=head1 Name

sqitchtutorial - A tutorial introduction to Sqitch

=head1 Synopsis

  sqitch *

=head1 Description

This tutorial explains how to create a sqitch-enabled project, use a VCS for
deployment planning, and work with other developers to make sure changes
remain in sync and in the proper order.

We'll start by creating new project from scratch, the database for a fictional
antisocial networking site called Flipr. All examples use
L<Git|http://git-scm.com/> as the VCS and
L<PostgreSQL|http://www.postgresql.org/> as the storage engine, but for the
most part you can substitute other VCSes and database engines in the examples
as appropriate.

=head1 Starting a New Project

Usually the first thing to do when starting a new project is to create a
source code repository. So let's do that with Git:

  > mkdir flipr
  > cd flipr 
  > git init .
  Initialized empty Git repository in /flipr/.git/
  > touch README.md
  > git add .
  > git commit -am 'Fist post!'

If you're a Git user and want to follow along the history, the repository
used in these examples is L<on GitHub|https://github.com/theory/sqitch-intro>.

Now that we have a repository, let's get started with Sqitch.

  > sqitch init --engine pg
  Created sql/deploy
  Created sql/revert
  Created sqitch.conf

Let's have a look at F<sqitch.conf>:

  # [core "pg"]
      # db_name = 
      # client = psql
      # sqitch_schema = sqitch
      # password = 
      # port = 
      # host = 
      # username = 

Pretty simple. It picked up on the fact that we're creating changes for the
PostgreSQL engine, thanks to the C<--engine pg> option, and saved it to the
file. It also wrote a commented-out C<[core "pg"]> section with all the
available PostgreSQL engine-specific settings commented out and ready to be
edited as appropriate.

By default, Sqitch will read F<sqitch.conf> in the current directory for
settings. But it will also read F<~/.sqitch/sqitch.conf> for global settings.
Since PostgreSQL's C<psql> client is not in the path on my system, let's go
ahead an tell it globally where to find the client:

  sqitch config --user core.pg.client /var/lib/pgsql/bin/psql

Have a look at F<~/.sqitch/sqitch.conf> and you'll see this:

  [core.pg]
      client = /var/lib/pgsql/bin/psql

Back to the repository. Let's commit these changes and start creating the
database changes.

  > git add .
  > git commit -am 'Initialize Sqitch configuration.'

=head1 Our First Deployment

First, our project will need a database user. This is the application user,
who will have only limited access to objects in the database. Run this command:

  > sqitch add-step appuser
  Adding sql/deploy/appuser.sql
  Adding sql/revert/appuser.sql

The C<add-step> command creates deploy and revert scripts that represent a new
change step. Now we edit these files. The C<deploy> script's job is to create
the user. So we add this to F<sql/deploy/appuser.sql>:

  CREATE ROLE flipr WITH LOGIN;

The C<revert> script's job is to precisely revert the change to the deploy
script, so we add this to F<sql/revert/appuser.sql>:

  DROP ROLE flipr;

Now we can try deploying this change:

  > sqitch --db-name flipr_test deploy --untracked
  Adding metadata tables to flipr_test
  Deploying HEAD+ to flipr_test
    - appuser

First Sqitch created the metadata tables used to track database changes. The
structure and name of the metadata tables varies between databases (PostgreSQL
uses a schema to namespace its metadata; MySQL and SQLite use a prefix). Next,
Sqitch deploys changes. Here it is deploying something called C<HEAD+>.
Normally you would see a tag here, but since we've just added the files and
they are not yet committed to Git, there is no tag. C<HEAD+> is a special tag
reserved for use by Sqitch. It's enabled only by the use of the C<--untracked>
option, which allows Sqitch to find an deploy untracked changes.

With this change deployed, if you connect to the database, you'll be able to
see the role:

  > psql -d flipr_test -c '\du flipr'
             List of roles
   Role name | Attributes | Member of 
  -----------+------------+-----------
   flipr     |            | {}

And we can also see how the deployment was recorded via the C<status> command,
which reads the metadata tables from the database:

  > sqitch -d flipr_test status
  # On database flipr_test
  # Tag:  HEAD+
  # Step: appuser
  # Date: 2012-04-09 18:43:45
  #
  Nothing to deploy (up-to-date)

Let's make sure that we can revert the change:

  > sqitch --db-name flipr_test revert
  Reverting all changes from flipr_test
    - appuser

And now the user should be gone:

  > psql -d flipr_test -c '\du flipr'
                                  List of roles
   Role name | Attributes | Member of 
  -----------+------------+-----------

And the status message should reflect as much:

  > sqitch -d flipr_test status --untracked
  # On database flipr_test
  # Nothing deployed.
  #
  # Changes not deployed:
  # * HEAD+
  #   appuser
  #
  Use "sqitch deploy --untracked" to deploy these changes

We've again used the C<--untracked> option, otherwise the C<appuser> step would
not appear in the list of "Changes not yet deployed."

We still have a record that the change happened, visible via the C<log>
command:

  > sqitch -d flipr_test log
  step appuser reverted
  By:   david
  Date: 2012-04-09 18:45:47
  Tag:  HEAD+

  step appuser deployed
  By:   david
  Date: 2012-04-09 18:43:45
  Tag:  HEAD+

Cool. Now let's commit it.

