For Flyway: place versioned scripts as V__<description>.sql in src/main/resources/db/migration; add the Flyway Maven or Gradle plugin and call flyway:validate in the CI test stage before flyway:migrate
Store database credentials in CI secrets (e.g., FLYWAY_URL, FLYWAY_USER, FLYWAY_PASSWORD environment variables) and reference them from flyway.toml or the plugin config, never hardcode them
For Liquibase: define a root changelog.xml that includes changesets per sprint; use liquibase validate and liquibase updateSQL (dry-run) as a CI gate before liquibase update
Use a separate migration database in CI that is created fresh per pipeline run (e.g., a Docker Postgres service) so migrations are always tested against a clean state
Gate production deployments with a manual approval step; for rollback use Liquibase's rollback-one-changeset or author compensating forward migrations in Flyway
Tag releases in Liquibase with liquibase tag <version> before each deployment to enable point-in-time rollback
Known gotchas
Flyway community edition only supports forward migrations; rollback requires writing explicit undo scripts (available in Flyway Teams) or compensating migrations — never rely on automatic rollback in production without testing it
Never modify a migration script that has already been applied; Flyway and Liquibase both checksum applied changesets and will throw a validation error, halting the pipeline
Running migrations from multiple CI workers simultaneously can cause race conditions on the schema_version or DATABASECHANGELOCK table; ensure only one migration process runs at a time per environment
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp