The CI/CD pipeline approach moves database change onto the same pipeline as application code. Migration scripts live in Git. CI runs lint and review. Deployment runs through stages.
This post walks the approach end-to-end — what the pipeline gates, the work it leaves outside, and the tools that fit.
The pipeline-led approach sits at Level 3 of the 6 levels of database automation.
What the pipeline does
Every change runs through the same path. Validate. Promote. Approve. Record.
Validate
SQL review runs on the pull request. Syntax errors, missing indexes, unsafe operations, naming-rule violations — all caught before merge. The ruleset applies across environments; strictness varies. Production runs the full set. Dev runs a subset.
Promote
The migration applies in dev. Then staging. Then production. Each stage runs the same script against progressively more realistic data. Failures stop the chain.
Approve
Approval gates sit between stages. Routine changes auto-promote into dev and staging. Production-bound DDL waits for a human. The approver sees the SQL, the validation results, and the rollout plan in one record.
Record
Every applied migration is logged with version, environment, executor, and timestamp. Schemas across environments are compared automatically. Drift — a change made outside the pipeline — triggers an alert.
A change through the pipeline
A developer adds a nullable column to a 12M-row users table.
Pull request. Migration committed:
-- V042__add_user_email_verified_column.sql
ALTER TABLE users ADD COLUMN email_verified BOOLEAN DEFAULT NULL;
CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_users_email_verified
ON users(email_verified) WHERE email_verified = FALSE;SQL review flags two things. Index creation will take ~10 minutes at production scale. The partial-index WHERE clause keeps the index small but skews cardinality.
Dev. Migration applies in 2 seconds against a 10K-row database. Integration tests pass.
Staging. Production-like volume. Migration takes 8 minutes. Replication lag spikes to 45 seconds during the index build. QA verifies the application handles the new nullable column.
Production. DBA approves after staging completes clean. Deployment runs during a low-traffic window. Migration takes 11 minutes. Application deploys after database confirmation.
The pipeline records every step. Each environment has its own audit trail. The migration script is the same across all four.
Index strategy varies by engine. PostgreSQL uses CREATE INDEX CONCURRENTLY. MySQL uses ALGORITHM=INPLACE, falling back to gh-ost or pt-online-schema-change for tables the engine would otherwise copy. The developer picks the strategy. The pipeline enforces that the choice flows through review.
Where it stops short
The pipeline gates one class of work: planned, version-controlled schema changes. Several others fall outside.
- Ad-hoc operations. Emergency hotfixes, one-off data patches, an
ANALYZEduring an incident — none start as a pull request. - Credential management. Database credentials live in PAM, or in developer laptops. The pipeline runs as a service identity, not as the developer.
- Read-path activity. Queries, exports, ad-hoc lookups don't show up in the migration log.
- Policy beyond the merge. Naming rules and lock-grade checks run at PR review. Once merged, nothing rechecks at execution.
The pipeline gates planned change. It does not gate everything that touches the database.
Securing Database Change covers the same gap from the security stack — bastion, ITSM, PAM.
Tools that fit
Three open-source tools cover the pipeline's core mechanics.
- Liquibase, Flyway — CLI-first migration runners. Apply migrations from a changelog, track which have run, integrate with any CI system. Java-based.
- Bytebase — web GUI plus GitOps. SQL review, approvals, and stage promotion built in. Single Go binary.
| Capability | Liquibase | Flyway | Bytebase |
|---|---|---|---|
| Apply migrations from changelog | ✓ | ✓ | ✓ |
| SQL review built in | Pro plan | Teams plan | Free, 200+ rules |
| Stage promotion + approvals | Manual | Manual | Built in |
| Schema drift detection | — | Enterprise | Built in |
| Web UI | — | — | ✓ |
CLI-first teams use Liquibase or Flyway and orchestrate the pipeline themselves. Teams that want the pipeline pre-built use Bytebase.
Where this lands
A CI/CD pipeline is Level 3 in the 6 levels of database automation. It eliminates the manual hand-off from developer to DBA for planned schema change.
Not every team needs the full pipeline. Read-only analytical databases, ephemeral dev environments, and small teams (under 10 databases, under 5 developers) can run with version control plus a CLI runner. Add the pipeline as the team and database count grow.
The gap is what Level 4 platforms close: ad-hoc operations, credentials, read-path activity, post-merge policy. The pipeline-led approach is the strongest L3 a team can build. It is not L4.