Flyway

• ✅ Supported. You can point Flyway at any JDBC URL, so you can run the same migration scripts against multiple databases.
• Each database keeps its own flyway_schema_history table.
• You typically run:

flyway -url=jdbc:postgresql://db1:5432/app -user=user -password=pass migrate
flyway -url=jdbc:postgresql://db2:5432/app -user=user -password=pass migrate

Or configure multiple datasources in CI/CD.

Liquibase

• ✅ Also supported. You just configure different url values in liquibase.properties or pass them via CLI.
• Each database will maintain its own DATABASECHANGELOG and DATABASECHANGELOGLOCK tables.
• Example:

liquibase --url="jdbc:mysql://db1:3306/app" update
liquibase --url="jdbc:mysql://db2:3306/app" update

⚠️ Things to watch out for

1. Separate history tables per DB → each DB tracks migrations independently.
2. Idempotent scripts → make sure migrations can run cleanly in all environments.
3. Automation → often wrapped in CI/CD jobs or scripts to apply to multiple databases in sequence.
4. Schema differences → if your DBs drift, the same migration may fail on one but succeed on another.

That depends on the migration tool you’re using. Here are the most common ones:

Flyway

• Flyway keeps migration history in a table called flyway_schema_history in your database.
• You can check it by running:

SELECT * FROM flyway_schema_history;

Or from CLI:

flyway info

This shows applied, pending, failed migrations, and checksums.

Liquibase

• Liquibase stores migration history in a table called DATABASECHANGELOG.
• To view:

SELECT * FROM databasechangelog;

Or from CLI:

liquibase history

Nice one 👍 resetting migrations means “wipe the DB back to empty and re-apply everything from scratch.” How you do it depends on whether you’re in dev/test or prod.

🔹 Flyway

1. Clean (drops everything)

flyway clean

Drops all objects (tables, views, etc.) in the configured schemas.

⚠️ Dangerous — should be disabled in prod by default (spring.flyway.clean-disabled=true).

Migrate again

flyway migrate

Recreates schema from your V1__... → Vn__....

Repair (optional)

flyway repair

Fixes checksums and history table after you’ve rebuilt.

🔹 Liquibase

1. Drop all objects

liquibase dropAll

Clears the schema (tables, indexes, views, etc.).

Update again

liquibase update

Replays your changelogs from scratch.

Clear history (optional)

liquibase clearCheckSums

🔹 Manual “reset” (works for both)

• Drop the schema or database manually:

DROP SCHEMA public CASCADE;
CREATE SCHEMA public;

Then re-run migrations.

🔹 Best Practices

• Dev/Test: Safe to reset often (helps when experimenting). Automate via clean+migrate or Testcontainers.
• Prod: 🚨 Never reset! Instead use expand/contract and versioned migrations only. If schema drift is bad, do a dump → rebuild → restore data with a migration plan.
• Seed data: Keep test/demo data in separate scripts so you can reload after reset.

skipping a migration is sometimes needed (bad script, applied out-of-band, or not relevant in test). How you do it depends on your tool:

🔹 Flyway

Flyway tracks migrations in a table called flyway_schema_history.

Options:

1. Mark it as applied (skip execution)

flyway migrate -target=V5

Runs migrations up to V5. If your next file is V6__bad.sql, it won’t run.

Later, when you add V7__new.sql, Flyway will skip V6 because it sees V7 is next.

2. Baseline or repair trick

• If the migration was already applied outside Flyway, mark it with:

flyway baseline -baselineVersion=6

→ Flyway pretends everything up to version 6 is applied.

3. Mark individual migration as applied

• Insert a row manually into flyway_schema_history with the right version, description, checksum = null, and success = 1.
• Dangerous if done wrong, but effective.

🔹 Liquibase

Liquibase uses a DATABASECHANGELOG table.

Options:

1. ChangeSet with runAlways: false + runOnChange: false
   • By default, Liquibase already skips a changeset once it’s logged as applied.
2. Mark as executed without running

liquibase changelogSync

→ Marks all pending changes as executed (skips them).

