chore: update github actions

Author: tianzhou

.github/workflows/pgschema-multifile-apply.yml

@@ -48,6 +48,24 @@ jobs:
       - name: Install pgschema
         run: go install github.com/pgschema/pgschema@latest
 
+      - name: Download plan.json artifact
+        uses: dawidd6/action-download-artifact@v6
+        with:
+          workflow: pgschema-multifile-plan.yml
+          pr: ${{ github.event.pull_request.number }}
+          name: pgschema-plan-${{ github.event.pull_request.number }}
+          path: .
+
+      - name: Validate plan.json
+        run: |
+          if [ ! -f "plan.json" ]; then
+            echo "❌ Error: plan.json not found. Make sure the plan workflow completed successfully."
+            exit 1
+          fi
+          
+          echo "✅ plan.json found and ready for apply"
+          echo "Plan file size: $(stat -f%z plan.json 2>/dev/null || stat -c%s plan.json) bytes"
+
       - name: Load baseline schema
         run: |
           echo "::group::Loading baseline schema to emulate remote database"
@@ -57,23 +75,23 @@ jobs:
       - name: Run pgschema apply
         id: apply
         run: |
-          echo "::group::Applying schema changes"
-          echo "Running pgschema apply with detailed logging..."
+          echo "::group::Applying schema changes using plan.json"
+          echo "Running pgschema apply with pre-generated plan..."
           
           # Enable detailed error reporting
           set -x  # Show commands as they execute
           
-          # Run pgschema apply with auto-approve
+          # Run pgschema apply using the plan.json file
           APPLY_OUTPUT=$(pgschema apply \
-            --auto-approve \
             --debug \
             --host localhost \
             --port 5432 \
             --db testdb \
             --user postgres \
-            --file "${{ github.workspace }}/multifile/main.sql" \
+            --plan plan.json \
             --lock-timeout "30s" \
             --application-name "pgschema-github-action-apply" \
+            --auto-approve \
             2>&1)
 
           APPLY_EXIT_CODE=$?
@@ -128,6 +146,8 @@ jobs:
             if (wasSuccessful) {
               commentBody = `## ✅ Schema Changes Applied Successfully!
 
+            📋 **Applied using plan:** \`pgschema-plan-${{ github.event.pull_request.number }}\`
+
             <details>
             <summary>📋 Applied Changes</summary>
 
@@ -144,7 +164,14 @@ jobs:
             } else {
               commentBody = `## ❌ Schema Migration Failed!
 
-            The multi-file schema migration failed after merging this PR. Please review the error details below:
+            The multi-file schema migration failed after merging this PR using plan \`pgschema-plan-${{ github.event.pull_request.number }}\`.
+            
+            This could indicate:
+            - Database schema changed between plan and apply (fingerprint mismatch)
+            - Invalid plan.json file
+            - Database connectivity issues
+            
+            Please review the error details below:
 
             <details>
             <summary>🔍 Error Details</summary>

.github/workflows/pgschema-multifile-plan.yml

@@ -5,7 +5,7 @@ on:
     types: [opened, synchronize, reopened]
     paths:
       - "multifile/**"
-      - ".github/workflows/pgschema-plan-multi.yml"
+      - ".github/workflows/pgschema-multifile-plan.yml"
 
 permissions:
   contents: read
@@ -55,27 +55,44 @@ jobs:
         id: plan
         run: |
           echo "Running pgschema plan with detailed logging..."
-          
+
           # Enable detailed error reporting
           set -x  # Show commands as they execute
-          
-          # Run pgschema plan
+
+          # Run pgschema plan and generate both text and JSON output
           PLAN_OUTPUT=$(pgschema plan \
             --debug \
             --host localhost \
             --port 5432 \
             --db testdb \
             --user postgres \
             --file "${{ github.workspace }}/multifile/main.sql" \
+            --output-json plan.json \
+            --output-human stdout \
             2>&1)
-          
+
           set +x  # Disable command tracing
 
-          # Set output
+          # Verify plan.json was created
+          if [ ! -f "plan.json" ]; then
+            echo "❌ Error: plan.json was not generated"
+            exit 1
+          fi
+
+          echo "✅ plan.json generated successfully"
+
+          # Set output for PR comment
           echo "plan<<EOF" >> $GITHUB_OUTPUT
           echo "$PLAN_OUTPUT" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
+      - name: Upload plan.json artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pgschema-plan-${{ github.event.pull_request.number }}
+          path: plan.json
+          retention-days: 30
+
       - name: Comment PR
         uses: actions/github-script@v7
         with:
@@ -87,6 +104,10 @@ jobs:
 
             const body = `## pgschema Plan Output
 
+            📋 **Plan artifact created:** \`pgschema-plan-${{ github.event.pull_request.number }}\`
+
+            This plan will be used automatically when the PR is merged.
+
             <details>
             <summary>Click to expand plan details</summary>
 

