A Speedy, Secure Database Developer Flow Using GitLab Pipelines & Liquibase

GitLab pipelines allow users to manage CI/CD pipelines along with predefined environment variables with a simple interface. Happily, GitLab pipelines work perfectly with Liquibase environment variables to make your process even faster and more secure. (Here’s more on the top three reasons to use Liquibase environment variables.)

Using GitLab CI/CD pipelines with Liquibase environment variables

Let’s go through an example scenario. Suppose that your pipeline is composed of four environments: DEV, QA, UAT, and PROD.

We’ll set each of these environments with the proper configuration as variables so that the build script doesn’t have to specify any configuration at all, only the environment name in each job.
Let’s take a look at a .gitlab-ci.yml build script example:

build-job:
  stage: build
  environment:
    name: DEV
  script:
    - echo "This job tests with liquibase in DEV environment" 
    - liquibase --version
    - liquibase status --verbose
    - liquibase update
    - liquibase rollbackOneUpdate --force
    - liquibase update
    - liquibase history

test-job1:
  stage: test
  environment:
    name: QA
  script:
    - echo "This job tests with liquibase in QA environment"
    - liquibase status --verbose
    - liquibase update
    - liquibase rollbackOneUpdate --force
    - liquibase update
    - liquibase history

test-job2:
  stage: test
  environment:
    name: UAT
  script:
    - echo "This job tests with liquibase in UAT environment"
    - liquibase status --verbose
    - liquibase update
    - liquibase rollbackOneUpdate --force
    - liquibase update
    - liquibase history

deploy-prod:
  stage: deploy
  environment:
    name: PROD
  script:
    - echo "This job deploys Liquibase in a production environment from the $CI_COMMIT_BRANCH branch."
    - liquibase status --verbose
    - liquibase update
    - liquibase rollbackOneUpdate --force
    - liquibase update
    - liquibase history

‍

You’ll notice that for each job there is no mention of any configuration. Passwords, JDBC URLs, and other sensitive information are hidden from the user. This makes database code deployments a whole lot easier for development teams and more secure for your organization!

All of the properties needed for the various environments can be stored in the GitLab project level Environment Variables section. Go to your GitLab project settings → CI/CD → Expand Variables and add all the necessary variables for each environment in the pipeline.

You’ll see that some of the variables are scoped to specific environments. For example, in the DEV environment, the LIQUIBASE_COMMAND_URL value will be different from the value for the UAT environment since we are connecting to a different database.

Once all of the properties are set with the right environment variables, the pipeline can run successfully.

After running the pipeline, you can also inspect each environment’s logs by going to Deployments → Environments via the GitLab interface.

Summing it up

Using GitLab CI/CD pipelines with Liquibase environment variables can make your database change process even faster and more secure. If you’re a GitLab pipelines user, be sure to give Liquibase environment variables a try for free. Make sure you’re running Liquibase 4.4+ and grab a Liquibase Pro license key and add it to your Liquibase properties file.