  > git add .
  > git commit -m 'Add app user.'
  [master 36acafd] Add app user.
   2 files changed, 2 insertions(+)
   create mode 100644 sql/deploy/appuser.sql
   create mode 100644 sql/revert/appuser.sql

And then deploy again:

  > sqitch --db-name flipr_test deploy
  Deploying 36acafd to flipr_test
    - appuser

Notice we no longer need the C<--untracked> option. That's because we've
committed the step to Git, so Sqitch can read it from the Git history. And now
the user should be back:

  > psql -d flipr_test -c '\du flipr'
             List of roles
   Role name | Attributes | Member of 
  -----------+------------+-----------
   flipr     |            | {}

When we look at the status, the deployment is tagged with the SHA1 of the
commit:

  > sqitch -d flipr_test status
  # On database flipr_test
  # Tag:  36acafd
  # Step: appuser
  # Date: 2012-04-09 18:52:42
  #
  Nothing to deploy (up-to-date)

=head1 More Configuration

I'm getting a little tired of always having to type C<--db-name flipr_test>,
aren't you? Let's just make that the default, shall we?

  sqitch config core.pg.db_name flipr_test

Now we can leave it out, unless we need to deploy to another database. Which
we will, eventually, but at least our examples will be simpler from here on
in, e.g.:

  > sqitch status
  # On database flipr_test
  # Tag:  36acafd
  # Step: appuser
  # Date: 2012-04-09 18:52:42
  #
  Nothing to deploy (up-to-date)

Yay, that allows things to be a little more concise. Let's make some more
changes!

=head1 Deploy with Dependency

Let's add another deployment, this time to create a table. Our app will need
users, of course, so we'll create a table for them. First, add the new step:

  > sqitch add-step users
  Adding sql/deploy/users.sql
  Adding sql/revert/users.sql

Now edit the scripts. In C<sql/deploy/users.sql>, we put:

  -- requires: appuser
  BEGIN;
  SET client_min_messages = 'warning';

  CREATE TABLE users (
      nickname  TEXT        PRIMARY KEY,
      password  TEXT        NOT NULL,
      timestamp TIMESTAMPTZ NOT NULL DEFAULT NOW()
  );

  GRANT SELECT ON users TO flipr;
  COMMIT;

A few things to notice here. On the first line, we've declared a dependency on
the C<appuser> step. Although that step has already been added and committed,
and therefore should always be applied before the C<users> step, it's a good
idea to be explicit about dependencies. This becomes especially important when
committing a number of steps at one time, such as when merging a patch or a
branch.

The syntax of the dependency declaration is simple: Before any other lines,
create an SQL C<--> comment that simply uses the word "requires" followed by a
colon and then a comma-delimited list of required steps. The requirements may
also be listed on separate lines, providing they all start with
C<-- requires:>.

Notice that all of the SQL code is wrapped in a transaction. This is handy for
PostgreSQL deployments, because DDLs are transactional. The upshot is that if
any part of the deployment fails, the whole step fails. Such may work
less-well for database engines that don't support transactional DDLs.

Just before the commit, the C<GRANT> command grants C<SELECT> access on the
table to the C<flipr> user created by the C<appuser> step. This is why we
need the dependency.

Now for the revert script. Add this to C<sql/revert/users.sql>:

  DROP TABLE users;

Couldn't be much simpler, right? Let's deploy this bad boy:

  > sqitch deploy --untracked
  Deploying HEAD+ to flipr_test
    - users

The C<users> table should have been created:

  > psql -d flipr_test -c '\d users'
                       Table "public.users"
    Column   |           Type           |       Modifiers        
  -----------+--------------------------+------------------------
   nickname  | text                     | not null
   password  | text                     | not null
   timestamp | timestamp with time zone | not null default now()
  Indexes:
      "users_pkey" PRIMARY KEY, btree (nickname)

Now have a look at the status:

  > sqitch -d flipr_test status
  # On database flipr_test
  # Tag:  HEAD+
  # Step: users
  # Date: 2012-04-09 20:41:31
  #
  Nothing to deploy (up-to-date)

Success! However, we've once again deployed an untracked change with no tags.
In general, we want tags, so let's revert the change:

  > sqitch revert --to 36acafd
  Reverting HEAD+ from flipr_test
  - users

Note that we've used the C<--to> option to revert only to the C<36acafd> tag,
which represents the deployment of the C<appuser> step. (You can see this tag
by running C<sqitch log>, in case you don't have your SHA1 hashes memorized).
Now commit and deploy again:

  > git add .
  > git commit -am 'Add users table.'
  [master fa650af] Add users table.
   2 files changed, 16 insertions(+)
   create mode 100644 sql/deploy/users.sql
   create mode 100644 sql/revert/users.sql
  > sqitch deploy
  Deploying fa650af to flipr_test
    - users

Looks good. Check the status:

  > sqitch status --show tags
  # On database flipr_test
  # Tag:  fa650af
  # Step: users
  # Date: 2012-04-09 20:45:23
  #
  # Tags:
  #    fa650af - 2012-04-09 20:45:23 - david
  #    36acafd - 2012-04-09 19:04:50 - david
  #
  Nothing to deploy (up-to-date)

Note the use of C<--show tags>, which adds the "Tags" section to the output,
so that we can use a list of what tags were deployed, when, and by whom.

=head1 Add Two at Once

Let's add a couple more steps to add functions for managing users.

  > sqitch add-step insert_user --requires users --requires appuser
  Adding sql/deploy/insert_user.sql
         -- requires: users, appuser
  Adding sql/revert/insert_user.sql

  > sqitch add-step change_pass --requires users --requires appuser
  Adding sql/deploy/change_pass.sql
         -- requires: users, appuser
  Adding sql/revert/change_pass.sql

Here we've taken advantage of the C<--requires> option to have Sqitch write
the stubbed C<deploy> file with the C<-- requires:> line already filled in.
Have a look:

  > cat sql/deploy/insert_user.sql
  -- requires: users, appuser
  

Nice, huh? Yeah, okay, so it's a little thing. Little things matter, am I
right? Let's write the code. Here's what C<sql/deploy/insert_user.sql> should
look like:

  -- requires: users, appuser
  
  BEGIN;

  CREATE OR REPLACE FUNCTION insert_user(
      nickname TEXT,
      password TEXT
  ) RETURNS VOID LANGUAGE SQL SECURITY DEFINER AS $$
      INSERT INTO users values($1, md5($2));
  $$;

  GRANT EXECUTE ON FUNCTION insert_user(TEXT, TEXT) to flipr;
  COMMIT;

