Integrate with Automation

Policy checks and severity levels can be configured per environment. Organizations may have different requirements as database changes advance through the pipeline. For example, DROP statements may be allowed in the build environment but not permitted during a production deployment.

Incorporating Liquibase Policy Checks with Liquibase Flow provides standardization, best practices, and governance for all teams throughout an organization.

Liquibase flows and policy checks should be housed in a centralized repository controlled by administrators to prevent unauthorized access.

Procedure

1. Build Flow

It is recommended that pull request reviews are required before merging into shared code branches. Most source control systems can run processes and checks as a prerequisite to a code merge.

As a best practice, consider using a Liquibase flow containing changelog policy checks to your team’s branch protection rules. Database Policy Checks can also be used as part of a merge check, but note these checks require connectivity to a database.

Below is a sample of a changelog policy checks called from a flow file. See also this sample premerge flow file.

This image depicts a portion of the sample premerge flow file. The section shown defines a flow action that executes "checks run" at the changelog scope using a configuration file in policychecks/liquibase.checks-settings.conf. In the action, auto-update is enabled.

2. Deploy Flow

Configure your CI/CD pipeline using Liquibase Flow to call specific checks files for the desired environment.
Ensure the pipeline fails if any policy checks are violated, preventing non-compliant changes from deploying.
Use warnings if changes require teams to take follow-up actions.

In the case of database checks, these may be called on a scheduled basis or after a deployment to ensure the integrity of the database outside of the deployment itself.

Below is a sample of a changelog policy check called from a flow file. See also this sample deploy workflow, which includes changelog checks before the deployment and database checks post-deployment.

This image depicts a portion of the sample post-deployment flow file. The portion shown defines a flow action that executes "checks run" at the database scope using a configuration file in policychecks/liquibase.checks-settings.conf. In the action, auto-update is enabled.

3. Monitor and review policy checks

The output of policy checks can be found on the console, in the policy checks operations report, and in the structured logging sent to your observability infrastructure.

Set liquibase.reports.enabled=true in the liquibase.properties file to enable the report.
- For changelog-scoped checks, the summary identifies changelogs and changesets that triggered the check, their content, and any attributes.
- For database-scope checks, the summary contains entries for specific objects that triggered the check and a count of object types checked.

Below is a sample output from a policy checks operations report:

This image depicts the Liquibase Checks Run Report. Highlighted in the report are 2 critical detected policy violations near the top, a Runtime Summary describing settings used to run the policy checks, and details by changeset, database, and policy check.

4. Collaborate with your teams

Implementing Liquibase policy checks helps maintain the integrity and quality of your database changesets, catching issues early and improving overall development efficiency.

Policy checks can support your team's development workflow and ensure high standards for your database schema changes.

1. Ensure your team knows all the policy checks in place with training and by maintaining clear documentation.

2. Regularly review the results of policy checks to identify and address issues for improvements in processes, database schema, and changesets.

Periodically update your check policies and rules based on new best practices, changes in standards, or evolving project requirements.

What to do next

Give Guide Feedback

Page updated

Report abuse