Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

โ€œInvest in yourself โ€” your confidence is always worth it.โ€

Explore Cosmetic Hospitals

Start your journey today โ€” compare options in one place.

Software Delivery Workflow Master Tutorial

From Beginner to Advanced: A Complete One-Stop Guide to Delivering Software Safely, Fast, and Reliably


1. What is software delivery workflow?

A software delivery workflow is the complete process used to move software from an idea to users.

It includes:

  • planning
  • design
  • coding
  • source control
  • branching
  • review
  • testing
  • security
  • build
  • packaging
  • artifact storage
  • environment promotion
  • deployment
  • release
  • monitoring
  • rollback
  • incident response
  • continuous improvement

Simple definition:

Software delivery workflow is the controlled path from idea to production.

It is not only CI/CD.
It is not only Git.
It is not only deployment.
It is not only DevOps.

It is the full operating system of engineering delivery.


2. The software delivery journey

flowchart LR
    A[Idea / Requirement / Bug] --> B[Plan]
    B --> C[Design]
    C --> D[Code]
    D --> E[Review]
    E --> F[Test]
    F --> G[Build]
    G --> H[Secure]
    H --> I[Package]
    I --> J[Deploy]
    J --> K[Release]
    K --> L[Observe]
    L --> M[Learn]
    M --> A
Code language: CSS (css)

A weak team thinks delivery means:

Developer writes code โ†’ deploy to server

A mature team thinks delivery means:

Idea โ†’ code โ†’ review โ†’ test โ†’ secure โ†’ package โ†’ deploy โ†’ observe โ†’ recover โ†’ improve

That mindset shift is the whole game.


3. Software delivery vs deployment vs release

These three are often confused.

TermMeaningExample
DeliveryEntire path from idea to user valueRequirement to production outcome
DeploymentInstalling/running a new version in an environmentNew container image deployed to Kubernetes
ReleaseMaking functionality available to usersFeature flag enabled for customers

Important:

Deployment does not always mean release.
Release does not always require new deployment.
Code language: JavaScript (javascript)

Example:

Monday: deploy code with feature flag OFF.
Wednesday: enable feature flag for internal users.
Friday: enable feature flag for 100% customers.
Code language: HTTP (http)

That is excellent modern delivery because it separates technical deployment from business release.


4. The big picture delivery model

flowchart TD
    A[Business Need] --> B[Product Backlog]
    B --> C[Engineering Planning]
    C --> D[Architecture / Design]
    D --> E[Development]
    E --> F[Source Control]
    F --> G[Pull Request / Merge Request]
    G --> H[CI Pipeline]
    H --> I[Security and Quality Gates]
    I --> J[Build Artifact]
    J --> K[Artifact Registry]
    K --> L[Deploy to Dev]
    L --> M[Deploy to Staging]
    M --> N[Production Approval or Auto Promotion]
    N --> O[Production Deployment]
    O --> P[Release Control]
    P --> Q[Observability]
    Q --> R[Rollback or Improve]
Code language: CSS (css)

AWS Well-Architected DevOps Guidance describes the development lifecycle as a way to improve an organizationโ€™s ability to develop, review, build, and release workloads while improving delivery speed and deployment safety.


5. Why software delivery workflow matters

Poor delivery workflow creates:

  • slow releases
  • broken production
  • painful rollbacks
  • manual mistakes
  • unreviewed changes
  • security gaps
  • unclear ownership
  • environment drift
  • failed deployments
  • delayed customer value
  • fear of release

Good delivery workflow creates:

  • faster release cycles
  • safer production
  • better code quality
  • stronger auditability
  • less manual work
  • easier rollback
  • better developer confidence
  • clearer ownership
  • repeatable delivery
  • better customer outcomes

The heart of software delivery is this:

Move faster by reducing risk, not by ignoring risk.

6. The four pillars of software delivery

flowchart TD
    A[Software Delivery] --> B[Flow]
    A --> C[Quality]
    A --> D[Security]
    A --> E[Operability]

    B --> B1[Small batches, fast feedback, low waiting]
    C --> C1[Tests, reviews, standards, CI]
    D --> D1[Scanning, signing, provenance, policy]
    E --> E1[Monitoring, rollback, alerts, incident response]
Code language: CSS (css)
PillarQuestion it answers
FlowHow quickly can safe changes move?
QualityHow do we prevent defects?
SecurityHow do we prevent unsafe software from shipping?
OperabilityHow do we detect, recover, and learn?

7. Software delivery workflow maturity model

flowchart TD
    L1[Level 1: Manual delivery] --> L2[Level 2: Source control]
    L2 --> L3[Level 3: Pull requests]
    L3 --> L4[Level 4: CI checks]
    L4 --> L5[Level 5: Automated builds]
    L5 --> L6[Level 6: Automated deployments]
    L6 --> L7[Level 7: Security gates]
    L7 --> L8[Level 8: Progressive delivery]
    L8 --> L9[Level 9: Full observability and rollback]
    L9 --> L10[Level 10: Platform/self-service delivery]
Code language: CSS (css)
LevelBehaviorRisk
1Manual copy to serverExtreme
2Code in Git/SVNHigh
3PR reviewMedium
4Automated testsLower
5Repeatable buildLower
6Automated deployMedium-low
7Security and policy gatesLow
8Canary/blue-green/feature flagsLow
9Observability + rollbackVery low
10Self-service platform deliveryEnterprise-grade

GitLab describes CI/CD as a continuous method where teams build, test, deploy, and monitor iterative code changes, helping catch issues earlier and reduce the chance of building on failed previous versions.


8. The delivery workflow lifecycle

A complete delivery workflow has 14 stages.

flowchart TD
    A[1. Intake] --> B[2. Planning]
    B --> C[3. Design]
    C --> D[4. Development]
    D --> E[5. Source Control]
    E --> F[6. Review]
    F --> G[7. CI Validation]
    G --> H[8. Build]
    H --> I[9. Security]
    I --> J[10. Package]
    J --> K[11. Deploy]
    K --> L[12. Release]
    L --> M[13. Observe]
    M --> N[14. Improve]
Code language: CSS (css)

Each stage should have:

  • clear owner
  • clear input
  • clear output
  • clear automation
  • clear approval criteria
  • clear failure handling

9. Stage 1: Intake

Intake is where work enters the system.