And C<sql/revert/insert_user.sql> should look something like this:

  DROP FUNCTION insert_user(TEXT, TEXT);

Now for C<change_pass>; C<sql/deploy/change_pass.sql> might look like this:

  -- requires: users, appuser

  BEGIN;

  CREATE OR REPLACE FUNCTION change_pass(
      nick    TEXT,
      oldpass TEXT,
      newpass TEXT
  ) RETURNS BOOLEAN LANGUAGE plpgsql SECURITY DEFINER AS $$
  BEGIN
      UPDATE users
         SET password = md5($3)
       WHERE nickname = $1
         AND password = md5($2);
      RETURN FOUND;
  END;
  $$;

  GRANT EXECUTE ON FUNCTION change_pass(TEXT, TEXT, TEXT) to flipr;
  COMMIT;

And of course, its C<revert> script, C<sql/revert/change_pass.sql>, should look
something like:

  DROP FUNCTION change_pass(TEXT, TEXT, TEXT);

Test em out!

  > sqitch deploy --untracked
  Deploying HEAD+ to flipr_test
    - change_pass
    - insert_user

Do we have the functions?

  > psql -d flipr_test -c '\df'
                                      List of functions
   Schema |    Name     | Result data type |          Argument data types          |  Type  
  --------+-------------+------------------+---------------------------------------+--------
   public | change_pass | boolean          | nick text, oldpass text, newpass text | normal
   public | insert_user | void             | nickname text, password text          | normal

And what's the status?

  > sqitch status --show tags
  # On database flipr_test
  # Tag:  HEAD+
  # Step: insert_user
  # Date: 2012-04-09 20:45:23
  #
  # Tags:
  #    HEAD+   - 2012-04-09 20:45:23 - david
  #    fa650af - 2012-04-09 20:45:23 - david
  #    36acafd - 2012-04-09 19:04:50 - david
  #
  Nothing to deploy (up-to-date)

Looks good. Let's revert, commit, and re-deploy, as usual.

  > sqitch revert --to HEAD
  Reverting HEAD+ from flipr_test
    - insert_user
    - change_pass

Note the use of C<--to HEAD> to revert untracked changes. We also could have
explicitly used C<--to fa650af> to revert to that tag, but C<HEAD> is a nice
shortcut. Let's do the commit and re-deploy dance:

  > git add .
  > git ci -m 'Add `insert_user()` and `change_pass()`.'
  [master 803e6b8] Add `insert_user()` and `change_pass()`.
   4 files changed, 25 insertions(+)
   create mode 100644 sql/deploy/change_pass.sql
   create mode 100644 sql/deploy/insert_user.sql
   create mode 100644 sql/revert/change_pass.sql
   create mode 100644 sql/revert/insert_user.sql

  > sqitch deploy
  Deploying 803e6b8 to flipr_test
    - change_pass
    - insert_user

  > sqitch status --show tags
  # On database flipr_test
  # Tag:  HEAD+
  # Step: insert_user
  # Date: 2012-04-09 20:45:23
  #
  # Tags:
  #    803e6b8 - 2012-04-09 21:33:32 - david
  #    fa650af - 2012-04-09 20:45:23 - david
  #    36acafd - 2012-04-09 19:04:50 - david
  #
  Nothing to deploy (up-to-date)

Great, we're fully up-to-date!

=head1 Ship It!

Let's do a first release of our app. Let's call it C<1.0.0-dev1> Since we want
to have it go out with deployments tied to the release, let's tag it:

  > git tag v1.0.0-dev1 -am 'Tag v1.0.0-dev1'

We can test deployment to make sure the tag gets picked up like so:

  > createdb flipr_dev
  > sqitch --db-name flipr_dev deploy
  Deploying 36acafd to flipr_dev
    - appuser
  Deploying fa650af to flipr_dev
    - users
  Deploying 803e6b8/v1.0.0-dev1 to flipr_dev
    - insert_user
    - change_pass

All four steps were deployed, great! Let's have a look at the state:

  > sqitch --db-name flipr_dev status --show tags
  # On database flipr_dev
  # Tags: 803e6b8, v1.0.0-dev1
  # Step: change_pass
  # Date: 2012-04-09 22:14:00
  #
  # Tags:
  #    803e6b8, v1.0.0-dev1 - 2012-04-09 22:14:00 - david
  #    fa650af              - 2012-04-09 22:13:55 - david
  #    36acafd              - 2012-04-09 22:13:53 - david
  #
  Nothing to deploy (up-to-date)

Note that all the tags are included, and that the two tags C<803e6b8> and
C<v1.0.0-dev1> actually represent the same point in time. This is handy for
development, but is a bit over-the-top for production deployments. We can get
around this by bundling up all the steps with the explicit tag, leaving out
the individual commit SHA1s:

  > sqitch bundle --tags-only
  Bundling in bundle/
  Config written to bundle/sqitch.ini
  Bundling v1.0.0-dev1
    - appuser
    - users
    - change_pass
    - insert_user
  Plan written to bundle/sqitch.plan

Now we can package up the C<bundle> directory and distribute it. When it gets
installed somewhere, users can use Sqitch to deploy to the database. Of
course, the Git history is no longer available, so Sqitch will use the
C<sqitch.plan> file to figure things out. Let's have a look at it:

  cat bundle/sqitch.plan

  [v1.0.0-dev1]
  appuser
  users
  change_pass
  insert_user

Pretty simple. It shows the tag being deployed and the steps that constitute
it as a simple list. Notice that the SHA1s for each step are not present; the
C<--tags-only> option to the C<bundle> command limits the plan only to tags.

