Skip to content

feat: add approval step via harness ui #11607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

feat: add approval step via harness ui #11607

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a4cadf6
feat: add approval step via harness ui
Sonichigo Sep 17, 2025
bd1b073
feat: add approval step via harness ui
Sonichigo Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions docs/database-devops/use-database-devops/governance/audit-trails.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ tags:

---

## Introduction

With Audit Trail in Harness, you can view and track changes to your Harness resources within your Harness account.

The audit data retention period is 2 years. Harness reserves the right to delete audit data after 2 years. You can request a longer retention period by contacting Harness. For example, if you require audit data for legal discoveries, etc., contact Harness and we can help.
Expand All @@ -39,15 +37,13 @@ The Account Audit Trail includes the following Database Devops events:
| DB Schema | Create, Update, Delete |
| DB Instance | Create, Update, Delete |



Each event in the Account Audit Trail list provides the following details:

1. **Action:** Describes the specific activity, such as logging in or deleting.
2. **Resource name and Type:** Identifies the resource type and its name where the event occurred. For example, monitored service, agent, or user.
3. **Organization and Project:** Name of the organization and the project in which the event occurred.

![](./static/audit-trail.png)
![Audit Trails](./static/audit-trail.png)

When you click on a resource name, you will be directed to the corresponding event page. For instance, clicking on a DB Schema resource will take you to the schema listing page, while clicking on a DB Instance resource will redirect you to the instance list page.

Expand All @@ -61,4 +57,4 @@ To see more information about a particular event, select the messaging icon next

You can also see a snapshot of changes in YAML format by expanding YAML Difference.

![](./static/yaml-diff-audit-trail.png)
![Database Devops Audit Trails](./static/yaml-diff-audit-trail.png)
Binary file added ...use-database-devops/governance/static/preview-and-approval-using-harness-ui.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
162 changes: 162 additions & 0 deletions ...e-devops/use-database-devops/governance/using-approval-gates-with-harness-ui.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
---
title: Preview SQL with Manual Approval
description: Learn how to preview SQL changes in Harness DB DevOps pipelines and enforce manual approval before applying schema changes.
sidebar_position: 11
keywords:
- preview sql
- harness dbops
- manual approval
- database pipeline
- sql review
- schema deployment
- db change governance
- harness database devops
- dbops approval workflow
tags:
- harness-db-devops
- sql-preview
- approval-gates
- deployment-safety
- governance

---

import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

Harness DB DevOps allows you to integrate a **Preview SQL** step in your pipeline to review generated SQL before applying schema changes to the database.
This workflow ensures **governance, visibility, and control**, as you can add a **Manual Approval** step between previewing and executing the changes.

The typical workflow looks like this:

1. Clone the Git repository containing migration scripts.
2. Run the **Preview SQL** step to generate SQL for the changes.
3. Pause the pipeline at a **Manual Approval** gate for human verification.
4. After approval, proceed with the **DB Schema Apply** step to deploy the changes.

<Tabs>
<TabItem value="Pipeline Setup" label="Pipeline Setup">

![preview-and-approval-using-harness-ui](./static/preview-and-approval-using-harness-ui.png)
</TabItem>
<TabItem value="YAML Setup" label="YAML Setup">

```yaml
pipeline:
name: mux-sql
identifier: muxsql
projectIdentifier: default_project
orgIdentifier: default
tags: {}
stages:
- stage:
name: deploy
identifier: deploy
description: "preview SQL changes in Harness DB DevOps pipelines and enforce manual approval before applying schema changes."
type: Custom
spec:
execution:
steps:
- stepGroup:
name: preview
identifier: preview
steps:
- step:
type: LiquibaseCommand
name: Preview
identifier: Preview
spec:
connectorRef: account.harnessImage
command: " update-sql"
dbSchema: cockroachDB
dbInstance: cab
timeout: 10m
stepGroupInfra:
type: KubernetesDirect
spec:
connectorRef: db
- step:
type: HarnessApproval
name: Approval
identifier: Approval
spec:
approvalMessage: Please review the following information and approve the pipeline progression
includePipelineExecutionHistory: true
isAutoRejectEnabled: false
approvers:
userGroups:
- account._account_all_users
minimumCount: 1
disallowPipelineExecutor: false
approverInputs: []
timeout: 1d
- stepGroup:
name: deploy
identifier: deploy
steps:
- step:
type: DBSchemaApply
name: DB Schema Apply
identifier: DB_Schema_Apply
spec:
connectorRef: account.harnessImage
dbSchema: cockroachDB
dbInstance: cab
markNextChangeSetRun: true
timeout: 10m
stepGroupInfra:
type: KubernetesDirect
spec:
connectorRef: db
rollbackSteps: []
serviceDependencies: []
tags: {}
delegateSelectors:
- harness-gke-delegate
```
</TabItem>
</Tabs>

## Setting Up the Workflow

In your pipeline’s **Execution** tab, add the following steps:

| Step | Description |
|-----------------|-----------------------------------------------------------------------------|
| **Git Clone** | Clones the migration scripts from the connected Git repository. |
| **Preview SQL** | Generates SQL statements from your changelog or schema definition. |
| **Approval** | Adds a manual approval gate where users must review and confirm SQL changes. |
| **DB Schema Apply** | Applies the approved SQL changes to the target database instance. |

## SQL Preview

The **Preview SQL** step shows a generated SQL script based on the detected changes.
This allows DBAs and developers to:

- Validate the correctness of the SQL.
- Identify potential issues such as destructive changes.
- Ensure compliance with internal policies.

Example output:

```sql
CREATE TABLE products
(
id SERIAL,
name TEXT NOT NULL,
price NUMERIC(10,2) NOT NULL DEFAULT 0.00,
CONSTRAINT products_pkey PRIMARY KEY (id)
);
```
## Manual Approval Step
The Approval step acts as a gate in the pipeline. When the pipeline reaches this stage:
- A notification is sent to the designated approvers.
- Approvers can review the Preview SQL output before continuing.
- The pipeline proceeds to the DB Schema Apply step only after approval.
This ensures that no schema changes are deployed without human validation.

## Applying Schema Changes
After approval, the pipeline executes the `Apply Schema` step. This deploys the reviewed SQL script to the configured database instance. For example:
- **Preview SQL:** shows the generated ALTER TABLE statement.
- **Approval:** DBA confirms the change is safe.
- **DB Schema Apply:** Executes the approved change on the target database.