feat: examples

Author: RainbowDashy

README.md

@@ -0,0 +1,50 @@
+# About
+
+This repository demonstrates how to use Bytebase and GitHub actions to do database release CI/CD with a code base following [GitHub flow](https://docs.github.com/en/get-started/using-github/github-flow).
+
+For GitHub flow, feature branches are merged into the main branch and the main branch is deployed to the, for example, "test" and "prod" environments in a deploy pipeline.
+
+[sql-review.yml](/workflows/sql-review.yml) checks the SQL migration files against the databases when pull requests are created.
+
+[release.yml](/workflows/release.yml) builds the code and then for each environment migrate the databases and deploy the code. Using [environments with protection rules](https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment#required-reviewers), it can deploy to the test environment automatically and push to the prod environment after approval.
+
+## How to configure sql-review.yml
+
+Copy [sql-review.yml](/workflows/sql-review.yml) to your repository.
+
+Modify the environment variables to match your setup.
+```yml
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # set GITHUB_TOKEN because the 'Check release' step needs it to comment the pull request with check results.
+      BYTEBASE_URL: https://demo.bytebase.com
+      BYTEBASE_SERVICE_ACCOUNT: [email protected]
+      BYTEBASE_PROJECT: "projects/project-sample"
+      BYTEBASE_TARGETS: "instances/test-sample-instance/databases/hr_test" # the database targets to check against.
+      FILE_PATTERN: "migrations/*.sql" # the glob pattern matching the migration files.
+```
+
+Set your service account password in the repository secrets setting with the name `BYTEBASE_SERVICE_ACCOUNT_SECRET`.
+
+The migration filename should comply to the naming scheme described in [bytebase/create-release-action](https://github.com/bytebase/create-release-action/tree/main).
+
+## How to configure release.yml
+
+Copy [release.yml](/workflows/release.yml) to your repository.
+
+Modify the environment variables to match your setup.
+```yml
+    env:
+      BYTEBASE_URL: https://demo.bytebase.com
+      BYTEBASE_SERVICE_ACCOUNT: [email protected]
+      BYTEBASE_PROJECT: "projects/project-sample"
+      # The Bytebase rollout pipeline will deploy to 'test' and 'prod' environments.
+      # 'deploy_to_test' job rollouts the 'test' stage and 'deploy_to_prod' job rollouts the 'prod' stage.
+      BYTEBASE_TARGETS: "instances/test-sample-instance/databases/hr_test,instances/prod-sample-instance/databases/hr_prod"
+      FILE_PATTERN: "migrations/*.sql" # the glob pattern matching the migration files.
+```
+
+In the repository environments setting, create two environments: "test" and "prod". In the "prod" environment setting, configure "Deployment protection rules", check "Required reviewers" and add reviewers in order to rollout the "prod" environment after approval.
+
+Set your service account password in the repository secrets setting with the name `BYTEBASE_SERVICE_ACCOUNT_SECRET`.
+
+The migration filename should comply to the naming scheme described in [bytebase/create-release-action](https://github.com/bytebase/create-release-action/tree/main).

