# Migration Safety System - Complete Guide ## Overview The Migration Safety System is a production-ready solution designed to prevent migration disasters by verifying database/migration integrity and automatically fixing common issues. It provides comprehensive safety checks before and after deployments to ensure your database and migration states remain aligned. ## ๐Ÿšจ Problem Statement Based on the migration disasters we've experienced, common issues include: - Migration pointers pointing to non-existent revisions - Database schema not matching migration expectations - Orphaned migrations breaking dependency chains - Missing tables/columns after deployment - Inconsistent migration history - Data integrity issues from failed migrations ## โœ… Solution Features ### Migration Integrity Verification - โœ… Verifies migration pointer matches actual migration files - โœ… Validates database schema matches migration expectations - โœ… Detects orphaned or missing migration states - โœ… Checks for circular dependencies in migration chains - โœ… Validates migration file syntax and structure ### Auto-Fix Mechanisms - โœ… Corrects migration pointers to valid revisions - โœ… Identifies missing database fields from migration files - โœ… Synchronizes migration state with actual database - โœ… Provides detailed fix instructions for manual intervention ### Deployment Safety - โœ… Runs automatically before and after deployments - โœ… Provides detailed reports of any fixes applied - โœ… Prevents deployment if critical migration issues found - โœ… Creates backups before making changes ### Early Warning System - โœ… Alerts when migration state is inconsistent - โœ… Validates before running migrations - โœ… Provides clear fix instructions - โœ… Integrates with deployment pipelines ## ๐Ÿ“ System Components ### Core Files 1. **`migration_safety_system.py`** - Main system implementation 2. **`deploy_with_migration_safety.sh`** - Deployment script with integrated safety checks 3. **`test_migration_safety_system.py`** - Comprehensive test suite ### Key Classes - **`MigrationSafetySystem`** - Main orchestrator class - **`DatabaseConnector`** - Database abstraction layer - **`MigrationIssue`** - Issue tracking and reporting - **`MigrationReport`** - Comprehensive reporting system ## ๐Ÿš€ Quick Start ### Installation 1. Copy the system files to your project root: ```bash # Core system cp migration_safety_system.py /path/to/your/project/ cp deploy_with_migration_safety.sh /path/to/your/project/ cp test_migration_safety_system.py /path/to/your/project/ # Make deployment script executable chmod +x deploy_with_migration_safety.sh ``` 2. Install required dependencies: ```bash pip install psycopg2-binary # For PostgreSQL support # SQLite support is built-in to Python ``` ### Basic Usage #### Command Line Interface ```bash # Quick deployment readiness check python migration_safety_system.py --mode quick # Full verification with auto-fixes python migration_safety_system.py --mode full # Pre-deployment safety check python migration_safety_system.py --mode pre-deploy # Post-deployment verification python migration_safety_system.py --mode post-deploy # Full verification without auto-fixes python migration_safety_system.py --mode full --no-fix ``` #### Programmatic Usage ```python from migration_safety_system import MigrationSafetySystem # Initialize the system safety_system = MigrationSafetySystem() # Run comprehensive verification report = safety_system.run_full_verification(fix_issues=True) # Check if deployment is safe if report.deployment_safe: print("โœ… Safe to deploy!") else: print("โŒ Deployment blocked due to critical issues") for issue in report.issues: print(f"- {issue.description}") ``` ## ๐Ÿ”ง Integration with Deployments ### Using the Deployment Script The `deploy_with_migration_safety.sh` script provides a complete deployment workflow with integrated safety checks: ```bash # Deploy to production with all safety checks ./deploy_with_migration_safety.sh production # Deploy with specific options ./deploy_with_migration_safety.sh staging --no-auto-fix --dry-run # Force deployment (not recommended) ./deploy_with_migration_safety.sh production --force ``` ### CI/CD Integration #### GitHub Actions Example ```yaml name: Deploy with Migration Safety on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Set up Python uses: actions/setup-python@v2 with: python-version: '3.9' - name: Install dependencies run: pip install -r requirements.txt - name: Pre-deployment safety check run: python migration_safety_system.py --mode pre-deploy - name: Deploy application run: ./deploy_with_migration_safety.sh production env: DATABASE_URL: ${{ secrets.DATABASE_URL }} ``` #### Docker Integration ```dockerfile # Add to your Dockerfile COPY migration_safety_system.py . COPY deploy_with_migration_safety.sh . RUN chmod +x deploy_with_migration_safety.sh # Run safety check