chore: validate db schemas CI test

2026-01-09 15:38:03 -05:00 · 2025-07-13 19:38:24 +04:00
parent be0ca08821
commit 1d0d6088f8
2 changed files with 73 additions and 0 deletions
--- a/.github/workflows/validate-db-schemas.yml
+++ b/.github/workflows/validate-db-schemas.yml
@@ -0,0 +1,71 @@
+name: "Validate DB schemas"
+
+on:
+    pull_request:
+        types: [opened, synchronize]
+        paths:
+            - "backend/src/db/**"
+
+    workflow_call:
+
+jobs:
+    check-be-pr:
+        name: Validate DB schemas
+        runs-on: ubuntu-latest
+        timeout-minutes: 15
+        steps:
+            - name: ☁️ Checkout source
+              uses: actions/checkout@v3
+            - uses: KengoTODA/actions-setup-docker-compose@v1
+              if: ${{ env.ACT }}
+              name: Install `docker compose` for local simulations
+              with:
+                  version: "2.14.2"
+            - name: 🔧 Setup Node 20
+              uses: actions/setup-node@v3
+              with:
+                  node-version: "20"
+                  cache: "npm"
+                  cache-dependency-path: backend/package-lock.json
+
+            - name: Install dependencies
+              run: npm install
+              working-directory: backend
+
+            - name: Start PostgreSQL and Redis
+              run: touch .env && docker compose -f docker-compose.dev.yml up -d db redis
+
+            - name: Apply migrations
+              run: npm run migration:latest-dev
+              working-directory: backend
+              env:
+                  NODE_OPTIONS: "--max-old-space-size=8192"
+                  REDIS_URL: redis://172.17.0.1:6379
+                  DB_CONNECTION_URI: postgres://infisical:infisical@172.17.0.1:5432/infisical?sslmode=disable
+                  AUTH_SECRET: something-random
+                  ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218
+
+            - name: Run schema generation
+              run: npm run generate:schema
+              working-directory: backend
+              env:
+                  NODE_OPTIONS: "--max-old-space-size=8192"
+                  REDIS_URL: redis://172.17.0.1:6379
+                  DB_CONNECTION_URI: postgres://infisical:infisical@172.17.0.1:5432/infisical?sslmode=disable
+                  AUTH_SECRET: something-random
+                  ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218
+
+            - name: Check for schema changes
+              run: |
+                  if ! git diff --exit-code --quiet src/db/schemas; then
+                    echo "❌ Generated schemas differ from committed schemas!"
+                    echo "Run 'npm run generate:schema' locally and commit the changes."
+                    git diff src/db/schemas
+                    exit 1
+                  fi
+                  echo "✅ Schemas are up to date"
+              working-directory: backend
+
+            - name: Cleanup
+              run: |
+                  docker compose -f "docker-compose.dev.yml" down
--- a/.infisicalignore
+++ b/.infisicalignore
@@ -46,3 +46,5 @@ cli/detect/config/gitleaks.toml:gcp-api-key:582
 .github/workflows/helm-release-infisical-core.yml:generic-api-key:47
 backend/src/services/smtp/smtp-service.ts:generic-api-key:79
 frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/CloudflarePagesSyncFields.tsx:cloudflare-api-key:7
+.github/workflows/validate-db-schemas.yml:generic-api-key:56
+.github/workflows/validate-db-schemas.yml:generic-api-key:46