Sources of work:

  • customer request
  • product requirement
  • bug report
  • security vulnerability
  • incident follow-up
  • platform improvement
  • technical debt
  • compliance requirement
  • performance issue
  • dependency update

Good intake captures

FieldWhy it matters
Problem statementPrevents solution-first work
User/customer impactClarifies priority
Business valueExplains why now
RiskHelps decide review level
Acceptance criteriaDefines done
OwnerPrevents orphan work
DeadlineReveals urgency
DependenciesAvoids surprise blockers

Bad intake

Fix login

Good intake

Users with expired sessions are redirected to a blank page.
Expected behavior: redirect to login page with a clear message.
Impact: affects around 8% of login attempts.
Acceptance criteria: expired sessions show login page; tests cover expired token flow.
Code language: JavaScript (javascript)

10. Stage 2: Planning

Planning converts raw work into deliverable slices.

Planning questions

  • What is the smallest valuable change?
  • Can this be split?
  • What is risky?
  • What needs design review?
  • What needs security review?
  • What needs database migration?
  • What needs release coordination?
  • What is the rollback path?

Delivery slicing

Bad:

Build complete billing system

Better:

1. Add billing tables
2. Add customer billing API
3. Add invoice generation
4. Add payment provider integration behind feature flag
5. Add internal admin UI
6. Enable for test users
7. Enable for all users
flowchart LR
    A[Big feature] --> B[Safe slice 1]
    A --> C[Safe slice 2]
    A --> D[Safe slice 3]
    A --> E[Safe slice 4]
    B --> F[Deliver gradually]
    C --> F
    D --> F
    E --> F
Code language: CSS (css)

11. Stage 3: Design

Design prevents expensive mistakes before coding.

Not every change needs a large design document. But risky changes need design clarity.

When design is needed

Change typeDesign needed?
Typo fixNo
Small bug fixUsually no
New APIYes
Database migrationYes
Authentication changeYes
Payment flowYes
Infrastructure architectureYes
Production traffic routingYes
Breaking changeYes
Multi-team dependencyYes

Lightweight design document

# Design: Payment Retry Workflow

## Problem
Payment gateway calls sometimes time out and are not retried.

## Goals
- Retry transient failures safely.
- Avoid duplicate charges.
- Add observability.

## Non-goals
- Replace payment provider.
- Redesign billing model.

## Proposed solution
- Add idempotency key.
- Retry timeout errors up to 3 times.
- Send failed attempts to dead-letter queue.

## Rollout
- Deploy behind feature flag.
- Enable for internal users.
- Enable 10%, 50%, 100%.

## Rollback
- Disable feature flag.
- Revert retry configuration if needed.

## Risks
- Duplicate payment risk.
- Provider rate limit risk.

## Monitoring
- Retry count
- Payment success rate
- Duplicate charge alerts
Code language: PHP (php)

12. Stage 4: Development

Development should optimize for small, reviewable, testable changes.

Developer local workflow

flowchart TD
    A[Pull latest main] --> B[Create branch]
    B --> C[Make small change]
    C --> D[Run local tests]
    D --> E[Commit]
    E --> F[Push]
    F --> G[Open PR/MR]
Code language: CSS (css)

Local quality checks

Before pushing:

format
lint
unit tests
type checks
secret scan
build
basic smoke test

Example command sequence:

git checkout main
git pull --ff-only origin main
git checkout -b feature/payment-retry

make format
make lint
make test
make build

git add .
git commit -m "feat(payment): retry transient gateway timeouts"
git push -u origin feature/payment-retry
Code language: JavaScript (javascript)

13. Stage 5: Source control

Source control is the backbone of delivery.

It provides:

  • history
  • collaboration
  • review
  • traceability
  • rollback
  • branching
  • tagging
  • audit

Source control rules

RuleWhy
Use protected main branchPrevent unsafe changes
Require PR/MREnsure review
Require CIEnsure quality gate
Use meaningful commitsImprove traceability
Use tags for releasesEnable rollback and audit
Delete stale branchesReduce confusion
Never commit secretsPrevent security incidents

Recommended branch model

main
feature/*
bugfix/*
hotfix/*
release/* when needed

Recommended commit style

feat(scope): add user login
fix(scope): handle payment timeout
chore(scope): upgrade dependency
docs(scope): update runbook
Code language: HTTP (http)

14. Stage 6: Pull request / merge request

A PR/MR is not just a merge button. It is a quality gate.

flowchart TD
    A[Branch pushed] --> B[Open PR/MR]
    B --> C[Describe change]
    C --> D[Automated checks]
    C --> E[Human review]
    D --> F{Pass?}
    E --> G{Approved?}
    F -- No --> H[Fix]
    G -- No --> H
    H --> B
    F -- Yes --> I[Merge]
    G -- Yes --> I

Good PR includes

  • what changed
  • why it changed
  • how it was tested
  • screenshots/logs if useful
  • risk level
  • rollback plan
  • related ticket
  • migration notes
  • monitoring notes

PR template

## Summary

Explain what changed.

## Why

Explain the problem or goal.

## Changes

- Added:
- Changed:
- Removed:
- Fixed:

## Testing

- [ ] Unit tests
- [ ] Integration tests
- [ ] Manual test
- [ ] Staging validation

## Risk

Low / Medium / High

## Rollback

How can this be reverted, disabled, or rolled back?

## Monitoring

What metrics/logs/alerts should be checked?

## Checklist

- [ ] CI passed
- [ ] No secrets committed
- [ ] Docs updated
- [ ] Backward compatibility considered
- [ ] Rollback path known
Code language: PHP (php)

15. Stage 7: Continuous integration

Continuous integration validates every change before it enters the shared codebase.

