refactor: consolidate Flyway migrations into single V001 baseline

Replace 14 incremental migrations (V001-V015) with a single V001__init.sql
representing the final schema. Tables that were created and later dropped
(environments, api_keys, apps, deployments) are excluded.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/main/resources/db/migration/V001__create_tenants.sql

@@ -1,17 +0,0 @@
-CREATE TABLE tenants (
-    id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    name            VARCHAR(255) NOT NULL,
-    slug            VARCHAR(100) NOT NULL UNIQUE,
-    tier            VARCHAR(20) NOT NULL DEFAULT 'LOW',
-    status          VARCHAR(20) NOT NULL DEFAULT 'PROVISIONING',
-    logto_org_id    VARCHAR(255),
-    stripe_customer_id     VARCHAR(255),
-    stripe_subscription_id VARCHAR(255),
-    settings        JSONB NOT NULL DEFAULT '{}',
-    created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    updated_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
-);
-
-CREATE INDEX idx_tenants_slug ON tenants (slug);
-CREATE INDEX idx_tenants_status ON tenants (status);
-CREATE INDEX idx_tenants_logto_org_id ON tenants (logto_org_id);

src/main/resources/db/migration/V001__init.sql

@@ -0,0 +1,95 @@
+-- Cameleer SaaS schema baseline
+-- Consolidated from V001-V015
+
+-- Tenants
+CREATE TABLE tenants (
+    id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    name            VARCHAR(255) NOT NULL,
+    slug            VARCHAR(100) NOT NULL,
+    tier            VARCHAR(20) NOT NULL DEFAULT 'LOW',
+    status          VARCHAR(20) NOT NULL DEFAULT 'PROVISIONING',
+    logto_org_id    VARCHAR(255),
+    stripe_customer_id     VARCHAR(255),
+    stripe_subscription_id VARCHAR(255),
+    settings        JSONB NOT NULL DEFAULT '{}',
+    server_endpoint VARCHAR(512),
+    provision_error TEXT,
+    db_password     VARCHAR(255),
+    ca_applied_at   TIMESTAMPTZ,
+    created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE UNIQUE INDEX tenants_slug_active_key ON tenants (slug) WHERE status != 'DELETED';
+CREATE INDEX idx_tenants_status ON tenants (status);
+CREATE INDEX idx_tenants_logto_org_id ON tenants (logto_org_id);
+
+-- Licenses
+CREATE TABLE licenses (
+    id          UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id   UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    tier        VARCHAR(20) NOT NULL,
+    features    JSONB NOT NULL DEFAULT '{}',
+    limits      JSONB NOT NULL DEFAULT '{}',
+    issued_at   TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    expires_at  TIMESTAMPTZ NOT NULL,
+    revoked_at  TIMESTAMPTZ,
+    token       TEXT NOT NULL,
+    created_at  TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_licenses_tenant_id ON licenses (tenant_id);
+CREATE INDEX idx_licenses_expires_at ON licenses (expires_at);
+
+-- Audit log
+CREATE TABLE audit_log (
+    id          UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    actor_id    UUID,
+    actor_email VARCHAR(255),
+    tenant_id   UUID,
+    action      VARCHAR(100)  NOT NULL,
+    resource    VARCHAR(500),
+    environment VARCHAR(50),
+    source_ip   VARCHAR(45),
+    result      VARCHAR(20)   NOT NULL DEFAULT 'SUCCESS',
+    metadata    JSONB,
+    created_at  TIMESTAMPTZ   NOT NULL DEFAULT now()
+);
+
+CREATE INDEX idx_audit_log_tenant ON audit_log (tenant_id, created_at DESC);
+CREATE INDEX idx_audit_log_actor ON audit_log (actor_id, created_at DESC);
+CREATE INDEX idx_audit_log_action ON audit_log (action, created_at DESC);
+
+-- Platform TLS certificates
+CREATE TABLE certificates (
+    id           UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    status       VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED', 'ARCHIVED')),
+    subject      VARCHAR(500),
+    issuer       VARCHAR(500),
+    not_before   TIMESTAMPTZ,
+    not_after    TIMESTAMPTZ,
+    fingerprint  VARCHAR(128),
+    has_ca       BOOLEAN NOT NULL DEFAULT FALSE,
+    self_signed  BOOLEAN NOT NULL DEFAULT FALSE,
+    uploaded_by  UUID,
+    created_at   TIMESTAMPTZ NOT NULL DEFAULT now(),
+    activated_at TIMESTAMPTZ,
+    archived_at  TIMESTAMPTZ
+);
+
+-- Per-tenant CA certificates
+CREATE TABLE tenant_ca_certs (
+    id         UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id  UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    status     VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED')),
+    label      VARCHAR(200),
+    subject    VARCHAR(500),
+    issuer     VARCHAR(500),
+    fingerprint VARCHAR(128),
+    not_before TIMESTAMPTZ,
+    not_after  TIMESTAMPTZ,
+    cert_pem   TEXT NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX idx_tenant_ca_certs_tenant ON tenant_ca_certs(tenant_id);

