Application code has had CI/CD for two decades. The database mostly hasn't. A CI/CD pipeline for schema migration closes that gap: it puts database change onto the same pipeline as application code. Migration scripts live in Git. CI runs lint and review. Deployment runs through stages.
This post walks the approach end-to-end: what the pipeline gates, the work it leaves outside, and the tools that fit.
The pipeline-led approach sits at Level 3 of the 6 levels of database automation.
What the pipeline does
Every change runs through the same path. Validate, promote, approve, record. Four verbs, in that order.
Validate
SQL review runs on the pull request. Syntax errors, missing indexes, unsafe operations, naming-rule violations all get caught before merge. The ruleset applies across environments, and strictness varies. Production runs the full set. Dev runs a subset.
Promote
The migration applies in dev. Then staging. Then production. Each stage runs the same script against progressively more realistic data. A failure stops the chain.
Approve
Approval gates sit between stages. Routine changes auto-promote into dev and staging. Production-bound DDL waits for a human. The approver sees the SQL, the validation results, and the rollout plan in one record, not scattered across three Slack threads.
Record
Every applied migration is logged with version, environment, executor, and timestamp. Schemas across environments are compared automatically. Drift, meaning a change made outside the pipeline, triggers an alert.
A change through the pipeline
The verbs are abstract, so here's a concrete one. A developer adds a nullable column to a 12M-row users table.
Pull request. Migration committed:
-- V042__add_user_email_verified_column.sql
ALTER TABLE users ADD COLUMN email_verified BOOLEAN DEFAULT NULL;
CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_users_email_verified
ON users(email_verified) WHERE email_verified = FALSE;SQL review flags two things. Index creation will take ~10 minutes at production scale. The partial-index WHERE clause keeps the index small but skews cardinality.
Dev. Migration applies in 2 seconds against a 10K-row database. Integration tests pass.
Staging. Production-like volume. Migration takes 8 minutes. Replication lag spikes to 45 seconds during the index build. QA verifies the application handles the new nullable column.
Production. DBA approves after staging completes clean. Deployment runs during a low-traffic window. Migration takes 11 minutes. Application deploys after database confirmation.
The pipeline records every step. Each environment has its own audit trail. The migration script is the same across all four.
Index strategy varies by engine. PostgreSQL uses CREATE INDEX CONCURRENTLY. MySQL uses ALGORITHM=INPLACE, falling back to gh-ost or pt-online-schema-change for tables the engine would otherwise copy. The developer picks the strategy. The pipeline enforces that the choice flows through review.
Where it stops short
Here's the part most pipeline pitches skip. The pipeline gates exactly one class of work: planned, version-controlled schema changes. Plenty of database work falls outside that boundary.
- Ad-hoc operations. Emergency hotfixes, one-off data patches, an
ANALYZEduring an incident. None of these start as a pull request. - Credential management. Database credentials live in PAM, or in developer laptops. The pipeline runs as a service identity, not as the developer.
- Read-path activity. Queries, exports, ad-hoc lookups never show up in the migration log.
- Policy beyond the merge. Naming rules and lock-grade checks run at PR review. Once merged, nothing rechecks at execution.
Put simply, the pipeline gates planned change. It does not gate everything that touches the database, and pretending otherwise is how teams end up surprised.
Tools that fit
Three open-source tools cover the pipeline's core mechanics.
- Liquibase and Flyway are CLI-first migration runners. Apply migrations from a changelog, track which have run, integrate with any CI system. Both are Java-based.
- Bytebase is web GUI plus GitOps. SQL review, approvals, and stage promotion are built in. Single Go binary.
| Capability | Liquibase | Flyway | Bytebase |
|---|---|---|---|
| Apply migrations from changelog | ✓ | ✓ | ✓ |
| SQL review built in | Pro plan | Teams plan | Free, 200+ rules |
| Stage promotion + approvals | Manual | Manual | Built in |
| Schema drift detection | No | Enterprise | Built in |
| Web UI | No | No | ✓ |
CLI-first teams use Liquibase or Flyway and orchestrate the pipeline themselves. Teams that want the pipeline pre-built use Bytebase.
Where this lands
A CI/CD pipeline is Level 3 in the 6 levels of database automation. It eliminates the manual hand-off from developer to DBA for planned schema change. That alone is worth the effort.
Not every team needs the full pipeline. Read-only analytical databases, ephemeral dev environments, and small teams (under 10 databases, under 5 developers) can run with version control plus a CLI runner. Add the pipeline as the team and database count grow.
The gap is what Level 4 platforms close: ad-hoc operations, credentials, read-path activity, post-merge policy. The pipeline-led approach is the strongest L3 a team can build. It is not L4, and knowing the difference is the whole point.