|
| 1 | +--- |
| 2 | +title: Database GitOps with GitHub Actions |
| 3 | +author: Adela |
| 4 | +updated_at: 2025/03/13 18:00 |
| 5 | +tags: Tutorial |
| 6 | +integrations: API, GitHub |
| 7 | +level: Advanced |
| 8 | +estimated_time: '40 mins' |
| 9 | +description: 'Learn the new GitOps workflow for database release with Bytebase.' |
| 10 | +--- |
| 11 | + |
| 12 | +This tutorial shows you how to build an database GitOps workflow using GitHub Actions and Bytebase API. You'll learn to: |
| 13 | + |
| 14 | +1. Create a streamlined database release workflow where you can: |
| 15 | + |
| 16 | + - Submit SQL migrations through GitHub |
| 17 | + - Automatically run SQL reviews on pull requests |
| 18 | + - Auto-create and deploy Bytebase releases when merging to `main` |
| 19 | + |
| 20 | +2. Manually control rollouts by stage |
| 21 | + |
| 22 | +While we use GitHub Actions in this guide, you can apply these concepts to other CI platforms like GitLab CI, Bitbucket Pipelines, or Azure DevOps using the Bytebase API. |
| 23 | + |
| 24 | +<HintBlock type="info"> |
| 25 | + |
| 26 | +This tutorial code repository is at [https://github.com/bytebase/release-cicd-workflows-example](https://github.com/bytebase/release-cicd-workflows-example) |
| 27 | + |
| 28 | +</HintBlock> |
| 29 | + |
| 30 | +## Prerequisites |
| 31 | + |
| 32 | +- [Docker](https://www.docker.com/) installed |
| 33 | +- An [ngrok](https://ngrok.com/) account |
| 34 | + |
| 35 | +## Automatic Rollout across environments |
| 36 | + |
| 37 | +### Step 1 - Start Bytebase with ngrok |
| 38 | + |
| 39 | +<IncludeBlock url="/docs/get-started/install/vcs-with-ngrok"></IncludeBlock> |
| 40 | + |
| 41 | +### Step 2 - Create Service Account |
| 42 | + |
| 43 | +<IncludeBlock url="/docs/share/tutorials/create-service-account"></IncludeBlock> |
| 44 | + |
| 45 | +If you have **Enterprise Plan**, you can create a **Custom Role** for the service account which require fewer permissions, and assign this role instead of DBA: |
| 46 | + |
| 47 | + - plans.create |
| 48 | + - plans.get |
| 49 | + - plans.preview |
| 50 | + - releases.check |
| 51 | + - releases.create |
| 52 | + - releases.get |
| 53 | + - rollouts.create |
| 54 | + - rollouts.get |
| 55 | + - rollouts.list |
| 56 | + - sheets.create |
| 57 | + - sheets.get |
| 58 | + - taskRuns.create |
| 59 | + - planCheckRuns.list |
| 60 | + - planCheckRuns.run |
| 61 | + |
| 62 | +### Step 3 - Configure SQL Review in Bytebase |
| 63 | + |
| 64 | +Since you will need to run SQL review on your PRs, you need to configure the SQL review in Bytebase. |
| 65 | + |
| 66 | +1. Go to **CI/CD** > **SQL Review**, click **Create SQL Review**. |
| 67 | + |
| 68 | +1. Select the `Sample Template` and click **Next**. |
| 69 | +  |
| 70 | + |
| 71 | +1. Select `Prod` environment as the attached resources and click **Confirm**. Now the SQL review is enabled for the `Prod` environment. |
| 72 | +  |
| 73 | + |
| 74 | +### Step 4 - Fork the Example Repository and Configure Variables |
| 75 | + |
| 76 | +1. Fork [https://github.com/bytebase/release-cicd-workflows-example](https://github.com/bytebase/release-cicd-workflows-example). There are two workflows in this repository: |
| 77 | + |
| 78 | + - `.github/workflows/sql-review.yml`: [Lint the SQL](/docs/sql-review/overview/) migration files after the PR is created. |
| 79 | + - `.github/workflows/release.yml`: Create a release in Bytebase after the PR is merged to the `main` branch. |
| 80 | + |
| 81 | +1. Go into `.github/workflows/release.yml` and `.github/workflows/sql-review.yml`. In the `env` section, replace the variable values with your own and commit the changes. |
| 82 | + |
| 83 | + - **BYTEBASE_URL**: your ngrok url |