A proper CI pipeline should answer:

Can this change safely join the main codebase?
Code language: JavaScript (javascript)
flowchart TD
    A[PR opened] --> B[Checkout code]
    B --> C[Install dependencies]
    C --> D[Format check]
    D --> E[Lint]
    E --> F[Unit tests]
    F --> G[Build]
    G --> H[Integration tests]
    H --> I[Security checks]
    I --> J{Pass?}
    J -- Yes --> K[Merge allowed]
    J -- No --> L[Merge blocked]

GitLab documentation describes pipelines as containing jobs grouped into stages, where later stages such as deploy can run only after earlier jobs such as compile and test complete successfully.


16. CI checks by repository type

Application repository

CheckPurpose
FormatStyle consistency
LintStatic mistakes
Type checkType safety
Unit testsLogic correctness
Integration testsComponent behavior
BuildPackage validity
Secret scanPrevent leaked credentials
Dependency scanDetect vulnerable packages
SASTDetect insecure code patterns
License scanAvoid legal risk

Terraform / IaC repository

CheckPurpose
terraform fmtFormatting
terraform validateValidate configuration
terraform planPreview infrastructure changes
TFLintBest practices
Checkov/tfsecSecurity misconfiguration
InfracostCost estimate
OPA/ConftestPolicy enforcement
Manual approvalProduction safety

Kubernetes repository

CheckPurpose
YAML lintSyntax
Helm lintChart quality
Kustomize buildRender validation
kubeconformKubernetes schema validation
OPA/Kyverno policyPolicy checks
Container scanImage vulnerability
Deployment dry-runAPI compatibility

17. Stage 8: Build

A build converts source code into a deployable artifact.

Artifacts include:

  • container image
  • JAR/WAR file
  • binary executable
  • npm package
  • Python wheel
  • mobile app package
  • Helm chart
  • Terraform module
  • static website bundle

Build rule

Build once. Promote the same artifact.

Bad:

Build separately for dev, staging, and production.

Good:

Build one immutable artifact and promote it through environments.
flowchart LR
    A[Source commit abc123] --> B[Build artifact]
    B --> C[Artifact registry]
    C --> D[Deploy dev]
    D --> E[Promote staging]
    E --> F[Promote production]
Code language: CSS (css)

Artifact metadata

Every artifact should know:

  • source commit SHA
  • branch
  • build ID
  • build timestamp
  • dependency versions
  • image digest
  • test result
  • security scan result
  • provenance data

18. Stage 9: Software supply-chain security

Modern software delivery must protect the path from source code to production.

Threats include:

  • malicious dependency
  • compromised build runner
  • leaked credentials
  • tampered artifact
  • unsafe CI/CD permissions
  • unreviewed workflow change
  • poisoned container base image
  • unsigned package
  • insecure deployment credentials

SLSA, or Supply-chain Levels for Software Artifacts, is a security framework and checklist of standards/controls designed to prevent tampering, improve integrity, and secure packages and infrastructure.

Supply-chain security flow

flowchart TD
    A[Source code] --> B[Review]
    B --> C[Trusted CI runner]
    C --> D[Build artifact]
    D --> E[Sign artifact]
    E --> F[Generate provenance]
    F --> G[Scan artifact]
    G --> H[Store in registry]
    H --> I[Deploy with verification]
Code language: CSS (css)

Security gates

GatePurpose
Secret scanningStop leaked keys
SASTFind insecure code
Dependency scanningFind vulnerable libraries
Container scanningFind image vulnerabilities
IaC scanningFind cloud misconfigurations
SBOMList software components
Artifact signingProve artifact integrity
ProvenanceProve where artifact came from
Policy-as-codeEnforce rules automatically

OpenSSF Scorecard is used to assess open-source project security practices and helps users reason about the trust, risk, and security posture of dependencies.


19. Stage 10: Packaging and artifact registry

After building, artifacts should be stored in a trusted registry.

Examples:

ArtifactRegistry
Container imageECR, GCR, GHCR, Docker registry
Java packageMaven repository
JavaScript packagenpm registry
Python packagePyPI/private index
Helm chartOCI registry/chart repository
BinaryArtifactory/Nexus/S3
Mobile buildApp Store/TestFlight/Play Console

Artifact rules

  • Artifacts are immutable.
  • Production deploys use versioned artifacts.
  • Never deploy from a developer laptop.
  • Never rebuild differently per environment.
  • Never use only latest for production.
  • Store provenance and scan results.

20. Stage 11: Environments

Environments are controlled places where software runs.

Common environments:

local
development
test
integration
staging
pre-production
production
disaster recovery

Environment purpose

EnvironmentPurpose
LocalDeveloper testing
DevEarly integration
TestAutomated validation
IntegrationCross-service testing
StagingProduction-like validation
Pre-prodFinal release rehearsal
ProductionReal users
DRDisaster recovery readiness

Environment principle

The closer an environment is to production, the stricter the rules.
flowchart LR
    A[Local] --> B[Dev]
    B --> C[Test]
    C --> D[Staging]
    D --> E[Production]
Code language: CSS (css)

21. Environment drift

Environment drift happens when environments are not equivalent enough.

Examples:

  • staging uses different database version
  • production has manual config
  • dev has missing feature flags
  • staging uses fake IAM permissions
  • production has different infrastructure
  • manual hotfix exists only in prod

Drift prevention

PracticeBenefit
Infrastructure as CodeRepeatable infra
Configuration as CodeTrack config changes
GitOpsGit as desired state
Immutable artifactsSame build everywhere
Automated deploymentReduce manual changes
Environment parity checksDetect drift
Policy-as-codeEnforce consistency

22. Stage 12: Deployment

Deployment means placing a version into an environment.

Deployment can be:

  • manual
  • scripted
  • CI/CD automated
  • GitOps pull-based
  • platform self-service
  • progressive/canary

Deployment pipeline

flowchart TD
    A[Artifact selected] --> B[Pre-deploy checks]
    B --> C[Deploy]
    C --> D[Health checks]
    D --> E[Smoke tests]
    E --> F{Healthy?}
    F -- Yes --> G[Continue / promote]
    F -- No --> H[Rollback / halt]
Code language: PHP (php)

Deployment must include

  • artifact version
  • target environment
  • configuration
  • secrets reference
  • migration plan
  • health check
  • rollback plan
  • monitoring window

23. Deployment strategies

Different deployment strategies handle risk differently.

StrategyHow it worksBest for
RecreateStop old, start newNon-critical apps
RollingReplace instances graduallyStandard services
Blue-greenTwo environments; switch trafficFast rollback
CanarySmall traffic first, then expandRisky changes
ShadowMirror traffic without user impactValidation
A/BRoute users by experiment groupProduct experiments
Feature flagDeploy hidden, release laterDecoupled release
Progressive deliveryAutomated gradual rolloutMature teams

AWS describes advanced deployment strategies as ways to deploy and release features gradually, providing fast feedback that helps detect and resolve issues earlier during deployment.


24. Rolling deployment

Rolling deployment gradually replaces old instances with new ones.

flowchart LR
    A[Old v1: 100%] --> B[v1 75% / v2 25%]
    B --> C[v1 50% / v2 50%]
    C --> D[v1 25% / v2 75%]
    D --> E[New v2: 100%]
Code language: CSS (css)

Kubernetes documentation describes rolling updates as gradually replacing old Pods with new Pods, keeping the application available by sending traffic only to Pods that can handle requests.

Pros

  • simple
  • common default
  • less infrastructure needed
  • no full downtime if configured well

Cons

  • rollback can take time
  • old and new versions coexist
  • database compatibility matters
  • not ideal for highly risky changes

25. Blue-green deployment

Blue-green uses two production-like environments.

flowchart TD
    A[Users] --> B[Blue: current production]
    C[Green: new version] --> D[Validation]
    D --> E[Switch traffic to Green]
    A --> E
Code language: CSS (css)

Pros

  • fast rollback by switching traffic back
  • production-like validation
  • clean separation

Cons

  • more infrastructure cost
  • database compatibility still hard
  • stateful services need care

Best for

  • critical services
  • major releases
  • high rollback requirement
  • low tolerance for downtime

26. Canary deployment

Canary releases new software to a small percentage of users first.

flowchart LR
    A[1% traffic] --> B[5% traffic]
    B --> C[25% traffic]
    C --> D[50% traffic]
    D --> E[100% traffic]
Code language: CSS (css)

Canary checks

  • error rate
  • latency
  • saturation
  • business metrics
  • logs
  • traces
  • user complaints
  • payment success
  • login success
  • crash rate

Canary rule

If metrics get worse, stop rollout automatically.
Code language: JavaScript (javascript)

27. Feature flag release

Feature flags separate deployment from release.

flowchart TD
    A[Deploy code] --> B[Feature flag OFF]
    B --> C[Internal users]
    C --> D[Beta users]
    D --> E[10% users]
    E --> F[100% users]
    F --> G[Remove old flag]
Code language: CSS (css)

Feature flag types

TypePurpose
Release flagHide incomplete feature
Experiment flagA/B testing
Ops flagKill switch
Permission flagCustomer-specific access
Migration flagGradual backend switch

Feature flag rules

  • Every flag has an owner.
  • Every flag has an expiry date.
  • Critical flags are monitored.
  • Old flags are deleted.
  • Flag changes are auditable.
  • Flags should not become permanent chaos.

28. Stage 13: Release

Release is the moment software becomes available to users.

Release can happen through:

  • production deployment
  • feature flag enablement
  • config change
  • traffic shift
  • app store publication
  • package publishing
  • customer enablement

Release record

A release record should include:

Release version: v2.4.1
Commit SHA: abc1234
Artifact: payment-service@sha256:...
Build ID: build-9981
Environment: production
Deployed by: pipeline
Approved by: release manager
Time: 2026-07-07 14:30 JST
Rollback: deploy v2.4.0 or disable payment_retry flag

Release checklist

  • artifact built once
  • tests passed
  • security scans passed
  • migration plan ready
  • rollback plan ready
  • monitoring dashboard ready
  • alerts enabled
  • support team informed
  • release notes prepared
  • business owner approved, if needed

29. Release notes and changelog

Good release notes explain value and risk.

Internal release notes

# Release v2.4.1

## Summary
Adds retry handling for transient payment gateway timeouts.

## Changes
- Added idempotency key support.
- Added retry for timeout errors.
- Added payment retry metrics.

## Risk
Medium. Payment provider integration touched.

## Rollout
- Internal users first
- 10% customers
- 100% after 2 hours if metrics healthy

## Rollback
Disable `payment_retry_enabled` flag.

## Monitoring
- payment_success_rate
- payment_duplicate_count
- payment_gateway_timeout_count
Code language: PHP (php)

Customer-facing release notes

We improved payment reliability by adding safer retry handling for temporary gateway timeouts.

30. Stage 14: Observability

Observability answers:

Is the software working correctly for users right now?

Observability includes:

  • metrics
  • logs
  • traces
  • events
  • alerts
  • dashboards
  • synthetic checks
  • real-user monitoring
  • business KPIs

Delivery observability flow

flowchart TD
    A[Deploy] --> B[Health checks]
    B --> C[Metrics]
    B --> D[Logs]
    B --> E[Traces]
    C --> F[Dashboard]
    D --> F
    E --> F
    F --> G{Healthy?}
    G -- Yes --> H[Continue rollout]
    G -- No --> I[Rollback or pause]
Code language: PHP (php)

Golden signals

SignalMeaning
LatencyIs it slow?
TrafficIs demand normal?
ErrorsIs it failing?
SaturationIs capacity exhausted?

Business signals

SystemBusiness metric
Loginlogin success rate
Paymentpayment success rate
Searchresult success rate
Messagingdelivery success
Ecommercecheckout conversion
APIsuccessful requests

31. Rollback and recovery

Every delivery workflow must know how to recover.

