Warning
🚧 Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.
Deploy Policy
Rules and procedures governing deployments to each environment.
Policy summary
| Environment | Who can deploy | When | Approval needed | Change ticket |
|---|---|---|---|---|
| Development | Any developer | Anytime | No | No |
| Staging | GitHub Actions (auto on merge) | Anytime | CI must pass | No |
| Production | GitHub Actions (manual trigger) | Maintenance window | Squad lead + change ticket | Yes |
Production deployment rules
- Change ticket first — open in ServiceNow at least 24h before (standard change) or immediately for emergency
- Maintenance window — deploy within the approved window (see Maintenance Windows)
- Staging validated — UAT sign-off must be recorded before production deploy
- Rollback plan — documented in the runbook and confirmed as viable
- Monitoring ready — alerts configured and squad on standby for 30min post-deploy
Rollback procedure
If a production deployment causes a P1/P2 incident:
# Option 1 — Revert to previous Git tag (preferred)
git revert HEAD
git push origin main
# This triggers the CI/CD pipeline with the reverted code
# Option 2 — Redeploy previous container image
gcloud run services update-traffic SERVICE_NAME \
--to-revisions PREVIOUS_REVISION=100 \
--region REGION- Execute rollback immediately — do not wait for diagnosis if users are impacted
- Open a P1 incident in ServiceNow
- After stabilization, conduct a postmortem
Emergency (hotfix) deploys
For urgent production fixes outside the maintenance window:
- Get CTO/CDO verbal approval
- Create a
hotfix/descriptionbranch from the current production tag - Fix, test, and get at least 1 peer review (async is acceptable for P1)
- Deploy using the normal pipeline with manual production approval
- Register an emergency change in ServiceNow retroactively
- Conduct a postmortem within 5 business days
Deployment freeze periods
| Period | Restriction |
|---|---|
| Month-end accounting close | No deploys to financial systems |
| Capital calls / distributions | No deploys to affected systems |
| Year-end (Dec 20 – Jan 5) | No major deploys — emergency only |
| (fill in) | (fill in) |