Deployment Pipeline Design

1---
2name: deployment-pipeline-design
3description: Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use when architecting deployment workflows, setting up continuous delivery, or implementing GitOps practices.
4---
5 
6# Deployment Pipeline Design
7 
8Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
9 
10## Do not use this skill when
11 
12- The task is unrelated to deployment pipeline design
13- You need a different domain or tool outside this scope
14 
15## Instructions
16 
17- Clarify goals, constraints, and required inputs.
18- Apply relevant best practices and validate outcomes.
19- Provide actionable steps and verification.
20- If detailed examples are required, open `resources/implementation-playbook.md`.
21 
22## Purpose
23 
24Design robust, secure deployment pipelines that balance speed with safety through proper stage organization and approval workflows.
25 
26## Use this skill when
27 
28- Design CI/CD architecture
29- Implement deployment gates
30- Configure multi-environment pipelines
31- Establish deployment best practices
32- Implement progressive delivery
33 
34## Pipeline Stages
35 
36### Standard Pipeline Flow
37 
38```
39┌─────────┐   ┌──────┐   ┌─────────┐   ┌────────┐   ┌──────────┐
40│  Build  │ → │ Test │ → │ Staging │ → │ Approve│ → │Production│
41└─────────┘   └──────┘   └─────────┘   └────────┘   └──────────┘
42```
43 
44### Detailed Stage Breakdown
45 
461. **Source** - Code checkout
472. **Build** - Compile, package, containerize
483. **Test** - Unit, integration, security scans
494. **Staging Deploy** - Deploy to staging environment
505. **Integration Tests** - E2E, smoke tests
516. **Approval Gate** - Manual approval required
527. **Production Deploy** - Canary, blue-green, rolling
538. **Verification** - Health checks, monitoring
549. **Rollback** - Automated rollback on failure
55 
56## Approval Gate Patterns
57 
58### Pattern 1: Manual Approval
59 
60```yaml
61# GitHub Actions
62production-deploy:
63  needs: staging-deploy
64  environment:
65    name: production
66    url: https://app.example.com
67  runs-on: ubuntu-latest
68  steps:
69    - name: Deploy to production
70      run: |
71        # Deployment commands
72```
73 
74### Pattern 2: Time-Based Approval
75 
76```yaml
77# GitLab CI
78deploy:production:
79  stage: deploy
80  script:
81    - deploy.sh production
82  environment:
83    name: production
84  when: delayed
85  start_in: 30 minutes
86  only:
87    - main
88```
89 
90### Pattern 3: Multi-Approver
91 
92```yaml
93# Azure Pipelines
94stages:
95- stage: Production
96  dependsOn: Staging
97  jobs:
98  - deployment: Deploy
99    environment:
100      name: production
101      resourceType: Kubernetes
102    strategy:
103      runOnce:
104        preDeploy:
105          steps:
106          - task: ManualValidation@0
107            inputs:
108              notifyUsers: 'team-leads@example.com'
109              instructions: 'Review staging metrics before approving'
110```
111 
112**Reference:** See `assets/approval-gate-template.yml`
113 
114## Deployment Strategies
115 
116### 1. Rolling Deployment
117 
118```yaml
119apiVersion: apps/v1
120kind: Deployment
121metadata:
122  name: my-app
123spec:
124  replicas: 10
125  strategy:
126    type: RollingUpdate
127    rollingUpdate:
128      maxSurge: 2
129      maxUnavailable: 1
130```
131 
132**Characteristics:**
133- Gradual rollout
134- Zero downtime
135- Easy rollback
136- Best for most applications
137 
138### 2. Blue-Green Deployment
139 
140```yaml
141# Blue (current)
142kubectl apply -f blue-deployment.yaml
143kubectl label service my-app version=blue
144 
145# Green (new)
146kubectl apply -f green-deployment.yaml
147# Test green environment
148kubectl label service my-app version=green
149 
150# Rollback if needed
151kubectl label service my-app version=blue
152```
153 
154**Characteristics:**
155- Instant switchover
156- Easy rollback
157- Doubles infrastructure cost temporarily
158- Good for high-risk deployments
159 
160### 3. Canary Deployment
161 
162```yaml
163apiVersion: argoproj.io/v1alpha1
164kind: Rollout
165metadata:
166  name: my-app
167spec:
168  replicas: 10
169  strategy:
170    canary:
171      steps:
172      - setWeight: 10
173      - pause: {duration: 5m}
174      - setWeight: 25
175      - pause: {duration: 5m}
176      - setWeight: 50
177      - pause: {duration: 5m}
178      - setWeight: 100
179```
180 
181**Characteristics:**
182- Gradual traffic shift
183- Risk mitigation
184- Real user testing
185- Requires service mesh or similar
186 
187### 4. Feature Flags
188 
189```python
190from flagsmith import Flagsmith
191 
192flagsmith = Flagsmith(environment_key="API_KEY")
193 
194if flagsmith.has_feature("new_checkout_flow"):
195    # New code path
196    process_checkout_v2()
197else:
198    # Existing code path
199    process_checkout_v1()
200```
201 
202**Characteristics:**
203- Deploy without releasing
204- A/B testing
205- Instant rollback
206- Granular control
207 
208## Pipeline Orchestration
209 
210### Multi-Stage Pipeline Example
211 
212```yaml
213name: Production Pipeline
214 
215on:
216  push:
217    branches: [ main ]
218 
219jobs:
220  build:
221    runs-on: ubuntu-latest
222    steps:
223      - uses: actions/checkout@v4
224      - name: Build application
225        run: make build
226      - name: Build Docker image
227        run: docker build -t myapp:${{ github.sha }} .