Rollback options:

MethodBest for
Disable feature flagBad feature behavior
Redeploy previous artifactBad deployment
Revert commitBad code change
Roll back configBad configuration
Roll forwardSmall fix safer than rollback
Restore backupData loss or corruption
Traffic shift backBlue-green/canary failure
flowchart TD
    A[Production issue detected] --> B{Feature flag?}
    B -- Yes --> C[Disable flag]
    B -- No --> D{Bad artifact?}
    D -- Yes --> E[Redeploy previous artifact]
    D -- No --> F{Bad commit?}
    F -- Yes --> G[Revert commit]
    F -- No --> H{Database issue?}
    H -- Yes --> I[Fix forward / restore / migration rollback]
    H -- No --> J[Incident response]

Rollback rule

A deployment is not ready if rollback is unknown.

32. Database delivery workflow

Databases make delivery harder because data changes are not always reversible.

Safe database pattern

Expand โ†’ Migrate โ†’ Contract
flowchart LR
    A[Expand schema] --> B[Deploy backward-compatible code]
    B --> C[Backfill data]
    C --> D[Switch reads/writes]
    D --> E[Contract old schema]
Code language: CSS (css)

Bad migration

ALTER TABLE users DROP COLUMN name;

Safer phased migration

  1. Add new column.
  2. Deploy app that writes old and new.
  3. Backfill existing data.
  4. Switch reads to new column.
  5. Wait and monitor.
  6. Remove old column later.

Database delivery checklist

  • Is it backward compatible?
  • Can old code still run?
  • Can new code run with old schema?
  • Is rollback possible?
  • Will it lock large tables?
  • Is backfill required?
  • Is data validation ready?
  • Are metrics and alerts ready?

33. Configuration and secrets workflow

Configuration should be controlled. Secrets should be protected.

Configuration examples

  • feature flags
  • timeout values
  • endpoint URLs
  • resource limits
  • scaling settings
  • logging levels
  • environment variables

Secret examples

  • passwords
  • API keys
  • certificates
  • private keys
  • database credentials
  • OAuth client secrets

Rules

ItemStore where?
Non-sensitive configGit, config repo, config service
Secret valuesSecret manager
Secret referencesGit allowed
Production credentialsSecret manager only
.env templatesGit allowed
Real .env filesDo not commit

34. Delivery workflow for microservices

Microservices multiply delivery complexity.

Problems:

  • service dependency mismatch
  • API compatibility
  • deployment ordering
  • shared database coupling
  • version drift
  • distributed tracing gaps
  • rollback complexity

Microservice delivery principles

PrincipleMeaning
Backward compatibilityNew service version should not break consumers
Contract testingAPIs must match expectations
Independent deployabilityOne service can deploy without full system deploy
ObservabilityTrace requests across services
Versioned APIsBreaking changes need controlled migration
Feature flagsAvoid synchronized big-bang release
flowchart TD
    A[Service A change] --> B[Contract tests]
    B --> C[Deploy Service A]
    C --> D[Monitor downstream errors]
    D --> E{Healthy?}
    E -- Yes --> F[Continue]
    E -- No --> G[Rollback / disable flag]
Code language: PHP (php)

35. Delivery workflow for monorepos

A monorepo has many projects in one repository.

repo/
  apps/
  services/
  packages/
  infra/
  docs/

Monorepo delivery needs

  • path-based CI
  • affected-project detection
  • CODEOWNERS
  • dependency graph
  • selective builds
  • test impact analysis
  • ownership rules
flowchart TD
    A[Commit in monorepo] --> B[Detect changed paths]
    B --> C[Find affected projects]
    C --> D[Run targeted tests]
    D --> E[Require owners]
    E --> F[Build affected artifacts]
    F --> G[Deploy only changed services]
Code language: CSS (css)

Monorepo anti-pattern

Every change runs every test and deploys every service.

That becomes slow and expensive fast.


36. Delivery workflow for Infrastructure as Code

Infrastructure delivery must be stricter than application delivery.

flowchart TD
    A[Infra change branch] --> B[Format and validate]
    B --> C[Plan]
    C --> D[Security scan]
    D --> E[Cost review]
    E --> F[Human approval]
    F --> G[Apply via pipeline]
    G --> H[Post-change validation]
Code language: CSS (css)

IaC delivery checklist

  • What resources change?
  • What resources are replaced?
  • Is anything destroyed?
  • What is the blast radius?
  • What is the cost impact?
  • What is the rollback?
  • Is production affected?
  • Is state safe?
  • Are secrets exposed?
  • Are security groups/IAM policies safe?

Dangerous plan keywords

destroy
forces replacement
public access
0.0.0.0/0
delete database
disable encryption
remove backup
replace cluster
Code language: JavaScript (javascript)

37. Delivery workflow for Kubernetes and GitOps

GitOps uses Git as the desired state.

flowchart LR
    A[App source repo] --> B[Build image]
    B --> C[Push image digest]
    C --> D[Update GitOps repo]
    D --> E[Argo CD / Flux sync]
    E --> F[Kubernetes cluster]
Code language: CSS (css)

GitOps rules

  • Git is the source of truth.
  • Cluster drift is corrected.
  • Changes go through PR.
  • Deployments are reproducible.
  • Rollback is Git revert or artifact rollback.
  • Images should be immutable.
  • Production changes must be reviewed.

Recommended GitOps layout

gitops/
  apps/
    auth/
    payment/
    notification/
  environments/
    dev/
    staging/
    production/
  platform/
    ingress/
    monitoring/
    security/

38. Delivery workflow for mobile apps

Mobile delivery has special constraints:

  • app store approval
  • staged rollout
  • device fragmentation
  • signing certificates
  • platform-specific builds
  • rollback is hard after users update
  • old versions remain in the wild

Mobile delivery flow

flowchart TD
    A[Feature branch] --> B[PR + CI]
    B --> C[Build signed app]
    C --> D[Internal testing]
    D --> E[TestFlight / Internal track]
    E --> F[App store review]
    F --> G[Staged rollout]
    G --> H[Crash monitoring]
    H --> I[Full rollout]
Code language: CSS (css)

Mobile delivery rules

  • Use release branches.
  • Tag shipped versions.
  • Keep crash monitoring strong.
  • Use remote config carefully.
  • Keep backward-compatible APIs.
  • Maintain old API support.
  • Treat signing keys as critical secrets.