Let's test deploying it:

  > cd bundle
  > createdb flipr_prod
  > sqitch --db-name flipr_prod deploy
  Deploying v1.0.0-dev1 to flipr_prod
    - appuser
    - users
    - insert_user
    - change_pass

Looks much the same as before, eh? But have a look at the status:

  > sqitch --db-name flipr_prod status --show tags
  # On database flipr_prod
  # Tag:  v1.0.0-dev1
  # Step: change_pass
  # Date: 2012-04-09 22:17:38
  #
  # Tags:
  #    v1.0.0-dev1 - 2012-04-09 22:17:38 - david
  #
  Nothing to deploy (up-to-date)

No commit SHA1s, just C<v1.0.0-dev1>.

=head1 Flip Out

Now that we've got the basics of user management done, let's get to work on
the core of our product, the "flip." Since other folks are working on other
tasks in the repository, we'll work on a branch, so we can all stay out of
each other's way. So let's branch:

  > git checkout -b flips
  Switched to a new branch 'flips'

Now we can add a new step to create a table for our flips.

  > sqitch add-step flips --requires users
  Adding sql/deploy/flips.sql
         -- requires: users
  Adding sql/revert/flips.sql

You know the drill by now. Edit F<sql/deploy/flips.sql>:

  -- requires: users
  BEGIN;
  SET client_min_messages = 'warning';

  CREATE TABLE flips (
      id        BIGSERIAL   PRIMARY KEY,
      nickname  TEXT        NOT NULL REFERENCES users(nickname),
      body      TEXT        NOT NULL DEFAULT '' CHECK ( length(body) <= 180 ),
      timestamp TIMESTAMPTZ NOT NULL DEFAULT clock_timestamp()
  );

  GRANT SELECT ON flips TO flipr;
  COMMIT;

And edit F<sql/revert/flips.sql>:

  DROP TABLE flips;

And give it a whirl:

  > sqitch deploy --untracked
  Deploying HEAD+ to flipr_test
    - flips

Look good?

  > sqitch status --show tags
  # On database flipr_test
  # Tag:  HEAD+
  # Step: flips
  # Date: 2012-04-10 22:30:02
  #
  # Tags:
  #    HEAD+   - 2012-04-10 22:30:02 - david
  #    803e6b8 - 2012-04-09 21:33:32 - david
  #    fa650af - 2012-04-09 20:45:23 - david
  #    36acafd - 2012-04-09 19:04:50 - david
  #
  Nothing to deploy (up-to-date)

Yep. Make it so!

  > git add .
  > git commit -am 'Add flipr table.'
  [flips 4aa888e] Add flipr table.
   2 files changed, 18 insertions(+)
   create mode 100644 sql/deploy/flips.sql
   create mode 100644 sql/revert/flips.sql

Ooh, but wait, we forgot to revert the change before committing! Well,
no worries, we can update all the tags.

  > sqitch retag
  Retagging flipr_test
    . 36acafd
    . fa650af
    . 803e6b8
    + v1.0.0-dev1
    - HEAD+
    + 4aa888e
  Tags: 4 (1 removed, 1 added).

In the list of tags, C<.> means no change, C<+> means added, and C<-> means
removed.

Oh, it added the C<v1.0.0-dev1> tag. Recall that we never deployed it to the
test database before. That's cool, forgot about that. Then it removed the
C<HEAD+> tag and added C<4aa888e>. Let's examine the status:

  > sqitch status --show tags
  # On database flipr_test
  # Tag:  4aa888e
  # Step: flips
  # Date: 2012-04-10 22:30:02
  #
  # Tags:
  #    4aa888e              - 2012-04-10 22:30:02 - david
  #    803e6b8, v1.0.0-dev1 - 2012-04-09 21:33:32 - david
  #    fa650af              - 2012-04-09 20:45:23 - david
  #    36acafd              - 2012-04-09 19:04:50 - david
  #
  Nothing to deploy (up-to-date)

Great, looks like the tags are all in sync. That's handy. Of course, it's
still a good idea to test C<sqitch revert> and C<sqitch deploy> a few times,
just to make sure the changes are always carried out properly, but it's nice
to know we don't have to take extra steps just to commit untracked changes.

=head1 Wash, Rinse, Repeat

Now comes the time to add functions to manage flips. I'm sure you have things
nailed down now. Go ahead and add C<insert_flip> and C<delete_flip> steps
and commit them. The C<insert_flip> deploy script might look something like:

  -- requires: flips, appuser
  BEGIN;
  CREATE OR REPLACE FUNCTION insert_flip(
     nickname TEXT,
     body     TEXT
  ) RETURNS BIGINT LANGUAGE sql SECURITY DEFINER AS $$
      INSERT INTO flips (body, nickname)
      VALUES ($1, $2)
      RETURNING id;
  $$;
  GRANT EXECUTE ON FUNCTION insert_flip(TEXT, TEXT) to flipr;
  COMMIT;

And the C<delete_flip> deploy script might look something like:

  -- requires: flips, appuser
  BEGIN;
  CREATE OR REPLACE FUNCTION delete_flip(
     flip_id BIGINT
  ) RETURNS BOOLEAN LANGUAGE plpgsql SECURITY DEFINER AS $$
  BEGIN
      DELETE FROM flips WHERE id = flip_id;
      RETURN FOUND;
  END;
  $$;
  GRANT EXECUTE ON FUNCTION delete_flip(BIGINT) to flipr;
  COMMIT;

The C<revert> scripts are:

  DROP FUNCTION insert_flip(TEXT, TEXT);

And:

  DROP FUNCTION delete_flip(BIGINT);

Check the L<example git repository|https://github.com/theory/sqitch-intro> for
the complete details. Test C<deploy> and C<revert>, commit, and C<retag>. The
status should end up looking something like this:

  > sqitch status --show tags
  # On database flipr_test
  # Tag:  74c49ef
  # Step: insert_flip
  # Date: 2012-04-10 23:00:29
  #
  # Tags:
  #    74c49ef              - 2012-04-10 23:00:29 - david
  #    4aa888e              - 2012-04-10 22:30:02 - david
  #    803e6b8, v1.0.0-dev1 - 2012-04-09 21:33:32 - david
  #    fa650af              - 2012-04-09 20:45:23 - david
  #    36acafd              - 2012-04-09 19:04:50 - david
  #
  Nothing to deploy (up-to-date)

Good, we've finished this feature. Time to merge back into C<master>.