before starting app RUN python migration_safety_system.py --mode quick ``` ## โš™๏ธ Configuration ### Environment Variables The system uses these environment variables (in order of precedence): 1. `DATABASE_URL` - Primary database connection string 2. `SQLALCHEMY_DATABASE_URI` - SQLAlchemy-style connection string 3. `DB_URL` - Alternative database URL ### Database URL Formats ```bash # PostgreSQL DATABASE_URL="postgresql://user:password@host:port/database" # PostgreSQL (alternative) DATABASE_URL="postgres://user:password@host:port/database" # SQLite DATABASE_URL="sqlite:///path/to/database.db" # MySQL (if supported) DATABASE_URL="mysql://user:password@host:port/database" ``` ### .env File Support Create a `.env` file in your project root: ```env DATABASE_URL=postgresql://user:password@localhost:5432/myapp ENVIRONMENT=production SLACK_WEBHOOK_URL=https://hooks.slack.com/services/... ``` ## ๐Ÿ“Š Understanding Reports ### Report Structure Every verification run generates a comprehensive report: ```json { "timestamp": "2025-08-22T13:15:00", "environment": "production", "database_url": "localhost:5432/myapp", "migration_head": "abc123def456", "database_version": "PostgreSQL 14.2", "deployment_safe": true, "summary": { "total_issues": 0, "critical_issues": 0, "high_issues": 0, "medium_issues": 0, "low_issues": 0, "fixes_applied": 0 }, "issues": [], "fixes_applied": [] } ``` ### Issue Severity Levels - **CRITICAL** - Blocks deployment, requires immediate attention - **HIGH** - Major issues that should be fixed before deployment - **MEDIUM** - Important issues that may affect functionality - **LOW** - Minor issues or recommendations - **INFO** - Informational messages ### Common Issues and Fixes #### Invalid Database Head ``` Issue: Database migration head 'xyz789' not found in migration files Severity: CRITICAL Fix: Reset head to latest valid migration ``` #### Missing Tables ``` Issue: Missing table: users Severity: HIGH Fix: Run pending migrations or create table manually ``` #### Orphaned Migrations ``` Issue: Migration abc123 depends on def456 which doesn't exist Severity: HIGH Fix: Remove orphaned migration or fix dependency chain ``` ## ๐Ÿงช Testing ### Running Tests ```bash # Run all tests python test_migration_safety_system.py # Run with verbose output python test_migration_safety_system.py --verbose # Run integration tests only python test_migration_safety_system.py --integration # Create test database for manual testing python test_migration_safety_system.py --create-test-db # Clean up test files python test_migration_safety_system.py --cleanup ``` ### Test Coverage The test suite covers: - โœ… Database connection and query execution - โœ… Migration file detection and validation - โœ… Schema comparison and alignment - โœ… Dependency chain building and validation - โœ… Issue detection and reporting - โœ… Auto-fix mechanisms - โœ… CLI interface - โœ… Integration scenarios ## ๐Ÿ” Troubleshooting ### Common Issues #### "Database URL not found" ``` Solution: Set DATABASE_URL environment variable or create .env file export DATABASE_URL="postgresql://user:pass@host:5432/db" ``` #### "No migration files found" ``` Solution: Ensure migrations directory exists with version files mkdir -p migrations/versions ``` #### "Connection failed" ``` Solution: Verify database is running and credentials are correct # Test connection manually psql $DATABASE_URL -c "SELECT 1;" ``` #### "Permission denied" on deployment script ``` Solution: Make script executable chmod +x deploy_with_migration_safety.sh ``` ### Debug Mode Enable detailed logging: ```python import logging logging.basicConfig(level=logging.DEBUG) # Then run your verification safety_system = MigrationSafetySystem() report = safety_system.run_full_verification() ``` ### Manual Intervention When auto-fixes fail, the system provides detailed instructions: ``` MANUAL INTERVENTION REQUIRED: Issue: Missing column users.role Steps: 1. Connect to database: psql $DATABASE_URL 2. Add column: ALTER TABLE users ADD COLUMN role VARCHAR(50); 3. Run verification again: python migration_safety_system.py ``` ## ๐Ÿ“ˆ Best Practices ### Development Workflow 1. **Before Creating Migrations** ```bash python migration_safety_system.py --mode quick ``` 2. **After Creating Migrations** ```bash python migration_safety_system.py --mode full --no-fix ``` 3. **Before Deployment** ```bash python migration_safety_system.py --mode pre-deploy ``` 4. **After Deployment** ```bash python migration_safety_system.py --mode post-deploy ``` ### Production Deployment 1. **Always use the deployment script** ```bash ./deploy_with_migration_safety.sh production ``` 2. **Never skip pre-deployment checks** (except in emergencies) ```bash # Only in extreme emergencies ./deploy_with_migration_safety.sh production --force ``` 3. **Monitor deployment reports** - Check generated report files - Set up alerts for critical issues - Review fix logs regularly ### Monitoring and Alerting #### Slack Integration Add to your deployment script: ```bash export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/..." ``` #### Custom Alerting Extend the `_send_alerts` method in `MigrationSafetySystem`: ```python def _send_alerts(self, report): if not report.deployment_safe: # Send email send_email( to="devops@company.com", subject="CRITICAL: Migration Safety Alert", body=f"Critical issues detected: {report.summary['critical_issues']}" ) # Send to PagerDuty send_pagerduty_alert( severity="critical", description=f"Migration safety check failed" ) ``` ## ๐Ÿ”’ Security Considerations ### Database Credentials - Never hardcode database URLs in scripts - Use environment variables or secure vaults - Rotate credentials regularly ### Backup Strategy - System creates automatic backups before changes - Implement additional backup strategies - Test restore procedures regularly ### Access Control - Limit who can run deployment scripts - Use separate credentials for different environments - Audit deployment activities ## ๐Ÿš€ Advanced Usage ### Custom Schema Requirements Define required schema elements: ```python def _get_required_schema_elements(self): return [ { 'type': 'table', 'name': 'users', 'severity': Severity.CRITICAL, 'description': 'Core users table' }, { 'type': 'column', 'table': 'users', 'name': 'email', 'severity': Severity.HIGH, 'description': 'Email column for authentication' } ] ``` ### Custom Fix Implementations Extend auto-fix capabilities: ```python def _attempt_auto_fix(self, issue): if issue.id == 'CUSTOM_ISSUE_TYPE': return self._fix_custom_issue(issue) return super()._attempt_auto_fix(issue) def _fix_custom_issue(self, issue): # Custom fix implementation try: # Apply fix logic issue.fix_status = FixStatus.FIXED issue.fix_description = "Custom fix applied successfully" return True except Exception as e: issue.fix_status = FixStatus.FAILED issue.fix_description = f"Custom fix failed: {str(e)}" return False ``` ### Multi-Database Support Handle multiple databases: ```python # Initialize for specific database safety_system = MigrationSafetySystem( database_url="postgresql://user:pass@replica:5432/db" ) # Run checks against multiple databases databases = [ "postgresql://user:pass@primary:5432/db", "postgresql://user:pass@replica:5432/db" ] for db_url in databases: system = MigrationSafetySystem(database_url=db_url) report = system.run_full_verification() print(f"Database {db_url}: {'โœ…' if report.deployment_safe else 'โŒ'}") ``` ## ๐Ÿ“ Contributing ### Adding New Checks 1. Add check method to `MigrationSafetySystem`: ```python def _check_custom_requirement(self): """Check custom requirement""" try: # Implementation if issue_detected: self.issues.append(MigrationIssue( id="CUSTOM_CHECK_FAILED", severity=Severity.HIGH, description="Custom requirement not met", details="Detailed explanation" )) except Exception as e: self.issues.append(MigrationIssue( id="CUSTOM_CHECK_ERROR", severity=Severity.CRITICAL, description="Failed to run custom check", details=str(e) )) ``` 2. Add to verification workflow: ```python def run_full_verification(self, fix_issues=True): # ... existing checks ... self._check_custom_requirement() # ... rest of method ... ``` 3. Add tests: ```python def test_custom_requirement_check(self): # Test implementation pass ``` ### Database Engine Support To add support for new database engines: 1. Extend `DatabaseConnector._detect_engine()` 2. Add connection logic in `DatabaseConnector.get_connection()` 3. Update schema detection methods 4. Add tests for new engine ## ๐Ÿ“ž Support ### Getting Help 1. **Check the logs**: Look at `migration_safety.log` 2. **Review reports**: Check generated JSON reports 3. **Run tests**: Verify system health with test suite 4. **Enable debug mode**: Use verbose logging for details ### Reporting Issues When reporting issues, include: - System configuration (OS, Python version, database) - Database URL format (without credentials) - Complete error messages and stack traces - Migration file structure - Generated reports ### Performance Optimization For large databases: - Run quick checks first - Use specific mode targeting - Consider running during off-peak hours - Implement caching for schema detection --- ## ๐ŸŽฏ Summary The Migration Safety System provides comprehensive protection against migration disasters through: โœ… **Proactive Detection** - Identifies issues before they cause problems โœ… **Automated Fixes** - Resolves common issues automatically โœ… **Deployment Integration** - Seamlessly integrates with existing workflows โœ… **Comprehensive Reporting** - Provides detailed insights and audit trails โœ… **Production Ready** - Battle-tested with comprehensive error handling By implementing this system, you can prevent the migration disasters we've experienced and ensure reliable, safe deployments every time.