src/main/resources/db/migration/V002__create_licenses.sql

@@ -1,15 +0,0 @@
-CREATE TABLE licenses (
-    id          UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    tenant_id   UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
-    tier        VARCHAR(20) NOT NULL,
-    features    JSONB NOT NULL DEFAULT '{}',
-    limits      JSONB NOT NULL DEFAULT '{}',
-    issued_at   TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    expires_at  TIMESTAMPTZ NOT NULL,
-    revoked_at  TIMESTAMPTZ,
-    token       TEXT NOT NULL,
-    created_at  TIMESTAMPTZ NOT NULL DEFAULT NOW()
-);
-
-CREATE INDEX idx_licenses_tenant_id ON licenses (tenant_id);
-CREATE INDEX idx_licenses_expires_at ON licenses (expires_at);

src/main/resources/db/migration/V003__create_environments.sql

@@ -1,12 +0,0 @@
-CREATE TABLE environments (
-    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
-    slug VARCHAR(100) NOT NULL,
-    display_name VARCHAR(255) NOT NULL,
-    status VARCHAR(20) NOT NULL DEFAULT 'ACTIVE',
-    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    UNIQUE(tenant_id, slug)
-);
-
-CREATE INDEX idx_environments_tenant_id ON environments(tenant_id);

src/main/resources/db/migration/V004__create_api_keys.sql

@@ -1,12 +0,0 @@
-CREATE TABLE api_keys (
-    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    environment_id UUID NOT NULL REFERENCES environments(id) ON DELETE CASCADE,
-    key_hash VARCHAR(64) NOT NULL,
-    key_prefix VARCHAR(12) NOT NULL,
-    status VARCHAR(20) NOT NULL DEFAULT 'ACTIVE',
-    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-    revoked_at TIMESTAMPTZ
-);
-
-CREATE INDEX idx_api_keys_env ON api_keys(environment_id);
-CREATE INDEX idx_api_keys_hash ON api_keys(key_hash);

src/main/resources/db/migration/V005__create_apps.sql

@@ -1,18 +0,0 @@
-CREATE TABLE apps (
-    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    environment_id UUID NOT NULL REFERENCES environments(id) ON DELETE CASCADE,
-    slug VARCHAR(100) NOT NULL,
-    display_name VARCHAR(255) NOT NULL,
-    jar_storage_path VARCHAR(500),
-    jar_checksum VARCHAR(64),
-    jar_original_filename VARCHAR(255),
-    jar_size_bytes BIGINT,
-    exposed_port INTEGER,
-    current_deployment_id UUID,
-    previous_deployment_id UUID,
-    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    UNIQUE(environment_id, slug)
-);
-
-CREATE INDEX idx_apps_environment_id ON apps(environment_id);

src/main/resources/db/migration/V006__create_deployments.sql

@@ -1,16 +0,0 @@
-CREATE TABLE deployments (
-    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    app_id UUID NOT NULL REFERENCES apps(id) ON DELETE CASCADE,
-    version INTEGER NOT NULL,
-    image_ref VARCHAR(500) NOT NULL,
-    desired_status VARCHAR(20) NOT NULL DEFAULT 'RUNNING',
-    observed_status VARCHAR(20) NOT NULL DEFAULT 'BUILDING',
-    orchestrator_metadata JSONB DEFAULT '{}',
-    error_message TEXT,
-    deployed_at TIMESTAMPTZ,
-    stopped_at TIMESTAMPTZ,
-    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    UNIQUE(app_id, version)
-);
-
-CREATE INDEX idx_deployments_app_id ON deployments(app_id);