workflows/release.yml

@@ -0,0 +1,109 @@
+name: Build and push release image
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Build app and upload
+        run: |
+          echo "Building..."
+          echo "Build done!"
+          echo "Uploading..."
+          echo "Upload done!"
+  deploy_to_test:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: test
+    env:
+      BYTEBASE_URL: https://demo.bytebase.com
+      BYTEBASE_SERVICE_ACCOUNT: [email protected]
+      BYTEBASE_PROJECT: "projects/project-sample"
+      # The Bytebase rollout pipeline will deploy to 'test' and 'prod' environments.
+      # 'deploy_to_test' job rollouts the 'test' stage and 'deploy_to_prod' job rollouts the 'prod' stage.
+      BYTEBASE_TARGETS: "instances/test-sample-instance/databases/hr_test,instances/prod-sample-instance/databases/hr_prod"
+      FILE_PATTERN: "migrations/*.sql"
+    outputs:
+      bytebase_plan: ${{ steps.create_plan.outputs.plan }}
+      deployment_required: ${{ steps.create_plan.outputs.deployment-required }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Bytebase
+        id: login
+        uses: bytebase/login-action@v1
+        with:
+          bytebase-url: ${{ env.BYTEBASE_URL }}
+          service-key: ${{ env.BYTEBASE_SERVICE_ACCOUNT }}
+          service-secret: ${{secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET}} # Please use secrets for sensitive data in production.
+      - name: Create release
+        id: create_release
+        uses: bytebase/create-release-action@v1
+        with:
+          url: ${{ env.BYTEBASE_URL }}
+          token: ${{ steps.login.outputs.token }}
+          file-pattern: ${{ env.FILE_PATTERN }}
+          # fail the action if release checks report any error.
+          check-release: "FAIL_ON_ERROR"
+          project: ${{ env.BYTEBASE_PROJECT }}
+          targets: ${{ env.BYTEBASE_TARGETS }}
+          validate-only: false
+      - name: Create plan
+        id: create_plan
+        uses: bytebase/create-plan-from-release-action@v1
+        with:
+          url: ${{ env.BYTEBASE_URL }}
+          token: ${{ steps.login.outputs.token }}
+          project: ${{ env.BYTEBASE_PROJECT }}
+          release: ${{ steps.create_release.outputs.release }}
+          targets: ${{ env.BYTEBASE_TARGETS }}
+          check-plan: "SKIP"
+      - name: Rollout
+        id: rollout
+        uses: bytebase/rollout-action@v1
+        if: ${{ steps.create_plan.outputs.deployment_required == 'true' }}
+        with:
+          url: ${{ env.BYTEBASE_URL }}
+          token: ${{ steps.login.outputs.token }}
+          plan: ${{ steps.create_plan.outputs.plan }}
+          target-stage: 'Test Stage'
+      - name: Deploy app
+        run: |
+          echo "Deploying app to test environment..."
+          echo "Deploy app to test environment done!"
+  deploy_to_prod:
+    needs: deploy_to_test
+    runs-on: ubuntu-latest
+    environment: prod
+    env:
+      BYTEBASE_URL: https://demo.bytebase.com
+      BYTEBASE_SERVICE_ACCOUNT: [email protected]
+    if: ${{ needs.deploy_to_test.outputs.deployment_required == 'true' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Bytebase
+        id: login
+        uses: bytebase/login-action@v1
+        with:
+          bytebase-url: ${{ env.BYTEBASE_URL }}
+          service-key: ${{ env.BYTEBASE_SERVICE_ACCOUNT }}
+          service-secret: ${{secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET}} # Please use secrets for sensitive data in production.
+      - name: Rollout
+        id: rollout
+        uses: bytebase/rollout-action@v1
+        with:
+          url: ${{ env.BYTEBASE_URL }}
+          token: ${{ steps.login.outputs.token }}
+          plan: ${{ needs.deploy_to_test.outputs.bytebase_plan }}
+          target-stage: 'Prod Stage'
+      - name: Deploy app
+        run: |
+          echo "Deploying app to prod environment..."
+          echo "Deploy app to prod environment done!"

workflows/sql-review.yml

@@ -0,0 +1,72 @@
+name: SQL review on pull request
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  check_release_on_test:
+    permissions:
+        pull-requests: write # write permission required to allow the action writes the check results to the comment.
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # set GITHUB_TOKEN because the 'Check release' step needs it to comment the pull request with check results.
+      BYTEBASE_URL: https://demo.bytebase.com
+      BYTEBASE_SERVICE_ACCOUNT: [email protected]
+      BYTEBASE_PROJECT: "projects/project-sample"
+      BYTEBASE_TARGETS: "instances/test-sample-instance/databases/hr_test"
+      FILE_PATTERN: "migrations/*.sql"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Bytebase
+        id: login
+        uses: bytebase/login-action@v1
+        with:
+          bytebase-url: ${{ env.BYTEBASE_URL }}
+          service-key: ${{ env.BYTEBASE_SERVICE_ACCOUNT }}
+          service-secret: ${{secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET}} # Please use secrets for sensitive data in production.
+      - name: Check release
+        uses: bytebase/create-release-action@v1
+        with:
+          url: ${{ env.BYTEBASE_URL }}
+          token: ${{ steps.login.outputs.token }}
+          file-pattern: ${{ env.FILE_PATTERN }}
+          # fail the action if release checks report any error.
+          check-release: "FAIL_ON_ERROR"
+          project: ${{ env.BYTEBASE_PROJECT }}
+          targets: ${{ env.BYTEBASE_TARGETS }}
+          validate-only: true
+  check_release_on_prod:
+    permissions:
+        pull-requests: write # write permission required to allow the action writes the check results to the comment.
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # set GITHUB_TOKEN because the 'Check release' step needs it to comment the pull request with check results.
+      BYTEBASE_URL: https://demo.bytebase.com
+      BYTEBASE_SERVICE_ACCOUNT: [email protected]
+      BYTEBASE_PROJECT: "projects/project-sample"
+      BYTEBASE_TARGETS: "instances/prod-sample-instance/databases/hr_prod"
+      FILE_PATTERN: "migrations/*.sql"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Bytebase
+        id: login
+        uses: bytebase/login-action@v1
+        with:
+          bytebase-url: ${{ env.BYTEBASE_URL }}
+          service-key: ${{ env.BYTEBASE_SERVICE_ACCOUNT }}
+          service-secret: ${{secrets.BYTEBASE_SERVICE_ACCOUNT_SECRET}} # Please use secrets for sensitive data in production.
+      - name: Check release
+        uses: bytebase/create-release-action@v1
+        with:
+          url: ${{ env.BYTEBASE_URL }}
+          token: ${{ steps.login.outputs.token }}
+          file-pattern: ${{ env.FILE_PATTERN }}
+          # fail the action if release checks report any error.
+          check-release: "FAIL_ON_ERROR"
+          project: ${{ env.BYTEBASE_PROJECT }}
+          targets: ${{ env.BYTEBASE_TARGETS }}
+          validate-only: true