| 84 | + - **BYTEBASE_SERVICE_ACCOUNT**: `api-example@service.bytebase.com` (the service account you created in the previous step) |
| 85 | + - **BYTEBASE_PROJECT**: `projects/project-sample` (the sample project in the Bytebase) |
| 86 | + - **BYTEBASE_TARGETS**: `instances/test-sample-instance/databases/hr_test,instances/prod-sample-instance/databases/hr_prod` (the two default databases in the sample project) |
| 87 | + - **FILE_PATTERN**: `migrations/*.sql` (the pattern of the migration files) |
| 88 | + |
| 89 | +1. You may paste the password of the service account you created in the previous step directly after **service-secret** or keep the **service-secret** value as `${{secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET}}`. Go to **Settings > Secrets and Variables > Actions**, click **New repository secret**, and add **BYTEBASE_SERVICE_ACCOUNT_SECRET**. |
| 90 | + |
| 91 | +1. Go to **Actions** tab, enable actions workflow run. |
| 92 | + |
| 93 | +### Step 5 - Create the migration files |
| 94 | + |
| 95 | +To create migration files to trigger release creation, the files have to match the following pattern: |
| 96 | + |
| 97 | +- A migration file should start with digits, which is also its version. e.g. `202503131500_create_table_t1_ddl.sql`. |
| 98 | +- A migration file may end with 'ddl' or 'dml' to indicate its change type. If it doesn't end with any of the two, its change type is DDL by default. |
| 99 | + |
| 100 | +1. Within your forked repository, create the following migration files under `migrations` directory: |
| 101 | + |
| 102 | + - 202503131500_create_table_t1_ddl.sql |
| 103 | + |
| 104 | + ```sql |
| 105 | + CREATE TABLE t1 ( |
| 106 | + id SERIAL PRIMARY KEY, |
| 107 | + name TEXT |
| 108 | + ); |
| 109 | + ``` |
| 110 | + |
| 111 | +1. Commit to a new branch and create a pull request, the `sql-review` workflow will be triggered. There will be a warning in the SQL review result. Go into the **File changes** tab, you can see the warning. |
| 112 | + |
| 113 | +  |
| 114 | + |
| 115 | +  |
| 116 | + |
| 117 | +1. According to the SQL review result, you can do some changes to the SQL files and push to the branch. Then you should see the SQL review has passed. There are no warnings in the SQL review result. |
| 118 | + |
| 119 | + ```sql |
| 120 | + CREATE TABLE t1 ( |
| 121 | + id SERIAL PRIMARY KEY, |
| 122 | + name TEXT NOT NULL |
| 123 | + ); |
| 124 | + ``` |
| 125 | +  |
| 126 | + |
| 127 | +1. When the SQL review is passed, you can merge the pull request. The `release` workflow will be triggered to create a **release** in Bytebase and then roll out automatically. Go to **Actions** tab, you can see the workflow run and pass. |
| 128 | + |
| 129 | +  |
| 130 | + |
| 131 | +1. Click into the workflow run, you can see the release is created in Bytebase and the rollout is applied to the databases automatically. |
| 132 | + |
| 133 | +  |
| 134 | + |
| 135 | +1. If you click the test stage and expand the different sections, you can follow the links to Bytebase. |
| 136 | + |
| 137 | +  |
| 138 | + |
| 139 | +  |
| 140 | + |
| 141 | + |
| 142 | +### Breakdown of the GitHub Actions Workflow |
| 143 | + |
| 144 | +1. Check out your repo and log in to Bytebase to gain the access token. |
| 145 | + |
| 146 | + ```yaml |
| 147 | + - name: Checkout |
| 148 | + uses: actions/checkout@v4 |
| 149 | + - name: Login to Bytebase |
| 150 | + id: login |
| 151 | + uses: bytebase/login-action@v1 |
| 152 | + with: |
| 153 | + bytebase-url: ${{ env.BYTEBASE_URL }} |
| 154 | + service-key: ${{ env.BYTEBASE_SERVICE_ACCOUNT }} |
| 155 | + service-secret: ${{ secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET} }} |
| 156 | + ``` |
| 157 | +
|