39. Delivery workflow for libraries and SDKs

Libraries need version discipline.

Library delivery flow

flowchart TD
    A[Code change] --> B[Tests]
    B --> C[Compatibility check]
    C --> D[Version bump]
    D --> E[Changelog]
    E --> F[Tag release]
    F --> G[Publish package]
Code language: CSS (css)

Rules

  • Use Semantic Versioning.
  • Document breaking changes.
  • Maintain changelog.
  • Tag releases.
  • Run compatibility tests.
  • Publish signed packages if possible.
  • Support old major versions if needed.

40. DevSecOps workflow

DevSecOps means security is built into delivery, not bolted on at the end.

OWASPโ€™s DevSecOps Maturity Model is a project focused on improving security in software development using DevOps strategies.

flowchart TD
    A[Code] --> B[Secret scan]
    B --> C[SAST]
    C --> D[Dependency scan]
    D --> E[Container scan]
    E --> F[IaC scan]
    F --> G[Policy check]
    G --> H[Signed artifact]
    H --> I[Deploy]
Code language: CSS (css)

Security shift-left and shift-right

ApproachMeaning
Shift-leftFind issues earlier in development
Shift-rightDetect issues in runtime/production
Best approachDo both

Security controls by stage

StageSecurity control
Planningthreat modeling
Codesecure coding
PRsecurity review
CISAST, dependency scan
Buildtrusted builder
Artifactsigning, SBOM
Deploypolicy enforcement
Runtimemonitoring, detection

41. Approval workflow

Not every change needs the same approval.

Risk-based approval

Change typeApproval
Documentation typonormal review
Small bug fixone reviewer
Feature changeservice owner
Database migrationbackend/platform owner
Infrastructure changeplatform owner
Security-sensitive changesecurity owner
Production deploymentrelease owner or automation
Emergency hotfixincident commander/service owner
flowchart TD
    A[Change] --> B{Risk level?}
    B -- Low --> C[1 reviewer + CI]
    B -- Medium --> D[Owner review + CI]
    B -- High --> E[Owner + security/platform + approval]
    B -- Emergency --> F[Fast-track hotfix + post-review]

42. Manual vs automated gates

A mature workflow uses automation for repeatable checks and humans for judgment.

Gate typeBest for
Automated gatetests, scans, formatting, policy
Human gatedesign judgment, product risk, operational impact
Approval gateproduction release, compliance
Observability gatecanary promotion, rollback decision

Bad workflow:

Humans manually check everything.

Good workflow:

Automation checks everything predictable.
Humans review what requires judgment.

43. Delivery metrics

DORA identifies five software delivery performance metrics: deployment frequency, lead time for changes, change failure rate, failed deployment recovery time, and reliability; DORA describes these metrics as indicators of software delivery performance and organizational outcomes.

Key metrics

MetricMeaning
Deployment frequencyHow often production deployments happen
Lead time for changesTime from code committed to production
Change failure ratePercentage of changes causing failure
Failed deployment recovery timeTime to recover from failed deployment
ReliabilityAbility to meet availability/performance goals

Supporting metrics

MetricWhy it matters
PR cycle timeReview speed
Build durationCI feedback speed
Test flakinessPipeline trust
Rollback timeRecovery readiness
Defect escape rateQuality
Mean time to detectObservability strength
Incident countStability
Deployment success ratePipeline reliability

44. Delivery dashboards

A delivery dashboard should show:

Engineering flow

  • PRs open
  • PR age
  • build status
  • deployment frequency
  • lead time
  • release calendar

Quality

  • test pass rate
  • flaky tests
  • escaped defects
  • code coverage trend
  • failed deployments

Security

  • open critical vulnerabilities
  • secret scan failures
  • unsigned artifacts
  • dependency age
  • SBOM status

Operations

  • error rate
  • latency
  • saturation
  • availability
  • rollback events
  • incidents

45. Incident response in delivery workflow

Incidents are part of delivery. A mature workflow expects them.

flowchart TD
    A[Alert] --> B[Triage]
    B --> C[Incident declared]
    C --> D[Mitigate]
    D --> E[Rollback / hotfix / disable flag]
    E --> F[Monitor recovery]
    F --> G[Postmortem]
    G --> H[Action items]
    H --> I[Improve delivery workflow]
Code language: CSS (css)

Incident hotfix flow

sequenceDiagram
    participant Dev as Engineer
    participant Repo as Source Control
    participant CI as CI Pipeline
    participant Prod as Production

    Dev->>Repo: Create hotfix branch
    Dev->>Repo: Commit minimal fix
    Dev->>Repo: Open emergency PR
    CI->>Repo: Run critical checks
    Repo->>Prod: Deploy hotfix
    Prod->>Dev: Validate recovery
    Dev->>Repo: Tag patch release
Code language: JavaScript (javascript)

Incident rule

Hotfixes can be fast, but they must still be traceable.

46. Postmortem workflow

A postmortem should improve the system, not blame people.

Postmortem template

# Incident Postmortem

## Summary
What happened?

## Impact
Who was affected and how?

## Timeline
- Detection:
- Mitigation:
- Recovery:

## Root Cause
Technical and process causes.

## What went well
List positives.

## What went poorly
List gaps.

## Action items
| Action | Owner | Due date |
|---|---|---|

## Delivery workflow improvements
What should change in CI/CD, testing, rollout, monitoring, or rollback?
Code language: PHP (php)

47. The role of platform engineering

Platform engineering improves delivery by giving teams paved roads.

A paved road is a standard, supported way to deliver software safely.