Or, more selectively:

liquibase changelogSyncSQL

→ Generates SQL to insert rows into DATABASECHANGELOG for specific changesets.

Comment it out in changelog (not ideal — keeps history inconsistent if already deployed).

🔹 General Best Practices

• Don’t delete a migration file — it breaks history for anyone who hasn’t applied it yet.
• Mark it as skipped/applied so the migration tool’s history table stays consistent.
• Document why it was skipped — future teammates (or future you) will thank you.
• If it’s a bad migration, safer pattern is:
  • Create a new “fix” migration instead of removing the old one.
  • Only use skip tricks in dev/test, not prod.

services:
  db: { image: postgres:16, environment: [POSTGRES_DB=app, POSTGRES_PASSWORD=pass] }
  migrate:
    image: liquibase/liquibase
    depends_on: [db]
    command: ["update", "--url=jdbc:postgresql://db:5432/app", "--changelog-file=/changelog.xml"]
  app:
    image: my-app
    depends_on: [migrate]

Testcontainers for integration tests (Java):

@Testcontainers
class RepoIT {
  @Container
  static PostgreSQLContainer<?> pg = new PostgreSQLContainer<>("postgres:16");

  @DynamicPropertySource
  static void dbProps(DynamicPropertyRegistry r) {
    r.add("spring.datasource.url", pg::getJdbcUrl);
    r.add("spring.datasource.username", pg::getUsername);
    r.add("spring.datasource.password", pg::getPassword);
    r.add("spring.flyway.enabled", () -> true);      // Flyway runs against the container
    r.add("spring.jpa.hibernate.ddl-auto", () -> "none");
  }
}

2) CI: run migrations as a pipeline step

Typical PR check pipeline

1. Start DB service (Compose service or CI “services”).
2. Run migrations (Flyway/Liquibase CLI or Maven/Gradle plugin).
3. Run tests (unit + integration).
4. Optionally validate schema drift.

GitHub Actions sketch

services:
  postgres:
    image: postgres:16
    env: { POSTGRES_DB: app, POSTGRES_PASSWORD: pass }
    ports: ["5432:5432"]
steps:
  - uses: actions/checkout@v4
  - name: Wait for DB
    run: until pg_isready -h localhost -p 5432; do sleep 1; done
  - name: Run Flyway
    run: ./mvnw -q -Dflyway.url=jdbc:postgresql://localhost:5432/app \
                -Dflyway.user=postgres -Dflyway.password=pass flyway:migrate
  - name: Tests
    run: ./mvnw -q test

3) Integration & E2E environments: treat like prod, but disposable

• Dedicated DB per environment (e.g., app_test, app_e2e).
• One-off “migrate” job before deploying the test app.
• Seed data via separate changelog folder (e.g., db/seed/) or fixtures loaded by the test harness. Keep seeds idempotent.

4) Reset strategies between test runs

• Flyway/Liquibase clean + migrate for quick wipe.
• Ephemeral DB: Testcontainers or throwaway schema name per run (e.g., schema_pr123_abcdef).
• Snapshot/restore: initialize once, take a DB snapshot, restore per suite for speed (useful for heavy datasets).

5) Versioning and safety knobs

• Expand/Contract in tests too:
  • Verify “expand” migrations allow old + new code to run.
  • Run backfills as separate jobs you can test independently.
• Flyway
  • validateOnMigrate=true to catch drift.
  • Use repair only to fix checksums on test DBs (never as a habit).
• Liquibase
  • liquibase updateSQL for dry-run SQL review in CI.
  • diff/diffChangeLog to detect drift vs desired schema.

6) Seeding test data (cleanly)

• Prefer readable, isolated seeds:
  • minimal “happy-path” records for integration tests,
  • richer fixtures for E2E.
• Keep seeds separate from schema migrations (different path or tag) so prod doesn’t get test data.