228      - name: Push to registry
229        run: docker push myapp:${{ github.sha }}
230 
231  test:
232    needs: build
233    runs-on: ubuntu-latest
234    steps:
235      - name: Unit tests
236        run: make test
237      - name: Security scan
238        run: trivy image myapp:${{ github.sha }}
239 
240  deploy-staging:
241    needs: test
242    runs-on: ubuntu-latest
243    environment:
244      name: staging
245    steps:
246      - name: Deploy to staging
247        run: kubectl apply -f k8s/staging/
248 
249  integration-test:
250    needs: deploy-staging
251    runs-on: ubuntu-latest
252    steps:
253      - name: Run E2E tests
254        run: npm run test:e2e
255 
256  deploy-production:
257    needs: integration-test
258    runs-on: ubuntu-latest
259    environment:
260      name: production
261    steps:
262      - name: Canary deployment
263        run: |
264          kubectl apply -f k8s/production/
265          kubectl argo rollouts promote my-app
266 
267  verify:
268    needs: deploy-production
269    runs-on: ubuntu-latest
270    steps:
271      - name: Health check
272        run: curl -f https://app.example.com/health
273      - name: Notify team
274        run: |
275          curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
276            -d '{"text":"Production deployment successful!"}'
277```
278 
279## Pipeline Best Practices
280 
2811. **Fail fast** - Run quick tests first
2822. **Parallel execution** - Run independent jobs concurrently
2833. **Caching** - Cache dependencies between runs
2844. **Artifact management** - Store build artifacts
2855. **Environment parity** - Keep environments consistent
2866. **Secrets management** - Use secret stores (Vault, etc.)
2877. **Deployment windows** - Schedule deployments appropriately
2888. **Monitoring integration** - Track deployment metrics
2899. **Rollback automation** - Auto-rollback on failures
29010. **Documentation** - Document pipeline stages
291 
292## Rollback Strategies
293 
294### Automated Rollback
295 
296```yaml
297deploy-and-verify:
298  steps:
299    - name: Deploy new version
300      run: kubectl apply -f k8s/
301 
302    - name: Wait for rollout
303      run: kubectl rollout status deployment/my-app
304 
305    - name: Health check
306      id: health
307      run: |
308        for i in {1..10}; do
309          if curl -sf https://app.example.com/health; then
310            exit 0
311          fi
312          sleep 10
313        done
314        exit 1
315 
316    - name: Rollback on failure
317      if: failure()
318      run: kubectl rollout undo deployment/my-app
319```
320 
321### Manual Rollback
322 
323```bash
324# List revision history
325kubectl rollout history deployment/my-app
326 
327# Rollback to previous version
328kubectl rollout undo deployment/my-app
329 
330# Rollback to specific revision
331kubectl rollout undo deployment/my-app --to-revision=3
332```
333 
334## Monitoring and Metrics
335 
336### Key Pipeline Metrics
337 
338- **Deployment Frequency** - How often deployments occur
339- **Lead Time** - Time from commit to production
340- **Change Failure Rate** - Percentage of failed deployments
341- **Mean Time to Recovery (MTTR)** - Time to recover from failure
342- **Pipeline Success Rate** - Percentage of successful runs
343- **Average Pipeline Duration** - Time to complete pipeline
344 
345### Integration with Monitoring
346 
347```yaml
348- name: Post-deployment verification
349  run: |
350    # Wait for metrics stabilization
351    sleep 60
352 
353    # Check error rate
354    ERROR_RATE=$(curl -s "$PROMETHEUS_URL/api/v1/query?query=rate(http_errors_total[5m])" | jq '.data.result[0].value[1]')
355 
356    if (( $(echo "$ERROR_RATE > 0.01" | bc -l) )); then
357      echo "Error rate too high: $ERROR_RATE"
358      exit 1
359    fi
360```
361 
362## Reference Files
363 
364- `references/pipeline-orchestration.md` - Complex pipeline patterns
365- `assets/approval-gate-template.yml` - Approval workflow templates
366 
367## Related Skills
368 
369- `github-actions-templates` - For GitHub Actions implementation
370- `gitlab-ci-patterns` - For GitLab CI implementation
371- `secrets-management` - For secrets handling
372