Platform capabilities

CapabilityExample
Service templateStandard repo scaffold
CI/CD templateReusable pipeline
Deployment templateHelm/Kustomize/Terraform module
Observability templateDashboards and alerts
Security baselineScans and policies
Secret managementStandard integration
Runtime platformKubernetes/serverless
Developer portalSelf-service ownership and docs
flowchart TD
    A[Developer] --> B[Service template]
    B --> C[Standard CI]
    C --> D[Standard deployment]
    D --> E[Standard monitoring]
    E --> F[Production]
Code language: CSS (css)

Platform principle

Make the secure, reliable path the easiest path.

48. Software delivery workflow by team maturity

Beginner team

Use:

  • Git
  • feature branches
  • PR reviews
  • basic CI
  • manual staging deploy
  • manual production approval

Avoid:

  • complex Gitflow
  • too many environments
  • fragile automation
  • big-bang releases

Intermediate team

Use:

  • protected main
  • CI gates
  • automated builds
  • staging deployment
  • release tags
  • security scans
  • basic observability
  • rollback playbook

Advanced team

Use:

  • trunk-based development
  • feature flags
  • progressive delivery
  • GitOps
  • artifact signing
  • SBOM
  • canary analysis
  • automated rollback
  • platform templates

Enterprise team

Use:

  • risk-based approvals
  • policy-as-code
  • audit-ready release records
  • environment governance
  • developer portal
  • compliance evidence
  • DORA metrics
  • SLO-based release gates
  • supply-chain security

49. End-to-end workflow example: SaaS backend

flowchart TD
    A[Product ticket] --> B[Design if needed]
    B --> C[Feature branch]
    C --> D[Code + tests]
    D --> E[PR]
    E --> F[CI + security]
    F --> G[Merge to main]
    G --> H[Build container]
    H --> I[Push image]
    I --> J[Deploy staging]
    J --> K[Smoke test]
    K --> L[Canary production]
    L --> M[Monitor]
    M --> N[100% rollout]
Code language: CSS (css)

Recommended rules

main is always deployable
all changes via PR
CI required
image digest deployed
feature flags for risky features
canary for production
rollback plan required

50. End-to-end workflow example: Terraform infrastructure

flowchart TD
    A[Infra request] --> B[Design / architecture review]
    B --> C[Terraform branch]
    C --> D[fmt + validate]
    D --> E[Plan]
    E --> F[Security scan]
    F --> G[Cost review]
    G --> H[PR approval]
    H --> I[Merge]
    I --> J[Apply lower env]
    J --> K[Apply production with approval]
    K --> L[Validate infra]
Code language: CSS (css)

Required PR fields

plan summary
blast radius
security impact
cost impact
rollback plan
affected environments
expected downtime

51. End-to-end workflow example: Kubernetes GitOps

flowchart TD
    A[App PR merged] --> B[Build image]
    B --> C[Scan and sign image]
    C --> D[Update GitOps dev manifest]
    D --> E[Argo CD sync dev]
    E --> F[Promote same image to staging]
    F --> G[Promote same image to prod]
    G --> H[Observe rollout]
    H --> I[Rollback by Git revert if needed]
Code language: CSS (css)

Rules

  • GitOps repo changes require PR.
  • Use image digests, not mutable tags.
  • Environments are folders.
  • Production promotion requires approval or policy.
  • Argo/Flux reconciles desired state.
  • Rollback is revert or previous artifact.

52. End-to-end workflow example: enterprise release

flowchart TD
    A[Approved requirement] --> B[Design review]
    B --> C[Implementation]
    C --> D[PR + CI]
    D --> E[Security review]
    E --> F[Release branch]
    F --> G[QA validation]
    G --> H[Change approval]
    H --> I[Production deployment]
    I --> J[Release evidence archived]
    J --> K[Monitoring window]
Code language: CSS (css)

Required evidence

EvidencePurpose
ticketbusiness reason
PR approvalpeer review
CI logsquality proof
scan resultssecurity proof
release tagtraceability
approvalgovernance
deployment logoperational record
rollback planresilience

53. Common software delivery anti-patterns

Anti-pattern 1: Manual production deployment

SSH to server โ†’ copy file โ†’ restart service

Why it is bad:

  • no traceability
  • manual mistakes
  • hard rollback
  • no repeatability
  • no audit

Fix:

pipeline deployment with artifact version and rollback
Code language: JavaScript (javascript)

Anti-pattern 2: Rebuilding per environment

Bad:

build for dev
build again for staging
build again for prod

Fix:

build once, promote same artifact

Anti-pattern 3: Testing only after merge

Bad:

merge first, discover failure later

Fix:

CI before merge

Anti-pattern 4: Big-bang release

Bad:

3 months of work released all at once

Fix:

small batches, feature flags, progressive delivery

Anti-pattern 5: No rollback plan

Bad:

we will figure it out if production breaks

Fix:

rollback plan before deployment

Anti-pattern 6: Security at the end

Bad:

build everything, then ask security to approve

Fix:

security checks in every stage

Anti-pattern 7: Staging is not production-like

Bad:

staging passes, production fails because config/infrastructure differs

Fix:

environment parity and IaC

Anti-pattern 8: Ignoring flaky tests

Bad:

rerun until green

Fix:

fix or quarantine flaky tests with owner and deadline
Code language: JavaScript (javascript)

54. Delivery workflow checklists

Developer checklist

- Branch is up to date.
- Change is small.
- Tests added or updated.
- Local checks pass.
- Commit message is clear.
- PR explains why and risk.
- Rollback is known.
- No secrets committed.

Reviewer checklist

- Change solves the right problem.
- Code is simple and maintainable.
- Tests cover important behavior.
- Security impact considered.
- Backward compatibility considered.
- Observability considered.
- Rollback plan is reasonable.

Release checklist

- Correct artifact selected.
- Version/tag created.
- Tests passed.
- Scans passed.
- Migration plan ready.
- Rollback plan ready.
- Monitoring dashboard ready.
- On-call/support informed.

Production deployment checklist

- Deployment window confirmed if needed.
- Current production health is good.
- Rollout strategy selected.
- Alerts enabled.
- Smoke tests ready.
- Rollback command known.
- Owner watching deployment.
Code language: JavaScript (javascript)

55. Software delivery policy template

Use this as company policy.