=head2 Emergency

Let's do it:

  > git checkout master
  Switched to branch 'master'
  > git pull
  Updating 803e6b8..2fae0b3
  Fast-forward
   sql/deploy/delete_list.sql |   15 +++++++++++++++
   sql/deploy/insert_list.sql |   12 ++++++++++++
   sql/deploy/lists.sql       |   16 ++++++++++++++++
   sql/revert/delete_list.sql |    1 +
   sql/revert/insert_list.sql |    1 +
   sql/revert/lists.sql       |    2 ++
   12 files changed, 91 insertions(+)
   create mode 100644 sql/deploy/delete_list.sql
   create mode 100644 sql/deploy/insert_list.sql
   create mode 100644 sql/deploy/lists.sql
   create mode 100644 sql/revert/delete_list.sql
   create mode 100644 sql/revert/insert_list.sql
   create mode 100644 sql/revert/lists.sql

Hrm, that's interesting. Looks like someone made some changes to C<master>.
Looks like some list support was added. Well, let's see what happens when we
merge our changes.

  > git merge --no-ff flips
  Merge made by the 'recursive' strategy.
   sql/deploy/delete_flip.sql |   12 ++++++++++++
   sql/deploy/flips.sql       |   16 ++++++++++++++++
   sql/deploy/insert_flip.sql |   12 ++++++++++++
   sql/revert/delete_flip.sql |    1 +
   sql/revert/flips.sql       |    2 ++
   sql/revert/insert_flip.sql |    1 +
   6 files changed, 44 insertions(+)
   create mode 100644 sql/deploy/delete_flip.sql
   create mode 100644 sql/deploy/flips.sql
   create mode 100644 sql/deploy/insert_flip.sql
   create mode 100644 sql/revert/delete_flip.sql
   create mode 100644 sql/revert/flips.sql
   create mode 100644 sql/revert/insert_flip.sql

Hey, looks good, everything merged cleanly. Let's have a look at our Git history:

  > git log --oneline
  5e30f38 Merge branch 'flips'
  2fae0b3 Merge tag 'lists'
  2a84155 Merge branch 'lists'
  9703969 Add `insert_flip()` and `delete_flip()`.
  675f78d Add `insert_list()` and `delete_list()`.
  faaa4d0 Add flipr table.
  591e388 Add `lists` table.
  803e6b8 Add `insert_user()` and `change_pass()`.
  fa650af Add users table.
  36acafd Add app user.
  e076e84 Initialize Sqitch configuration.
  9ccc485 Add README text.
  7b8dd19 First post!

Whoa, wait, what? Recall that we left off at commit C<803e6b8>. After that we
should have our two commits to the "flips" branch and end with a merge commit.
But notice here we have some other stuff interleaved. Commit C<591e388> adds a
"lists" table before our C<faaa4d0> commit adds the "flips" table. Then there
is another interloper commit, C<675f78d>, which adds some functions to insert
and delete lists, before our C<9703969> commit adds functions to insert and
delete flips. And there, second from the top, is the explanation,
C<2fae0b3 Merge branch 'lists'>. Why, someone else was working on another
branch and merged stuff into master before we did! Now things are all mixed
up.

Well, the truth is, we got lazy. Those changes when we pulled master from the
origin should have raised a red flag. In truth, it's considered a bad practice
not to look at what's changed in C<master> before merging in a branch. What one
I<should> do is either:

=over

=item *

Rebase the branch from on master before merging. This "rewinds" the branch
changes, pulls from C<master>, and then replays the changes back on top of
C<master>.

=item *

Create a patch and apply I<that> to master. This is the sort of thing you
might have to do if you're sending changes to another user, especially if the
VCS is not Git.

=back

So let's restore things to how they were at master:

  > git reset --hard origin/master
  HEAD is now at 2fae0b3 Merge tag 'lists'

That throws out our merge, which thankfully we have not yet pushed. Now let's
go back to our branch and rebase it on C<master>:

  > git checkout flips
  Switched to branch 'flips'
  > git rebase master
  First, rewinding head to replay your work on top of it...
  Applying: Add flipr table.
  Applying: Add `insert_flip()` and `delete_flip()`.

Notice that it rewinds the changes since we branched from C<master>, pulls
from C<master>, and then re-applies our commits. Look at the Git log to make
sure things were applied properly:

  > git log --oneline
  54d680f Add `insert_flip()` and `delete_flip()`.
  d07f3dc Add flipr table.
  2fae0b3 Merge tag 'lists'
  2a84155 Merge branch 'lists'
  675f78d Add `insert_list()` and `delete_list()`.
  591e388 Add `lists` table.
  803e6b8 Add `insert_user()` and `change_pass()`.
  fa650af Add users table.
  36acafd Add app user.
  e076e84 Initialize Sqitch configuration.
  9ccc485 Add README text.
  7b8dd19 Fist post!

Much better. Now all of our "flips" changes come after the "lists" changes.
But wait, we can't merge into C<master> quite yet. Or, at least, it's not a
good idea. We need to first make sure that Sqitch deployments still work
properly. Why? Have a look at this:

  > sqitch status
  # On database flipr_test
  # Tag:  74c49ef (unknown)
  # Step: insert_flip
  # Date: 2012-04-10 23:00:29
  #
  # Unknown tags:
  #  (use "sqitch retag" to fix)
  #    74c49ef
  #    28df2ve
  #
  # Undeployed changes:
  #   (no conflicts detected; use "sqitch deploy" to deploy the changes)
  #
  #    591e388
  #      - lists
  #    675f78d
  #      - insert_list
  #      - delete_list

Uh-oh. First of all, the second line tells us that the current tag, C<74c49ef>,
is unknown. That's because we rebased from master, so our local commits got
new SHA1s. Fortunately, we can fix that problem by re-tagging:

  > sqitch retag
  Retagging flipr_test
    . 36acafd
    . fa650af
    . 803e6b8
    . v1.0.0-dev1
    . 4aa888e
    - 28df2ve
    + d07f3dc
    - 74c49ef
    + 54d680f
    
  Tags: 7 (2 removed, 2 added).