src/main/resources/db/migration/V007__create_audit_log.sql

@@ -1,17 +0,0 @@
-CREATE TABLE audit_log (
-    id          UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    actor_id    UUID,
-    actor_email VARCHAR(255),
-    tenant_id   UUID,
-    action      VARCHAR(100)  NOT NULL,
-    resource    VARCHAR(500),
-    environment VARCHAR(50),
-    source_ip   VARCHAR(45),
-    result      VARCHAR(20)   NOT NULL DEFAULT 'SUCCESS',
-    metadata    JSONB,
-    created_at  TIMESTAMPTZ   NOT NULL DEFAULT now()
-);
-
-CREATE INDEX idx_audit_log_tenant ON audit_log (tenant_id, created_at DESC);
-CREATE INDEX idx_audit_log_actor ON audit_log (actor_id, created_at DESC);
-CREATE INDEX idx_audit_log_action ON audit_log (action, created_at DESC);

src/main/resources/db/migration/V008__add_app_resource_limits.sql

@@ -1,2 +0,0 @@
-ALTER TABLE apps ADD COLUMN memory_limit VARCHAR(20);
-ALTER TABLE apps ADD COLUMN cpu_shares INTEGER;

src/main/resources/db/migration/V010__drop_migrated_tables.sql

@@ -1,7 +0,0 @@
--- V010__drop_migrated_tables.sql
--- Drop tables that have been migrated to cameleer3-server
-
-DROP TABLE IF EXISTS deployments CASCADE;
-DROP TABLE IF EXISTS apps CASCADE;
-DROP TABLE IF EXISTS environments CASCADE;
-DROP TABLE IF EXISTS api_keys CASCADE;

src/main/resources/db/migration/V011__add_provisioning_fields.sql

@@ -1,3 +0,0 @@
--- V011__add_provisioning_fields.sql
-ALTER TABLE tenants ADD COLUMN server_endpoint VARCHAR(512);
-ALTER TABLE tenants ADD COLUMN provision_error TEXT;

src/main/resources/db/migration/V012__create_certificates.sql

@@ -1,19 +0,0 @@
--- Certificate management: track platform TLS certs and CA bundles
-CREATE TABLE certificates (
-    id           UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    status       VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED', 'ARCHIVED')),
-    subject      VARCHAR(500),
-    issuer       VARCHAR(500),
-    not_before   TIMESTAMPTZ,
-    not_after    TIMESTAMPTZ,
-    fingerprint  VARCHAR(128),
-    has_ca       BOOLEAN NOT NULL DEFAULT FALSE,
-    self_signed  BOOLEAN NOT NULL DEFAULT FALSE,
-    uploaded_by  UUID,
-    created_at   TIMESTAMPTZ NOT NULL DEFAULT now(),
-    activated_at TIMESTAMPTZ,
-    archived_at  TIMESTAMPTZ
-);
-
--- Track when each tenant last picked up the CA bundle
-ALTER TABLE tenants ADD COLUMN ca_applied_at TIMESTAMPTZ;

src/main/resources/db/migration/V013__create_tenant_ca_certs.sql

@@ -1,16 +0,0 @@
--- Per-tenant CA certificates for enterprise SSO trust
-CREATE TABLE tenant_ca_certs (
-    id         UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    tenant_id  UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
-    status     VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED')),
-    label      VARCHAR(200),
-    subject    VARCHAR(500),
-    issuer     VARCHAR(500),
-    fingerprint VARCHAR(128),
-    not_before TIMESTAMPTZ,
-    not_after  TIMESTAMPTZ,
-    cert_pem   TEXT NOT NULL,
-    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
-);
-
-CREATE INDEX idx_tenant_ca_certs_tenant ON tenant_ca_certs(tenant_id);

src/main/resources/db/migration/V014__tenant_slug_partial_unique.sql

@@ -1,5 +0,0 @@
--- Replace absolute unique constraint on slug with partial unique index
--- that excludes DELETED tenants, allowing slug reuse after soft-delete.
-ALTER TABLE tenants DROP CONSTRAINT tenants_slug_key;
-DROP INDEX IF EXISTS idx_tenants_slug;
-CREATE UNIQUE INDEX tenants_slug_active_key ON tenants (slug) WHERE status != 'DELETED';

src/main/resources/db/migration/V015__add_tenant_db_password.sql

@@ -1 +0,0 @@
-ALTER TABLE tenants ADD COLUMN db_password VARCHAR(255);