Software Delivery Policy

1. All production software must be stored in source control.
2. All code changes must go through pull request or merge request review.
3. Main branch must be protected.
4. CI checks must pass before merge.
5. Build artifacts must be created by trusted CI/CD pipelines.
6. Artifacts must be versioned and traceable to source commits.
7. Security scans must run before production deployment.
8. Production deployments must use approved artifacts.
9. Secrets must never be stored in source control.
10. Database migrations must be backward-compatible or explicitly approved.
11. Production releases must have rollback plans.
12. Critical services must have monitoring and alerts.
13. Hotfixes must be traceable, even when expedited.
14. Release evidence must be retained for audit-critical systems.
15. Delivery metrics must be reviewed regularly.
Code language: PHP (php)

56. The ideal modern software delivery workflow

flowchart TD
    A[Idea / Ticket] --> B[Small delivery slice]
    B --> C[Design if risky]
    C --> D[Short-lived branch]
    D --> E[Code + tests]
    E --> F[Pull request]
    F --> G[CI: test, build, scan]
    G --> H{Pass + approved?}
    H -- No --> E
    H -- Yes --> I[Merge to protected main]
    I --> J[Build immutable artifact]
    J --> K[Sign + scan + store artifact]
    K --> L[Deploy to lower environment]
    L --> M[Automated validation]
    M --> N[Progressive production rollout]
    N --> O[Observe metrics]
    O --> P{Healthy?}
    P -- Yes --> Q[Complete release]
    P -- No --> R[Rollback / disable flag / fix forward]
    Q --> S[Measure and improve]
    R --> S
Code language: PHP (php)

57. The final one-page delivery model

1. Slice work small.
2. Design risky changes.
3. Use short-lived branches.
4. Require pull request review.
5. Run CI before merge.
6. Build once in trusted CI.
7. Scan and sign artifacts.
8. Store artifacts immutably.
9. Promote the same artifact.
10. Separate deployment from release.
11. Use feature flags for risk.
12. Use progressive rollout for production.
13. Observe every deployment.
14. Roll back quickly when needed.
15. Learn from every incident.
Code language: JavaScript (javascript)

58. Final wisdom

A beginner thinks software delivery is:

write code and deploy

A developer thinks software delivery is:

branch, PR, test, merge

A DevOps engineer thinks software delivery is:

pipeline, artifact, environment, deployment

A senior engineer thinks software delivery is:

safe, repeatable flow from idea to production
Code language: JavaScript (javascript)

An architect thinks software delivery is:

a socio-technical system that balances speed, quality, security, reliability, governance, and learning

The best software delivery workflow is not the one with the most tools.

The best workflow is the one where:

  • small changes move quickly
  • risky changes are controlled
  • quality is automated
  • security is built in
  • releases are traceable
  • rollback is boring
  • production is observable
  • teams learn continuously

Final principle:

Great software delivery is not about deploying faster.
It is about making safe delivery fast.

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services โ€” all in one place.

Explore Hospitals
Iโ€™m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at <a href="https://www.cotocus.com/">Cotocus</a>. I share tech blog at <a href="https://www.devopsschool.com/">DevOps School</a>, travel stories at <a href="https://www.holidaylandmark.com/">Holiday Landmark</a>, stock market tips at <a href="https://www.stocksmantra.in/">Stocks Mantra</a>, health and fitness guidance at <a href="https://www.mymedicplus.com/">My Medic Plus</a>, product reviews at <a href="https://www.truereviewnow.com/">TrueReviewNow</a> , and SEO strategies at <a href="https://www.wizbrand.com/">Wizbrand.</a> Do you want to learn <a href="https://www.quantumuting.com/">Quantum Computing</a>? <strong>Please find my social handles as below;</strong> <a href="https://www.rajeshkumar.xyz/">Rajesh Kumar Personal Website</a> <a href="https://www.youtube.com/TheDevOpsSchool">Rajesh Kumar at YOUTUBE</a> <a href="https://www.instagram.com/rajeshkumarin">Rajesh Kumar at INSTAGRAM</a> <a href="https://x.com/RajeshKumarIn">Rajesh Kumar at X</a> <a href="https://www.facebook.com/RajeshKumarLog">Rajesh Kumar at FACEBOOK</a> <a href="https://www.linkedin.com/in/rajeshkumarin/">Rajesh Kumar at LINKEDIN</a> <a href="https://www.wizbrand.com/rajeshkumar">Rajesh Kumar at WIZBRAND</a> <a href="https://www.rajeshkumar.xyz/dailylogs">Rajesh Kumar DailyLogs</a>

Related Posts

Branching Strategy Master Tutorial

From Beginner to Advanced: A Complete One-Stop Guide to Choosing, Designing, and Governing Branches 1. What is a branching strategy? A branching strategy is a teamโ€™s rulebook…

Read More

Source Control Branching Model Master Tutorial

From Beginner to Advanced: A Complete One-Stop Guide for Designing Branching Strategies 1. What is a source control branching model? A source control branching model is the…

Read More

Version Control Workflow Master Tutorial

A Complete One-Stop Guide from Beginner to Enterprise Architecture 1. What is a version control workflow? A version control workflow is the complete process a team follows…

Read More

Git Workflow Master Tutorial

From First Commit to Enterprise-Grade Delivery Best title:Git Workflow Master Guide: Branching Strategies, Pull Requests, Releases, CI/CD, and Team Governance 1. What is a Git workflow? A…

Read More

Why Every Business Website Needs Both Technical SEO and Content SEO

Many businesses once believed that publishing blog posts on end like a marathon would automatically skyrocket their Google rankings. They completely ignored the invisible architectural flaws that…

Read More

How Carrier Number Enrichment Fits Into a Modern Data Pipeline

Phone numbers flow through data pipelines as a string type. They get validated for format, stored, and passed downstream to dialers, CRMs, SMS platforms, and fraud detection…

Read More
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
0
Would love your thoughts, please comment.x
()
x