migration request, the team gets a Slack message with the SQL and an approve prompt.
See also
Section titled “See also”- Migrations — Migration file management
- Workflows — Configure auto-approve for specific environments