Looks like it made some important updates. Let's see:

  > sqitch status
  # On database flipr_test
  # Tag:  54d680f
  # Step: insert_flip
  # Date: 2012-04-10 23:00:29
  #
  # Undeployed changes:
  #   (no conflicts detected; use "sqitch deploy" to deploy the changes)
  #
  #    591e388
  #      - lists
  #    675f78d
  #      - insert_list
  #      - delete_list

Great, now the tag looks right. But we still have undeployed changes. This is
because the rebase from C<master> added the "lists" branch changes. They come
I<before> our "flips" changes in the repository history, which means that,
technically, the the "flips" changes have been applied out-of-order.
Fortunately for us, however, there appear to be no conflicts (no mutual
dependencies between the "flips" and "lists" changes to muck things up). So we
can just take its advice and run C<sqitch deploy>:

  > sqitch deploy --untracked
  Deploying 591e388 to flipr_test
    - lists
  Deploying 675f78d to flipr_test
    - delete_list
    - insert_list

So where does that leave us?

  > sqitch status
  # On database flipr_test
  # Tag:  54d680f
  # Step: insert_flip
  # Date: 2012-04-10 23:32:43
  #

Note that we are still on the C<54d680f> tag but the date has been updated.
Sqitch has successfully merged the "lists" changes into the database.

What would have happened if there had been a conflict? In that case, we would
have had to revert the "flips" changes and deployed again, so that the changes
could be re-applied in the proper order. The commands to do that would have
been:

  > sqitch revert 54d680f^
  > sqitch deploy

Note the use of C<^> at the end of C<54d680f^>. That means, "the tag just
before C<54d680f>", and is a nice shortcut so that we don't have to troll the
history to find that tag. So it would revert to that tag, and them the call to
C<sqitch deploy> would have deployed the "lists" changes, followed by the
"flips" changes, so that everything would be in the proper order

Of course, this is the sort of thing you want to avoid in a production
context. When doing development, you can muck with your change history in any
number of ways. But you really want to get things nailed down before you do a
release, which should have a set plan that does not change -- until the next
release adds new steps -- but never mixes things in.

=head2 Merges Mastered

And now, finally, we can merge into C<master>:

  > git checkout master
  Switched to branch 'master'
  > git merge --no-ff flips
  Merge made by the 'recursive' strategy.
   sql/deploy/delete_flip.sql |   12 ++++++++++++
   sql/deploy/flips.sql       |   16 ++++++++++++++++
   sql/deploy/insert_flip.sql |   12 ++++++++++++
   sql/revert/delete_flip.sql |    1 +
   sql/revert/flips.sql       |    2 ++
   sql/revert/insert_flip.sql |    1 +
   6 files changed, 44 insertions(+)
   create mode 100644 sql/deploy/delete_flip.sql
   create mode 100644 sql/deploy/flips.sql
   create mode 100644 sql/deploy/insert_flip.sql
   create mode 100644 sql/revert/delete_flip.sql
   create mode 100644 sql/revert/flips.sql
   create mode 100644 sql/revert/insert_flip.sql

And double-check our work:

  > git log --oneline
  e161a90 Merge branch 'flips'
  54d680f Add `insert_flip()` and `delete_flip()`.
  d07f3dc Add flipr table.
  2fae0b3 Merge tag 'lists'
  2a84155 Merge branch 'lists'
  675f78d Add `insert_list()` and `delete_list()`.
  591e388 Add `lists` table.
  803e6b8 Add `insert_user()` and `change_pass()`.
  fa650af Add users table.
  36acafd Add app user.
  e076e84 Initialize Sqitch configuration.
  9ccc485 Add README text.
  7b8dd19 Fist post!

Much much better, a nice clean master now. And because it is now identical to
the "flips" branch, we can just carry on. Tag it so that we can use real tags
for bundling a release later:

  > git tag flips -am 'Tag flips merge.'

=head1 In Place Changes

Uh-oh, someone just noticed that MD5 hashing is not particularly secure. Why?
Have a look at this:

  > psql -d flipr_test -c "
      SELECT insert_user('foo', 'secr3t'), insert_user('bar', 'secr3t');
      SELECT * FROM users;
  "
   nickname |             password             |           timestamp           
  ----------+----------------------------------+-------------------------------
   foo      | 9695da4dd567a19f9b92065f240c6725 | 2012-04-11 23:00:02.135612+00
   bar      | 9695da4dd567a19f9b92065f240c6725 | 2012-04-11 23:00:02.135612+00

If user "foo" ever got access to the database, she could quickly discover that
user "bar" has the same password and thus be able to exploit the account. Not
a great idea. So we need to modify the C<insert_user()> and C<change_pass()>
functions to fix that. How? we'll use
L<C<pgcrypto>|http://www.postgresql.org/docs/current/static/pgcrypto.html>'s
C<crypt()> function to encrypt passwords with a salt, so that they're all
unique. We just add a step to add C<pgcrypto> to the database, and then we can
use it. The deploy script should be:

 CREATE EXTENSION pgcrypto;

And the revert script should just C<DROP EXTENSION pgcrypto>. Then we can use
it. But how to deploy the changes to C<insert_user()> and C<change_pass()>?

Normally, modifying functions in database changes is a PITA. You have to
take steps like these:

=over

=item 1.

Copy F<sql/deploy/insert_user.sql> to F<sql/deploy/insert_user_crypt.sql>.

=item 2.

Edit F<sql/deploy/insert_user_crypt.sql> to switch from C<MD5()> to C<crypt()>
and to add a dependency on the C<pgcrypto> step.

