Description
I have found these related issues/pull requests
Somewhat related to #3061
Description
$ sqlx migrate run --help
Run all pending migrations
...
-D, --database-url <DATABASE_URL>
Location of the DB, by default will be read from the DATABASE_URL env var or `.env` files
...
sqlx cli reads DATABASE_URL
from .env
files implicitly which can be very dangerous and potentially destructive when running database commands against different environments (prod, staging, dev, etc.)
It is easy to accidentally run a migrate run/revert against a database that you did not intend to just by accidentally being in the wrong directory. Is it not sufficient for the developer to use something like dotenv
, foreman
, etc. like they normally do to explicitly load their .env
files into the environment when running sqlx commands? This is much safer and less surprising. "Principle of Least Surprise" and all that.
Reproduction steps
Run an sqlx migrate command whilst in a directory with a .env file pointing to a server different than the one you thought (maybe you just changed directories, or are working in a script).
SQLx version
sqlx-cli 0.7.4
Enabled SQLx features
"chrono", "postgres", "runtime-tokio"
Database server and version
PG 14
Operating system
macOS
Rust version
rustc 1.84.0 (9fc6b4312 2025-01-07)