GitHub Action
Run MigrationPilot as a GitHub Action to catch unsafe migrations in pull requests.
Basic Setup
Add MigrationPilot to your GitHub Actions workflow to automatically analyze migration files on every pull request:
# .github/workflows/migration-check.yml
name: Migration Safety Check
on:
pull_request:
paths:
- 'migrations/**'
permissions:
contents: read
pull-requests: write
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: mickelsamuel/migrationpilot@v1
with:
path: migrations/
fail-on: criticalAction Inputs
The GitHub Action supports the following inputs:
- uses: mickelsamuel/migrationpilot@v1
with:
# Path to migration files (required)
path: migrations/
# Glob pattern for SQL files (default: **/*.sql)
pattern: "V*.sql"
# Target PostgreSQL version (default: 17)
pg-version: "16"
# Fail threshold: critical, warning, never (default: critical)
fail-on: critical
# Production database URL for context (Pro tier)
database-url: ${{ secrets.DATABASE_URL }}
# License key for Pro features
license-key: ${{ secrets.MIGRATIONPILOT_LICENSE }}
# Comma-separated rules to exclude
exclude: "MP037,MP041"
# SARIF file output path
sarif-file: results.sarifPR Comment Output
MigrationPilot automatically posts a comment on the pull request with a summary of findings. The comment includes risk level, violation details with severity, lock types, and safe alternatives. Comments are updated on subsequent pushes rather than duplicated.
SARIF Integration
Upload SARIF results to GitHub Code Scanning for inline annotations:
- uses: mickelsamuel/migrationpilot@v1
with:
path: migrations/
sarif-file: results.sarif
- uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: results.sarifProduction Context (Pro)
With a Pro license, the Action can connect to your database to check table sizes, query patterns, and connection counts for context-aware analysis:
- uses: mickelsamuel/migrationpilot@v1
with:
path: migrations/
database-url: ${{ secrets.DATABASE_URL }}
license-key: ${{ secrets.MIGRATIONPILOT_LICENSE }}