Protecting Ecto Migrations with GitHub Actions
•
2 min read
.github/workflows/protect_migrations.yml
name: Protect Migration Files
on:
pull_request:
types: [opened, synchronize, reopened]
branches:
- main
paths:
- "priv/repo/migrations/**"
- "priv/app_repo/migrations/**"
jobs:
check_migrations:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check for migration file changes
run: |
# Check for modified, deleted, or renamed migrations
CHANGED_FILES=$(git diff --name-only --diff-filter=MDR origin/main...HEAD | grep -E "^priv/(repo|app_repo)/migrations/.*\.exs$" || true)
if [ ! -z "$CHANGED_FILES" ]; then
echo "❌ The following migration files were modified, deleted, or renamed:"
echo "$CHANGED_FILES"
echo ""
# Check what type of changes were made
MODIFIED=$(git diff --name-only --diff-filter=M origin/main...HEAD | grep -E "^priv/(repo|app_repo)/migrations/.*\.exs$" || true)
DELETED=$(git diff --name-only --diff-filter=D origin/main...HEAD | grep -E "^priv/(repo|app_repo)/migrations/.*\.exs$" || true)
RENAMED=$(git diff --name-only --diff-filter=R origin/main...HEAD | grep -E "^priv/(repo|app_repo)/migrations/.*\.exs$" || true)
[ ! -z "$MODIFIED" ] && echo "Modified: $MODIFIED"
[ ! -z "$DELETED" ] && echo "Deleted: $DELETED"
[ ! -z "$RENAMED" ] && echo "Renamed: $RENAMED"
echo ""
echo "Error: Modifying, deleting, or renaming existing migration files in main branch is not allowed."
echo "If you need to change database structure, please create a new migration instead."
exit 1
fi
echo "✅ No existing migration files were modified, deleted, or renamed"