.github/workflows/pgschema-singlefile-apply.yml

@@ -48,6 +48,24 @@ jobs:
       - name: Install pgschema
         run: go install github.com/pgschema/pgschema@latest
 
+      - name: Download plan.json artifact
+        uses: dawidd6/action-download-artifact@v6
+        with:
+          workflow: pgschema-singlefile-plan.yml
+          pr: ${{ github.event.pull_request.number }}
+          name: pgschema-singlefile-plan-${{ github.event.pull_request.number }}
+          path: .
+
+      - name: Validate plan.json
+        run: |
+          if [ ! -f "plan.json" ]; then
+            echo "❌ Error: plan.json not found. Make sure the plan workflow completed successfully."
+            exit 1
+          fi
+          
+          echo "✅ plan.json found and ready for apply"
+          echo "Plan file size: $(stat -f%z plan.json 2>/dev/null || stat -c%s plan.json) bytes"
+
       - name: Load baseline schema
         run: |
           echo "::group::Loading baseline schema to emulate remote database"
@@ -57,23 +75,23 @@ jobs:
       - name: Run pgschema apply
         id: apply
         run: |
-          echo "::group::Applying schema changes"
-          echo "Running pgschema apply with detailed logging..."
+          echo "::group::Applying schema changes using plan.json"
+          echo "Running pgschema apply with pre-generated plan..."
 
           # Enable detailed error reporting
           set -x  # Show commands as they execute
 
-          # Run pgschema apply with auto-approve
+          # Run pgschema apply using the plan.json file
           APPLY_OUTPUT=$(pgschema apply \
-            --auto-approve \
             --debug \
             --host localhost \
             --port 5432 \
             --db testdb \
             --user postgres \
-            --file "${{ github.workspace }}/singlefile/schema.sql" \
+            --plan plan.json \
             --lock-timeout "30s" \
             --application-name "pgschema-github-action-apply" \
+            --auto-approve \
             2>&1)
 
           APPLY_EXIT_CODE=$?
@@ -93,7 +111,6 @@ jobs:
 
           echo "exit_code=$APPLY_EXIT_CODE" >> $GITHUB_OUTPUT
 
-
           # Exit with the same code as pgschema
           exit $APPLY_EXIT_CODE
 
@@ -129,6 +146,8 @@ jobs:
             if (wasSuccessful) {
               commentBody = `## ✅ Schema Changes Applied Successfully!
 
+            📋 **Applied using plan:** \`pgschema-singlefile-plan-${{ github.event.pull_request.number }}\`
+
             <details>
             <summary>📋 Applied Changes</summary>
 
@@ -145,7 +164,14 @@ jobs:
             } else {
               commentBody = `## ❌ Schema Migration Failed!
 
-            The single-file schema migration failed after merging this PR. Please review the error details below:
+            The single-file schema migration failed after merging this PR using plan \`pgschema-singlefile-plan-${{ github.event.pull_request.number }}\`.
+            
+            This could indicate:
+            - Database schema changed between plan and apply (fingerprint mismatch)
+            - Invalid plan.json file
+            - Database connectivity issues
+            
+            Please review the error details below:
 
             <details>
             <summary>🔍 Error Details</summary>

.github/workflows/pgschema-singlefile-plan.yml

@@ -5,7 +5,7 @@ on:
     types: [opened, synchronize, reopened]
     paths:
       - "singlefile/**"
-      - ".github/workflows/pgschema-plan-single.yml"
+      - ".github/workflows/pgschema-singlefile-plan.yml"
 
 permissions:
   contents: read
@@ -55,27 +55,44 @@ jobs:
         id: plan
         run: |
           echo "Running pgschema plan with detailed logging..."
-          
+
           # Enable detailed error reporting
           set -x  # Show commands as they execute
-          
-          # Run pgschema plan
+
+          # Run pgschema plan and generate both text and JSON output
           PLAN_OUTPUT=$(pgschema plan \
             --debug \
             --host localhost \
             --port 5432 \
             --db testdb \
             --user postgres \
             --file "${{ github.workspace }}/singlefile/schema.sql" \
+            --output-json plan.json \
+            --output-human stdout \
             2>&1)
-          
+
           set +x  # Disable command tracing
 
