DEVOPS

CI/CD Safety: Why Schema Drift Requires Auto-Approval

Automation implies speed, but database tools often prioritize safety halts. Learn how Aphelion's "CI Mode" balances these needs.

January 26, 2026 6 min read CI/CD Automation

The Problem: Schema Drift in CI

In a Continuous Integration (CI) environment, "Schema Drift"—where your target database has changed since the last run—is not an error; it's the expected state. You are running the build because you just committed a migration that changed a table.

However, standard safety defaults interpret this change as a risk. If you run a generation tool locally and the schema has changed, it should stop and ask:

⚠️ Schema drift detected. Existing data may be incompatible.
Do you want to overwrite? [y/N]

But in a headless CI runner (like GitHub Actions or Jenkins), there is no human to press "y". The build hangs, times out, or fails.

The Solution: Auto-Approve Mode

Aphelion (Team & Enterprise tiers) solves this with the --auto-approve flag. This flag acts as an explicit "CI Mode" switch.

bash 
# The "CI Mode" command
aphelion generate schema.json \
  --seed $CI_PIPELINE_ID \
  --auto-approve \
  --overwrite

By passing this flag, you are telling the engine: "I am aware the schema has changed. I authorized this change via my git commit. Proceed immediately."

Is It Safe? (The "Air Gap" Model)

The most common question we get from DevOps teams is: "Isn't auto-approving database operations dangerous?"

Usually, yes. But Aphelion uses a unique Air Gap Safety Model.

Direct Connection

Traditional tools connect directly to your DB and run TRUNCATE or DROP commands. If you auto-approve a mistake here, you wipe production.

Aphelion "Air Gap"

Aphelion never modifies your database directly. It only generates .sql files to your local disk. You must run a separate script to apply them.

When you use --auto-approve, you are only authorizing the overwriting of temporary local files in your build workspace. You are not authorizing the destruction of any database. This two-step process (Generate Files → Apply Files) provides a critical safety buffer.

Example: GitHub Actions Workflow

Here is a drop-in example of how to configure this for a safe, automated CI pipeline.

.github/workflows/test.yml 
name: Integration Tests
on: [push]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      # 1. Download Authenticated Binary (Team Tier)
      - name: Install Aphelion
        run: |
          curl -L "https://algomimic.com/api/download/pro?key=${{ secrets.APHELION_LICENSE_KEY }}" -o aphelion
          chmod +x aphelion

      # 2. Generate Data (Auto-Approve Drift)
      - name: Generate Fresh Data
        run: |
          ./aphelion generate schema.json \
            --auto-approve \
            --overwrite \
            --output ./data

      # 3. Apply to Service Container
      - name: Seed Database
        run: cd data && ./load.sh my_test_db

Summary

Automation requires confidence. By separating data generation (files) from data application (load), Aphelion allows you to bypass interactive prompts safely.

  • Drift is Good: In CI, schema changes are expected. Don't let them break your build.
  • Files, not Destructors: We generate SQL files, keeping your DB safe from accidental commands.

Automate Your Test Data

Get the --auto-approve flag and CI capabilities with the Team plan.

View Team Plans Read Deployment Docs