Skip to content

Deployment Procedure

Deployments use build-once, deploy-many. Production receives an already-built artifact identified by a SemVer tag and pinned digest. Rebuilding from source during promotion is not allowed because it weakens traceability and makes rollback evidence ambiguous.

flowchart LR
mr[Merge request] --> checks[Lint, tests, SAST, SCA, IaC]
checks --> image[Build image once]
image --> evidence[SBOM, PBOM, provenance, signature]
evidence --> staging[Deploy staging]
staging --> approval[Manual production approval]
approval --> production[Promote digest to production]
  1. Validate the merge request pipeline and review security findings.

  2. Build the image once and publish SBOM, provenance and signature artifacts.

  3. Deploy the same digest to staging.
  4. Run health, integration and DAST checks against staging.
  5. Promote the approved digest to production with a recorded deployment event.

  • Unit tests and integration tests pass.
  • Secret scanning passes or has a documented exception.
  • Image scan is reviewed.
  • Deployment diff is reviewed.
  • Rollback target is known.

Rollback uses the previous known-good digest, not a rebuild from source.