=item 3.

Copy F<sql/deploy/insert_user.sql> to F<sql/revert/insert_user_crypt.sql>.
Yes, copy the original change script to the new revert step.

=item 4.

Test the changes to make sure you can deploy and revert the
C<insert_user_crypt> step.

=item 5.

Now do the same for the C<change_pass> scripts.

=back

That doesn't seem I<too> bad. And you can do that with Sqitch, if you want.
But it makes for rather bad VCS management. This is effectively a one-line
change to each function, but we're copying their entire contents to new files.
Hell, the reversion script is I<identical> to the original deploy script.

Perhaps worse, though, is that it's much more difficult to look at changes in
the VCS. After committing the C<insert_user_crypt> step, what does the diff
look like?

  > git diff HEAD^
  diff --git a/sql/deploy/insert_user_crypt.sql b/sql/deploy/insert_user_crypt.sql
  new file mode 100644
  index 0000000..fa8d0c6
  --- /dev/null
  +++ b/sql/deploy/insert_user_crypt.sql
  @@ -0,0 +1,8 @@
  +-- requires: users, appuser, pgcrypto
  +
  +CREATE OR REPLACE FUNCTION insert_user(
  +    nickname TEXT,
  +    password TEXT
  +) RETURNS VOID LANGUAGE SQL AS $$
  +    INSERT INTO users values($1, crypt($2, gen_salt('md5')));
  +$$;
  diff --git a/sql/revert/insert_user_crypt.sql b/sql/revert/insert_user_crypt.sql
  new file mode 100644
  index 0000000..a7f4e31
  --- /dev/null
  +++ b/sql/revert/insert_user_crypt.sql
  @@ -0,0 +1,8 @@
  +-- requires: users, appuser
  +
  +CREATE OR REPLACE FUNCTION insert_user(
  +    nickname TEXT,
  +    password TEXT
  +) RETURNS VOID LANGUAGE SQL AS $$
  +    INSERT INTO users values($1, md5($2));
  +$$;

Oy. It looks like two new functions were added, not that we just changed one.
How annoying is that? Of course, if we know the history, we can diff things
without using the Git history, simply by comparing F<sql/deploy/insert_user.sql>
to F<sql/deploy/insert_user_crypt.sql>:

  > diff -u sql/deploy/insert_user.sql sql/deploy/insert_user_crypt.sql 
  --- sql/deploy/insert_user.sql	2012-04-09 14:15:55.000000000 -0700
  +++ sql/deploy/insert_user_crypt.sql	2012-04-11 16:27:18.000000000 -0700
  @@ -4,5 +4,5 @@
       nickname TEXT,
       password TEXT
   ) RETURNS VOID LANGUAGE SQL AS $$
  -    INSERT INTO users values($1, md5($2));
  +    INSERT INTO users values($1, crypt($2, gen_salt('md5')));
   $$;

That makes much more sense, but requires special knowledge to realize you
can't just C<git diff> to see what changed. Wouldn't it be great if we could
just make the change right in the file, commit it to the VCS, and have the
deployment and reversion "just work"?

=head2 It's a VCS

Sqitch can. Rather than take all the above steps, you can just modify
F<sql/deploy/insert_user.sql> and F<sql/deploy/change_padd.sql> I<in place>.
There is only one requirement for this: All changes to the deployment script,
including the original version, B<must be
L<idempotent|http://en.wikipedia.org/wiki/Idempotence>>. That is, the deploy
script can applied multiple times without changing the result beyond the
initial application. That's it, the only requirement.

Fortunately, our function deployment scripts are already idempotent, thanks to
the use of the C<OR REPLACE> expression. No matter how many times a deployment
script is run, he end result will be the same instance of the function, with
no duplicates or errors.

As a result, there is no need to explicitly add steps. So go ahead. Modify the
script to switch to C<crypt()>. Make this change to
F<sql/deploy/insert_user.sql>:

  @@ -1,8 +1,8 @@
  --- requires: users, appuser
  +-- requires: users, appuser, pgcrypto
 
   CREATE OR REPLACE FUNCTION insert_user(
       nickname TEXT,
       password TEXT
   ) RETURNS VOID LANGUAGE SQL AS $$
  -    INSERT INTO users values($1, md5($2));
  +    INSERT INTO users values($1, crypt($2, gen_salt('md5')));
   $$;

And make this change to F<sql/deploy/change_pass.sql>:

  @@ -1,4 +1,4 @@
  --- requires: users, appuser
  +-- requires: users, appuser, pgcrypto
 
   CREATE OR REPLACE FUNCTION change_pass(
       nick    TEXT,
  @@ -7,9 +7,9 @@ CREATE OR REPLACE FUNCTION change_pass(
   ) RETURNS BOOLEAN LANGUAGE plpgsql AS $$
   BEGIN
       UPDATE users
  -       SET password = md5($3)
  +       SET password = crypt($3, gen_salt('md5'))
        WHERE nickname = $1
  -       AND password = md5($2);
  +       AND password = crypt($2, password);
       RETURN FOUND;
   END;
   $$;

And then test deployment:

  > sqitch deploy --untracked
  Deploying HEAD+ to flipr_test
    - insert_user
    - change_pass

So, are the changes deployed?

  > psql -d flipr_test -c "
      DELETE FROM users;
      SELECT insert_user('foo', 'secr3t'), insert_user('bar', 'secr3t');
      SELECT * FROM users;
  "
   nickname |              password              |           timestamp           
  ----------+------------------------------------+-------------------------------
   foo      | $1$l6OEKyF3$kv5ae7505ROub75d9QKTh/ | 2012-04-12 18:55:43.422211+00
   bar      | $1$J4NJDgaJ$578i9Lt6b8ohJwi6WhNNO1 | 2012-04-12 18:55:43.422211+00

Awesome, the stored passwords are different now. But can we revert, even
though we haven't written any reversion scripts?