7) Parallelism & race conditions

• If your tests run in parallel against one DB, you’ll fight locks and state leakage.
• Prefer one DB per test worker (Testcontainers, unique schema per worker, or a matrix of ports/DB names).
• Ensure only one migration runner acts on a given database at a time (lock via tool’s built-in table or by isolating per-worker DB).

8) Tooling quick refs

• Flyway (Maven):

<plugin>
  <groupId>org.flywaydb</groupId><artifactId>flyway-maven-plugin</artifactId>
  <version>${flyway.version}</version>
  <configuration>
    <url>${flyway.url}</url>
    <user>${flyway.user}</user>
    <password>${flyway.password}</password>
    <validateOnMigrate>true</validateOnMigrate>
  </configuration>
</plugin>

Run: mvn -q flyway:clean flyway:migrate -Ptest

Liquibase (Gradle)

liquibase {
  activities.register("testMigrate") {
    this.arguments = mapOf(
      "changelogFile" to "db/changelog-master.yaml",
      "url" to System.getenv("TEST_DB_URL"),
      "username" to "postgres",
      "password" to "pass"
    )
  }
}

• Run: ./gradlew update -PliquibaseActivity=testMigrate

9) Suggested setups by environment

• Unit tests: no DB or use lightweight embedded (no migrations).
• Integration tests: Testcontainers + Flyway auto-migrate.
• Local manual testing: docker compose up db migrate app; rerun migrate or clean+migrate as needed.
• CI per PR: spin DB service → migrate → run tests; optionally run a dry-run (Liquibase updateSQL) and schema-drift check.
• Shared E2E env: pre-deploy “migrate” job; nightly refresh with snapshot.

⚠️ The Problem

Imagine you run your app in multiple containers/replicas (e.g. in Docker Swarm, Kubernetes, or just scaling docker-compose up --scale app=3).

If each replica runs database migrations on startup, then:

• All replicas connect to the database at the same time.
• Each one tries to apply the same schema changes (ALTER TABLE, CREATE INDEX, etc.).
• This can cause:
  • Race conditions (two replicas try to apply the same migration file).
  • Deadlocks/locks on the database.
  • Migration failures — one succeeds, others crash with “migration already applied” or “table already exists”.

✅ Why Dedicated Migrations Are Safer

That’s why teams often:

• Run migrations in a dedicated container (one-off job in Docker or Kubernetes).
• Or use init containers (Kubernetes) or pre-deployment jobs in CI/CD pipelines.
• After migrations succeed → app replicas start up normally, reading the updated schema.

🔹 Example in Docker Compose

Bad (risky) approach:

services:
  app:
    image: my-app
    depends_on: [db]
    # App runs migrations on startup (risky if scaled to 3 replicas!)

Better approach:

services:
  db:
    image: postgres:15

  migrate:
    image: liquibase/liquibase
    depends_on: [db]
    command: ["update", "--url=jdbc:postgresql://db:5432/app", "--changelog-file=changelog.xml"]

  app:
    image: my-app
    depends_on: [migrate]   # starts only after migrations succeed

Here only one migration container runs → safe schema update. Then your app replicas can scale freely.

Yes 👍 — migration tools (like Liquibase, Flyway, or custom SQL migration scripts) can definitely be used with Docker. In fact, containerization is very common for managing schema migrations in modern deployments. Here’s how it usually works:

🔹 Common Ways to Use Migration Tools with Docker

1. Migration inside the app container
   • Your backend service (Java Spring Boot, Node.js, etc.) includes the migration tool as part of its startup.
   • Example: Spring Boot with Flyway automatically runs migrations on startup when connected to the DB container.
   • ✅ Simple setup.
   • ❌ Risky if multiple replicas start at once (you need to ensure only one runs migrations).
2. Dedicated migration container
   • Run Liquibase/Flyway in a separate one-off container as a step in your pipeline or docker-compose.
   • Example:

services:
  db:
    image: postgres:15
  migrate:
    image: liquibase/liquibase
    depends_on: 
      - db
    command: ["update", "--url=jdbc:postgresql://db:5432/app", "--changelog-file=db.changelog.xml"]

✅ Cleaner separation of concerns.