| 158 | +1. The **create-release** step scans the files matching the pattern and collects them into a bundle. Note that these files should also obey the naming scheme mentioned above. |
| 159 | +
|
| 160 | + The bundle is first sent for check. Because we set `FAIL_ON_ERROR`, the release will be created in Bytebase only when the check passes. |
| 161 | + |
| 162 | + ```yaml |
| 163 | + - name: Create release |
| 164 | + id: create-release |
| 165 | + uses: bytebase/create-release-action@v1 |
| 166 | + with: |
| 167 | + bytebase-url: ${{ env.BYTEBASE_URL }} |
| 168 | + service-key: ${{ env.BYTEBASE_SERVICE_ACCOUNT }} |
| 169 | + service-secret: ${{ secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET }} |
| 170 | + file-pattern: ${{ env.FILE_PATTERN }} |
| 171 | + check-release: 'FAIL_ON_ERROR' |
| 172 | + project: ${{ env.BYTEBASE_PROJECT }} |
| 173 | + targets: ${{ env.BYTEBASE_TARGETS }} |
| 174 | + validate-only: 'false' |
| 175 | + ``` |
| 176 | + |
| 177 | +1. Create a rollout and wait for completion. |
| 178 | + |
| 179 | + ```yaml |
| 180 | + - name: Create plan |
| 181 | + id: create-plan |
| 182 | + uses: bytebase/create-plan-from-release-action@v1 |
| 183 | + with: |
| 184 | + url: ${{ env.BYTEBASE_URL }} |
| 185 | + token: ${{ steps.login.outputs.token }} |
| 186 | + project: ${{ env.BYTEBASE_PROJECT }} |
| 187 | + release: ${{ steps.create-release.outputs.release }} |
| 188 | + targets: ${{ env.BYTEBASE_TARGETS }} |
| 189 | + check-plan: "SKIP" |
| 190 | +
|
| 191 | + - name: Rollout |
| 192 | + id: rollout |
| 193 | + uses: bytebase/rollout-action@v2 |
| 194 | + if: ${{ steps.create-plan.outputs.deployment-required == 'true' }} |
| 195 | + with: |
| 196 | + url: ${{ env.BYTEBASE_URL }} |
| 197 | + token: ${{ steps.login.outputs.token }} |
| 198 | + plan: ${{ steps.create-plan.outputs.plan }} |
| 199 | + target-stage: environments/test # the stage environment. |
| 200 | +
|
| 201 | + - name: Deploy app |
| 202 | + run: | |
| 203 | + echo "Deploying app to test environment..." |
| 204 | + echo "Deploy app to test environment done!" |
| 205 | + ``` |
| 206 | + |
| 207 | + These are the steps: |
| 208 | + |
| 209 | + - Create the plan from the release |
| 210 | + - Create the rollout |
| 211 | + - Wait for the rollout to complete |
| 212 | + |
| 213 | +## Manual Rollout by Environment |
| 214 | + |
| 215 | +In the previous section, once the PR is merged, we create a release and roll out it to both test and prod environments automatically. |
| 216 | +You can also manually control the rollout by stage. |
| 217 | + |
| 218 | +1. In the repo, click **Settings** > **Environments**, choose **Prod**. Here you can add **required reviewers** for the stage and also set **wait timer**. |
| 219 | +  |
| 220 | + |
| 221 | +1. Create a new branch with this file, and create a pull request. Merge it to the `main` branch. |
| 222 | + |
| 223 | + - 202503131530_create_table_t2_ddl.sql |
| 224 | + |
| 225 | + ```sql |
| 226 | + CREATE TABLE t2 ( |
| 227 | + id SERIAL PRIMARY KEY, |
| 228 | + name TEXT NOT NULL |
| 229 | + ); |
| 230 | + ``` |
| 231 | + |
| 232 | +1. Go to the **Actions** tab, you can see the workflow run and stop at the Prod stage. |
| 233 | + |
| 234 | +  |
| 235 | + |
| 236 | +1. Wait for 5 minutes, the workflow will wait for the required reviewers to approve. |
| 237 | + |
| 238 | +  |
| 239 | + |
| 240 | +1. Click **Approve and deploy** button, the workflow will continue to rollout to the Prod stage. |
| 241 | + |
| 242 | +  |
| 243 | + |
| 244 | +  |
| 245 | + |
| 246 | +  |
| 247 | + |
| 248 | +## Summary |
| 249 | + |
| 250 | +Now you have learned how to database GitOps with GitHub Action. If you want to trigger a release creation with other git providers (e.g. GitLab, Bitbucket, Azure DevOps), you may customize the workflow file. |
0 commit comments