feat(migrations): run Liquibase migrations automatically on stack start

[secondbrainhenry]

Summary

• Remove the migrate profile gate from liquibase-auth so migrations run unconditionally on every docker compose up
• Switch liquibase-auth to use docker-entrypoint.sh (creates schemas then runs Liquibase) instead of a bare liquibase update command
• Add depends_on: liquibase-auth: condition: service_completed_successfully to auth-api so the app never starts against an un-migrated database
• Update docker-compose.override.yaml.example to reflect that no manual migration step is needed

Test plan

• Run docker compose up -d from the auth-api directory (with override) against a blank database and confirm liquibase-auth runs and exits 0 before auth-api starts
• Confirm auth-api starts healthy after migrations complete
• Run docker compose up -d a second time (migrations already applied) and confirm liquibase-auth exits 0 (no-op) and auth-api starts normally

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Simplified database migration process: migrations now run automatically when starting services via Docker Compose, eliminating the need for manual migration commands.
  • Updated service startup behavior to ensure proper sequencing between database migrations and application initialization.

[coderabbitai]

📝 Walkthrough

Walkthrough

The Docker Compose configuration is restructured to manage Liquibase database migrations automatically through service dependency ordering rather than explicit profile invocation. The auth-api service now depends on liquibase-auth with a wait condition for successful completion, while liquibase-auth switches from command-based execution to a shell entrypoint approach.

Changes

Cohort / File(s)	Summary
Documentation Updates docker-compose.override.yaml.example	Updated instructions to reflect automatic migration behavior via liquibase-auth dependency rather than explicit migration step.
Service Configuration docker-compose.yaml	Modified liquibase-auth service entrypoint to use shell script instead of direct command; added auth-api dependency on liquibase-auth with service_completed_successfully condition; removed migrate profile from liquibase-auth.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• feat: add Liquibase migration Docker image #27: Provides the migration image and entrypoint foundation that this PR's configuration changes depend upon.
• fix: use separate entrypoint script for migrations Dockerfile #28: Adds the docker-entrypoint.sh script that liquibase-auth now references in its entrypoint configuration.
• feat: create PostgreSQL schemas before running Liquibase #31: Updates the migration entrypoint script with additional schema-creation steps aligned with the automatic migration behavior.

Poem

🐰 A rabbit hops through docker compose so fine,
Dependencies now dance in perfect line—
Liquibase runs first, auth-api waits with care,
No profiles needed, just scripts in the air! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(migrations): run Liquibase migrations automatically on stack start' directly and clearly summarizes the main objective of the PR: enabling automatic migration execution on docker compose up rather than requiring manual steps.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.

Change the reviews.profile setting to assertive to make CodeRabbit's nitpick more issues in your PRs.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yaml`:
- Line 117: The service currently hard-codes the behavior by invoking
migrations/docker-entrypoint.sh which itself runs liquibase ... update without
forwarding arguments; change the service to specify command: ["update"] (so
docker-compose commands like status or rollback become args instead of being
ignored) and update migrations/docker-entrypoint.sh to forward any passed
arguments to liquibase (use "$@" when invoking liquibase) and default to
"update" when no args are provided (e.g., if [ $# -eq 0 ]; then set
args=("update"); fi; then run liquibase ... "${args[@]}" or equivalent).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5fb8c5b5-6e7c-48e1-8e8e-bfcb1729dd0a

📥 Commits

Reviewing files that changed from the base of the PR and between 9c95aed and ed54da3.

📒 Files selected for processing (2)

• docker-compose.override.yaml.example
• docker-compose.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== docker-compose.yaml =="
sed -n '115,120p' docker-compose.yaml

echo
echo "== migrations/docker-entrypoint.sh =="
sed -n '1,40p' migrations/docker-entrypoint.sh

echo
echo "== argument forwarding check =="
if rg -n '\$@|"\$@"' migrations/docker-entrypoint.sh; then
  echo "argument forwarding found"
else
  echo "no argument forwarding found"
fi

echo
echo "== documented manual Liquibase commands =="
sed -n '23,56p' migrations/README.md

Repository: heysarver/auth-api

Length of output: 2337

---

Don't hard-code update in the service entrypoint.

The script at migrations/docker-entrypoint.sh ends with liquibase --defaults-file=/tmp/liquibase.properties update and does not forward arguments. This causes a behavioral regression: users running documented commands like docker compose --profile migrate run --rm liquibase-auth status --verbose, updateSQL, or rollback-count 1 will silently execute migrations instead of the requested action. These workflows are still documented in migrations/README.md:23-56.

To fix, add command: ["update"] to the service and modify the script to forward arguments:

Proposed fix

   entrypoint: ["/bin/sh", "/liquibase/changelog/docker-entrypoint.sh"]
+  command: ["update"]

-echo "Running Liquibase migrations for auth schema..."
-liquibase --defaults-file=/tmp/liquibase.properties update
-
-echo "Migrations completed successfully!"
+if [ "$#" -eq 0 ]; then
+  set -- update
+fi
+
+echo "Running Liquibase command: $*"
+liquibase --defaults-file=/tmp/liquibase.properties "$@"
+
+echo "Liquibase command completed successfully!"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yaml` at line 117, The service currently hard-codes the
behavior by invoking migrations/docker-entrypoint.sh which itself runs liquibase
... update without forwarding arguments; change the service to specify command:
["update"] (so docker-compose commands like status or rollback become args
instead of being ignored) and update migrations/docker-entrypoint.sh to forward
any passed arguments to liquibase (use "$@" when invoking liquibase) and default
to "update" when no args are provided (e.g., if [ $# -eq 0 ]; then set
args=("update"); fi; then run liquibase ... "${args[@]}" or equivalent).