✅ Works well in CI/CD (can be run before deploying app containers).

3. Manual migration via Docker exec/run

You can exec into a container that has the migration tool installed and run it manually.

Example:

docker run --rm \
  --network=my_app_network \
  liquibase/liquibase \
  update --url=jdbc:postgresql://db:5432/app --changelog-file=changelog.xml

✅ Good for local development or one-off fixes.

❌ Not automated.

🔹 Best Practices

• Don’t bake credentials into the image — pass DB connection details via env variables or secrets.
• Use orchestration carefully — in Kubernetes or Docker Swarm, make sure migrations run before app containers scale up.
• Idempotency matters — migrations should be safe to run multiple times without breaking (Flyway/Liquibase handle this well).
• CI/CD integration — typically, migrations run in the pipeline before the new app version is deployed.

Core idea

Treat migrations as a separate, run-once step that runs before (or alongside) the app rollout and is safe to re-run. Use the migration tool’s locking/versioning so only one job changes the schema.

Typical patterns

1. Dedicated migration job (recommended)
   CI runs a specific job (Flyway/Liquibase/Prisma/Alembic/etc.) using DB creds from secrets. Gate the deploy on success.
2. Kubernetes Job / Helm hook
   Ship migrations as a discrete container that runs to completion before/with the release (with proper hooks to order it).
3. App runs migrations on startup
   Fine for small apps/single instance; risky for fleets/shared DBs—avoid in most teams.

Example: GitHub Actions — Flyway (PostgreSQL)

name: deploy
on: [push]
jobs:
  migrate-db:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Flyway migrations
        run: |
          docker run --rm \
            -v "$PWD/db/migrations:/flyway/sql" \
            -e FLYWAY_URL="${{ secrets.DB_URL }}" \
            -e FLYWAY_USER="${{ secrets.DB_USER }}" \
            -e FLYWAY_PASSWORD="${{ secrets.DB_PASSWORD }}" \
            flyway/flyway:10.18.2 migrate
  deploy-app:
    needs: migrate-db
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      # build & deploy your app here

Example: GitLab CI — Liquibase

stages: [migrate, deploy]

migrate_db:
  stage: migrate
  image: liquibase/liquibase:4.29
  script:
    - liquibase \
        --url="$DB_URL" \
        --username="$DB_USER" \
        --password="$DB_PASSWORD" \
        --changelog-file=changelog/db.changelog-master.yaml \
        --log-level=info update
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
  variables:
    DB_URL: $PROD_DB_URL
    DB_USER: $PROD_DB_USER
    DB_PASSWORD: $PROD_DB_PASSWORD

deploy_app:
  stage: deploy
  needs: ["migrate_db"]
  script:
    - ./deploy.sh

Example: Kubernetes Job (works with any tool)

apiVersion: batch/v1
kind: Job
metadata:
  name: app-db-migrate
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: migrate
          image: flyway/flyway:10.18.2
          envFrom:
            - secretRef: { name: app-db-credentials }
          volumeMounts:
            - name: migration-sql
              mountPath: /flyway/sql
          args: ["migrate"]
      volumes:
        - name: migration-sql
          configMap:
            name: app-migrations

Deployment ordering with Helm hooks

# templates/migrate-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: app-db-migrate
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
# ...

Rollbacks & zero-downtime

• Prefer expand/contract:
  • Expand: add new tables/cols (nullable/backfilled), write code compatible with old+new.
  • Deploy app using only backward-compatible reads/writes.
  • Contract: remove old columns in a later release after traffic migration.
• Keep down/rollback scripts only if your tool/team can truly support backward schema downgrades; otherwise use forward-fixes.
• For large data changes: run backfills as separate, resumable jobs (chunked, idempotent) rather than inside schema migrations.

