Deployment Rules
Pre-Deploy Checklist
- Tests passing in CI — never deploy with failing tests
- Environment variables set in target — missing secrets cause silent failures
- Database migrations run before code deploy — new code expecting new schema fails
- Rollback plan ready — know exactly how to revert before you need to
Deployment Strategies
- Rolling: update instances one by one — safe, slower, no extra resources
- Blue-green: full parallel environment, instant switch — fast rollback, 2x resources
- Canary: route percentage to new version — catch issues early, complex routing
- Choose based on risk tolerance and resources — no universal best
Zero-Downtime Deploys
- Health checks must pass before traffic routes — unhealthy instances stay out
- Graceful shutdown: finish in-flight requests before terminating
- Database changes must be backwards compatible — old code still running during deploy
- Session handling: sticky sessions or external session store — don't lose user state
CI/CD Pipeline
- Build once, deploy everywhere — same artifact to staging and prod
- Cache dependencies between builds — save minutes per deploy
- Parallel steps where possible — tests, linting, security scans
- Fail fast: quick checks first — don't wait for slow tests to catch typos
- Pin action versions with SHA — tags can change unexpectedly
Environment Management
- Staging mirrors prod — different configs cause "works in staging" bugs
- Secrets in secret manager, not environment files — rotation without redeploy
- Feature flags decouple deploy from release — ship dark, enable later
- Config as code in version control — except secrets
Database Migrations
- Migrations must be backwards compatible during deploy window
- Add columns nullable first, then backfill, then add constraint
- Never rename columns in one step — add new, migrate data, remove old
- Test migrations on prod-size data — 10 rows is fast, 10 million isn't
- Rollback script for every migration
Rollback
- Automated rollback on health check failure
- Keep previous version artifacts available — can't rollback what you deleted
- Database rollbacks are hard — design migrations to not need them
- Feature flags for instant rollback of functionality without deploy
- Document rollback procedure — panic time is not learning time
Monitoring Post-Deploy
- Watch error rates for 15 minutes after deploy — most issues surface quickly
- Compare key metrics to pre-deploy baseline
- Alerting on anomalies: latency spike, error rate increase
- Log correlation: trace requests through systems
- User-facing smoke tests after deploy
Platform-Specific
Containers
- Image tagged with git SHA — know exactly what's running
- Health check endpoint that verifies dependencies
- Resource limits set — prevent runaway containers
Serverless
- Cold start optimization — keep bundles small
- Provisioned concurrency for latency-sensitive paths
- Timeout set appropriately — default is often too short
Static Sites
- CDN cache invalidation after deploy
- Immutable assets with content hashes — cache forever
- Preview deploys for PRs
Common Mistakes
- Deploying Friday afternoon — issues surface when nobody's watching
- No rollback plan — hoping nothing goes wrong isn't a strategy
- Mixing code and migration deploys — one thing at a time
- Manual deploy steps — if it's not automated, it's wrong sometimes
- Deploying without monitoring — you won't know it's broken until users complain