github-workflows-dojo360-database-promotion
Promote Liquibase database changes across environments (dev→qa→cert→prod) with deployment-path validation and approval gates
Database Promotion Workflow Skill
Overview
The Database Promotion workflow promotes Liquibase-driven database changes across multiple environments using a single workflow run.
Like other Dojo360 promotion workflows, it typically:
- Validates your requested
deployment-pathagainst thepromotion-pathfrom team metadata - Executes environment stages sequentially
- Uses GitHub Environments/protection rules as approval gates between stages
- Keeps a consistent
refacross all environments
Workflow Reference
Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/database-promotion.yml
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/database-promotion/index.md
Key Features
- Multi-environment database change promotion
- Deployment path validation (deployment-path vs metadata promotion-path)
- Approval gates between environments (via GitHub Environments)
- Optional rollback patterns (tag/count) depending on your Liquibase strategy
Prerequisites
- Dojo360 Metadata API onboarding (or equivalent metadata file) with a defined
promotion-path - GitHub Environments created for each stage in your path (e.g.,
dev,qa,cert,prod) with protection rules as needed - Liquibase changelog present in repo
- Database connectivity and credentials available at runtime (GitHub Secrets / PRM / Volcan / platform secret store)
Required Inputs (Typical)
Exact inputs can vary by Dojo360 version; confirm against the Dojo360 docs.
| Input | Type | Description |
|---|---|---|
aide-id | string | AIDE ID used to fetch team metadata |
team-name | string | Team name used for metadata lookup |
domain | string | Domain used for metadata lookup |
cloud-type | string | Cloud provider (e.g., awsOptum, azureOptum, gcp) |
deployment-path | string | Hyphen-separated stages (e.g., dev-qa-cert-prod) |
Liquibase Inputs (Typical)
| Input | Type | Description |
|---|---|---|
liquibase-changelog-file | string | Path to changelog file |
liquibase-contexts | string | Optional contexts |
liquibase-labels | string | Optional labels |
Required Permissions
Promotion workflows typically require:
permissions:
id-token: write
contents: write
actions: read
pull-requests: write
security-events: write
checks: write
issues: read
Templates
Ready-to-copy examples are in .github/skills/github-workflows-dojo360-database-promotion/templates/:
basic-database-promotion.ymldatabase-promotion-with-rollback.ymldatabase-promotion-ci-integrated.yml
Notes / Gotchas
- Use
validatein PRs and reserve promotion for protected branches/tags. - Avoid hardcoding DB credentials; prefer secret stores and environment-level controls.
- Ensure the same Liquibase changelog is promoted (use tags/releases or a pinned
ref).
Related Assets
github-workflows-dojo360-azure-infrastructure
Deploy Azure infrastructure using Terraform with PCAM vaulted access and native Azure authentication through Dojo360 Azure Infrastructure workflow
Owner: pcorazao
github-workflows-dojo360-container-cd
Deploy containerized applications to AWS ECS/Azure ACS using Dojo360 Container CD workflow with blue-green and rolling update strategies
Owner: pcorazao
github-workflows-dojo360-container-promotion
Multi-environment container deployment promotion through prescribed deployment paths with automated approval gates and E2E testing
Owner: pcorazao
github-workflows-dojo360-database
Automate database schema updates using Liquibase via the Dojo360 database workflow (with rollback and validation patterns)
Owner: pcorazao
github-workflows-dojo360-dockerfile-ci
Build and scan container images from a Dockerfile using Optum golden images and the recommended UHG reusable workflow
Owner: pcorazao
github-workflows-dojo360-dotnet-ci
Build, test, and scan .NET apps using the recommended UHG reusable CI workflow, with optional publish/pack and container builds
Owner: pcorazao