Safety checklist

• Migrations are idempotent and use tool locking (Flyway/Liquibase do this).
• One pipeline is allowed to run migrations per environment (use environments/branches/protected runners).
• DB creds via secrets, never in repo.
• Backups or point-in-time restore configured.
• Wrap DDL in transactions when supported (e.g., Postgres). For MySQL, be careful with non-transactional DDL.
• Add runtime gates: run migrations on staging first; promote to prod on success.
• Monitor: alert on migration failures and long-running locks.

Tool-specific one-liners

• Flyway: flyway -url=jdbc:postgresql://... -user=... -password=... migrate
• Liquibase: liquibase --url=... --username=... --password=... update
• Prisma: npx prisma migrate deploy
• Django: python manage.py migrate
• Rails: bundle exec rails db:migrate
• Alembic (SQLAlchemy): alembic upgrade head
• Knex: npx knex migrate:latest

✅ Short Answer

Flyway lets you undo a migration using special undo scripts — but only if you’re using Flyway Teams Edition.

In open-source Flyway, undo must be done manually (e.g., with a rollback script or by reverting migrations in Git and resetting the DB).

🔍 Flyway Teams Edition: Undo Scripts

To enable automatic rollbacks, you write U__ undo scripts that correspond to versioned migrations.

🛠️ Example

If you have this migration:

V2__add_users_table.sql

You can write this undo file:

U2__drop_users_table.sql

Content:

DROP TABLE users;

Then you can call:

flyway undo

✅ Flyway looks up the most recently applied versioned migration (V2)
✅ Finds the corresponding U2 script
✅ Executes it and removes V2 from flyway_schema_history

⚠️ Notes on Undo Scripts

• Undo is not repeatable — it’s only for the latest applied migration
• Only one version can be undone per command
• Undo does not apply to repeatable migrations (R__)

🧱 Open Source Workarounds

If you’re using Flyway Community Edition (open-source):

1. Create a manual rollback script (e.g., rollback.sql)
2. Run it manually if something goes wrong
3. Or, if you’re in dev: reset the DB + clean + re-migrate:

flyway clean
flyway migrate

⚠️ flyway clean deletes all schema objects — only use in dev/test environments.

📌 Key Takeaways

✅ In Flyway Teams, use U__ scripts + flyway undo to rollback versioned migrations
❌ In Community Edition, there is no automatic undo — handle rollbacks manually
✅ Best practice: write custom rollback scripts or ensure your migrations are idempotent and safe

A Flyway baseline tells Flyway:

“Start tracking from this version — assume all migrations before this are already applied.”

It lets you start using Flyway with an existing database without re-running old scripts.

🔍 Detailed Explanation

Imagine you have a production database with many tables, but you’re just now introducing Flyway.

If you add versioned migration files like:

V1__init_schema.sql
V2__add_users.sql

Flyway will try to apply them from scratch — and crash, because the tables already exist.

✅ Solution: Use a baseline

🛠️ How to Baseline a Database

You run:

flyway baseline

Or in Java:

flyway.baseline();

Or configure it via properties:

flyway.baselineVersion=1
flyway.baselineDescription=Baseline existing schema
flyway.baselineOnMigrate=true

This creates the flyway_schema_history table with a starting version (e.g. 1), without running any scripts.

💡 When to Use a Baseline

🧾 What Gets Recorded?

In flyway_schema_history:

Now Flyway knows to start from V2 and ignore earlier scripts.

⚠️ Important Notes

• You can only baseline before any migrations are applied
• If the history table exists, baseline() will fail unless it was empty
• Useful with baselineOnMigrate=true for auto-baselining on first migration

📌 Key Takeaways

✅ flyway baseline sets the starting point for tracking in a live schema
✅ Prevents Flyway from reapplying already existing changes
✅ Ideal for introducing Flyway into production projects
✅ Sets up versioning safely without touching existing data