-          # Set output
+          # Verify plan.json was created
+          if [ ! -f "plan.json" ]; then
+            echo "❌ Error: plan.json was not generated"
+            exit 1
+          fi
+
+          echo "✅ plan.json generated successfully"
+
+          # Set output for PR comment
           echo "plan<<EOF" >> $GITHUB_OUTPUT
           echo "$PLAN_OUTPUT" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
+      - name: Upload plan.json artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pgschema-singlefile-plan-${{ github.event.pull_request.number }}
+          path: plan.json
+          retention-days: 30
+
       - name: Comment PR
         uses: actions/github-script@v7
         with:
@@ -87,6 +104,10 @@ jobs:
 
             const body = `## pgschema Plan Output
 
+            📋 **Plan artifact created:** \`pgschema-singlefile-plan-${{ github.event.pull_request.number }}\`
+
+            This plan will be used automatically when the PR is merged.
+
             <details>
             <summary>Click to expand plan details</summary>
 

README.md

@@ -1,6 +1,6 @@
 # pgschema GitHub Actions Example
 
-This repository demonstrates how to use [pgschema](https://www.pgschema.com/) with GitHub Actions to automatically run schema migration plans on pull requests. It includes examples for both single-file and multi-file schema approaches.
+This repository demonstrates how to use [pgschema](https://www.pgschema.com/) with GitHub Actions to implement the **plan-review-apply workflow pattern** for safe database schema migrations. It includes examples for both single-file and multi-file schema approaches.
 
 ## Overview
 
@@ -11,8 +11,10 @@ This repository demonstrates how to use [pgschema](https://www.pgschema.com/) wi
 
 Plan workflows automatically:
 
-- Run `pgschema plan` when a PR modifies schema files
-- Post the migration plan as a comment on the PR
+- Run `pgschema plan --output-human stdout --output-json plan.json` when a PR modifies schema files
+- Generate both human-readable output for PR comments and plan.json artifact for deployment
+- Post the migration plan as a comment on the PR for team review
+- Upload plan.json as a GitHub artifact for the apply workflow
 - Update the comment if the PR is synchronized with new changes
 
 ### Apply Workflows (Merged Pull Requests)
@@ -22,11 +24,36 @@ Plan workflows automatically:
 
 Apply workflows automatically:
 
-- Run `pgschema apply` when pull requests are merged to main branch
-- Use `--auto-approve` flag for automated deployment
+- Download the plan.json artifact generated during the plan phase using `dawidd6/action-download-artifact`
+- Run `pgschema apply --plan plan.json --auto-approve` using the pre-approved plan
+- Validate database fingerprint to ensure no concurrent schema changes occurred
 - Apply changes to a test PostgreSQL 17 container
 - Comment on the PR with success or failure results and detailed logs
 
+## Plan-Review-Apply Workflow Pattern
+
+This implementation follows the [pgschema plan-review-apply pattern](https://www.pgschema.com/workflow/plan-review-apply) for safe database migrations:
+
+### 1. Plan Phase (Pull Request)
+
+- Generates detailed migration plan with `pgschema plan`
+- Creates both human-readable output and plan.json artifact
+- Team reviews the proposed changes in PR comments
+- Plan.json is stored as GitHub artifact for later use
+
+### 2. Review Phase (Pull Request Review)
+
+- Team examines the migration plan for correctness and safety
+- Considers business impact and potential risks
+- Approves or requests changes before merging
+
+### 3. Apply Phase (Merge to Main)
+
+- Downloads the exact plan.json that was reviewed using `dawidd6/action-download-artifact`
+- Applies using `pgschema apply --plan plan.json --auto-approve`
+- Fingerprint validation prevents concurrent schema changes
+- Ensures exactly what was planned is what gets applied
+
 ## Setup
 
 ### PostgreSQL 17 Test Container Setup
@@ -47,6 +74,8 @@ This approach ensures that:
 - Migration plans show realistic diffs against existing schema
 - Apply operations work against a database with existing data structure
 - Tests validate changes in a production-like environment
+- Plans are generated and validated against the actual target database state
+- Fingerprint validation catches any concurrent schema modifications
 
 ### GitHub Secrets