  > sqitch revert --to HEAD
  Reverting HEAD+ from flipr_test
    - change_pass
    - insert_user

Did that work, are the C<MD5()> passwords back?

  > psql -d flipr_test -c "
      DELETE FROM users;
      SELECT insert_user('foo', 'secr3t'), insert_user('bar', 'secr3t');
      SELECT * FROM users;
  "
   nickname |             password             |           timestamp           
  ----------+----------------------------------+-------------------------------
   foo      | 9695da4dd567a19f9b92065f240c6725 | 2012-04-12 18:56:03.292423+00
   bar      | 9695da4dd567a19f9b92065f240c6725 | 2012-04-12 18:56:03.292423+00

Yes, it works! How, you ask? Simple. Because Sqitch uses your VCS history to
determine what steps to deploy, it can tell that the C<insert_user()> and
C<change_pass()> scripts have changed, and just deploy the new version. When
you revert, it simply retrieves the old version from the history and applies
C<that>, instead. And that should underscore the importance of the idempotence
of in-place modifications to change scripts. Because if the reversion had
failed, or left the newer version still in place, it simply would not work.

This is a valuable feature, and certainly keeps the VCS history cleaner, so
that it's easier to tell what changed in our database functions in a given
commit. But you do have to use it with care. If you have any doubts about
changing something in place, or risk orphaning some object, use the
copy-and-paste approach instead.

So let's go ahead and commit these changes and bring the database up-to-date:

  > git commit -m 'Use pgcrypto to encrypt passwords.'
  [master eea942d] Use pgcrypto to encrypt passwords.
   2 files changed, 3 insertions(+), 3 deletions(-)

  > sqitch deploy
  Deploying eea942d to flipr_test
    - insert_user
    - change_pass

  > sqitch -d flipr_test status
  # On database flipr_test
  # Tag:  eea942d
  # Step: change_pass
  # Date: 2012-04-12 18:59:26
  #
  Nothing to deploy (up-to-date)

=head2 What about Bundling?

Of course, this only works if Sqitch is using the VCS history to fetch earlier
versions of deployment scripts to do reversions. Such are obviously not
available in a distributed bundle. Or are they? Let's create a new release and
find out. Let's tag a C<v1.0.0-b1> release and create a new bundle:

  > git tag v1.0.0-b1 -am 'Tag v1.0.0-b1'
  > sqitch bundle --tags-only
  Bundling in bundle/
  Config written to bundle/sqitch.ini
  Bundling v1.0.0-dev1
    - appuser
    - users
    - change_pass
    - insert_user
  Bundling lists
    - insert_list
    - delete_list
  Bundling flips
    - insert_flip
    - delete_flip
  Bundling v1.0.0-b1
    - change_pass_v2
    - insert_user_v2
  Plan written to bundle/sqitch.plan

Hey, look, the C<change_pass> and C<insert_user> steps are listed twice, but
in the second instance, they have C<_v2> appended to their names. Let's have
a look at the plan:

  > cd bundle
  > cat sqitch.plan
  [v1.0.0-dev1]
    appuser
    users
    change_pass
    insert_user

  [lists]
    insert_list
    delete_list

  [flips]
    insert_flip
    delete_flip

  [v1.0.0-b1]
    change_pass_v2
    insert_user_v2

Well that looks pretty much just like the output of the bundling. What if we
deploy it to the C<flip_prod> database, which we built to C<v1.0.0-dev1>
earlier. Here's what it looks like before we deploy the latest changes:

  > sqitch -d flipr_prod status
  # On database flipr_prod
  # Tag:  v1.0.0-dev1
  # Step: change_pass
  # Date: 2012-04-09 22:17:38
  #
  # Changes not deployed:
  # * lists
  #   insert_list
  #   delete_list
  # * flips
  #   insert_flip
  #   delete_flip
  # * v1.0.0-b1
  #   change_pass_v2
  #   insert_user_v2
  #
  Use "sqitch deploy" to deploy these changes

So, let's deploy.

  > sqitch -d flipr_prod deploy
  Deploying lists to flipr_prod
    - insert_list
    - delete_list
  Deploying flips to flipr_prod
    - insert_flip
    - delete_flip
  Deploying v1.0.0-b1 to flipr_prod
    - change_pass_v2
    - insert_user_v2

And now the status is:

  > sqitch -d flipr_prod status
  # On database flipr_prod
  # Tag:  v1.0.0-dev1
  # Step: insert_user_v2
  # Date: 2012-04-12 19:14:34
  #
  Nothing to deploy (up-to-date)

All up-to-date. If necessary, we can also revert:

  > sqitch -d flipr_prod revert --to flips
  Reverting v1.0.0-b1 from flipr_prod
    - insert_user_v2
    - change_pass_v2

  > sqitch -d flipr_prod status
  # On database flipr_prod
  # Tag:  flips
  # Step: delete_flip
  # Date: 2012-04-12 19:14:29
  #
  # Changes not deployed:
  # * v1.0.0-b1
  #   change_pass_v2
  #   insert_user_v2
  #
  Use "sqitch deploy" to deploy these changes

Nice, it just works! How? The secret is that, while the VCS history is not
available when deploying from this plan, it was certainly available when the
plan was I<written>. When we ran C<sqitch bundle>, Sqitch fetched all versions
of the deployment scripts from the repository and wrote them out I<as they
existed at the time of each tag>. In other words,
F<sql/deploy/insert_user.sql> was written to the bundle as it existed at the
time of the C<v1.0.0-dev1> tag, and F<sql/deploy/insert_user_v2.sql> was
written as a copy of F<sql/deploy/insert_user.sql> at the time of the
C<v1.0.0-b1> tag.

Put another way: when bundling the changes and writing the plan, Sqitch copied
the entire migration script for each step in time, just as if you had
duplicated code in new migration scripts the old-fashioned way. So you get the
benefit of exploiting the VCS history in you development practices, while
still getting the benefits of explicit, separate steps in the distribution
you ship.