| name | deployment-workflow |
| description | Guides production deployment workflow with safety checks and rollback procedures. Use when deploying applications to staging or production environments. |
| version | 1.0.0 |
| author | Platform Team |
| category | custom |
| token_estimate | ~3500 |
Provide step-by-step guidance for safely deploying applications to production environments, ensuring all safety checks are performed, proper monitoring is in place, and rollback procedures are ready before deploying code that affects users.
<when_to_use>
Use this skill when:
- Deploying a service update to production
- Rolling out a new version of an application
- Applying configuration changes to production systems
- Performing blue-green or canary deployments
- Updating production infrastructure
Do NOT use this skill when:
- Deploying to local development environment
- Running tests in CI/CD (use testing skills instead)
- Making changes to non-production environments without risk
</when_to_use>
Before using this skill, ensure:
- Code has been reviewed and approved
- All tests pass in CI/CD pipeline
- Staging deployment completed successfully
- Rollback plan is documented
- On-call engineer is available
- Change has been communicated to team
Pre-Deployment Verification
Verify all prerequisites are met before starting deployment:
Code Readiness:
gh run list --branch main --limit 1 --json status,conclusion
Staging Validation:
kubectl get deployment -n staging
kubectl get pods -n staging | grep -v Running
Infrastructure Health:
kubectl cluster-info
kubectl get nodes
kubectl top nodes
Checklist:
Prepare for Deployment
Set up monitoring and prepare rollback resources:
1. Create Deployment Tracking:
2. Set Up Monitoring Dashboard:
3. Notify Team:
4. Verify Rollback Resources:
docker pull your-registry/service-name:previous-version
Execute Deployment
Deploy using your deployment method (examples provided for common scenarios):
Kubernetes Rolling Update:
kubectl set image deployment/service-name \
service-name=your-registry/service-name:new-version \
-n production
kubectl rollout status deployment/service-name -n production
kubectl get pods -n production -l app=service-name -w
Blue-Green Deployment:
kubectl apply -f deployment-green.yaml -n production
kubectl wait --for=condition=ready pod \
-l app=service-name,version=green \
-n production \
--timeout=300s
kubectl patch service service-name -n production \
-p '{"spec":{"selector":{"version":"green"}}}'
Canary Deployment:
kubectl apply -f deployment-canary.yaml -n production
kubectl scale deployment service-name-canary \
--replicas=3 -n production
Important Considerations:
- Monitor metrics continuously during deployment
- Watch for error spikes or latency increases
- Check logs for unexpected errors
- Verify database connections are healthy
Post-Deployment Validation
Verify the deployment succeeded and system is healthy:
1. Health Checks:
kubectl get pods -n production -l app=service-name
curl https://api.example.com/health
2. Smoke Tests:
curl -X POST https://api.example.com/api/v1/users \
-H "Content-Type: application/json" \
-d '{"name": "test", "email": "test@example.com"}'
3. Metrics Validation:
Monitor for at least 15 minutes:
- Error Rate: Should be stable or improved (< 1% for most services)
- Latency: p50, p95, p99 should be stable or improved
- Throughput: Request rate should match expected traffic
- Resource Usage: CPU/Memory should be within normal ranges
4. Log Analysis:
kubectl logs -n production -l app=service-name \
--since=15m | grep -i error
Validation Checklist:
Complete Deployment
Finalize deployment and communicate results:
1. Update Documentation:
2. Notify Team:
3. Clean Up (if applicable):
kubectl delete deployment service-name-blue -n production
kubectl delete deployment service-name-canary -n production
4. Schedule Follow-up:
- Monitor metrics for next 24 hours
- Review performance in next team standup
- Document lessons learned if issues occurred
<best_practices>
Deploy During Low-Traffic Periods
Rationale: Reduces impact if issues occur and makes anomaly detection easier.
Implementation:
- Schedule non-urgent deployments during off-peak hours
- For 24/7 services, deploy during lowest traffic period
- Emergency fixes can be deployed anytime with extra caution
Use Feature Flags for Risky Changes
Rationale: Allows instant rollback of feature behavior without code deployment.
Example:
if feature_flags.is_enabled('new_algorithm'):
result = new_algorithm(data)
else:
result = legacy_algorithm(data)
Disable flag instantly if issues arise, no deployment needed.
Gradual Rollout Strategy
Rationale: Limits blast radius if issues occur.
Implementation:
- Start with 10% traffic (canary)
- Monitor for 15-30 minutes
- Increase to 50% if healthy
- Monitor for another 15-30 minutes
- Complete rollout to 100%
Degree of Freedom
Medium Freedom: Core safety steps must be followed (pre-deployment checks, monitoring, validation), but deployment method can be adapted based on:
- Service architecture (stateless vs. stateful)
- Risk level (hot-fix vs. major feature)
- Time constraints (emergency vs. planned)
- Team preferences (rolling vs. blue-green)
Token Efficiency
This skill uses approximately 3,500 tokens when fully loaded.
Optimization Strategy:
- Core workflow: Always loaded (~2,500 tokens)
- Examples: Load for reference (~800 tokens)
- Detailed troubleshooting: Load if deployment issues occur (~200 tokens on-demand)
</best_practices>
<common_pitfalls>
Skipping Pre-Deployment Checks
What Happens: Deployment proceeds with failing tests or unhealthy staging environment, leading to production incidents.
Why It Happens: Pressure to deploy quickly, confidence in changes, or assumption that issues are minor.
How to Avoid:
- Always verify CI/CD passed before deploying
- Require staging validation for all deployments
- Use automated gates in deployment pipeline
- Don't skip checks even for "simple" changes
Recovery: If deployed without checks and issues arise, immediately roll back and perform full verification before re-deploying.
Insufficient Monitoring During Deployment
What Happens: Issues go undetected until users report problems, making diagnosis harder and recovery slower.
Why It Happens: Assuming deployment will succeed, distractions, or lack of monitoring setup.
How to Avoid:
- Open monitoring dashboards before starting deployment
- Watch metrics continuously during rollout
- Set up alerts for anomaly detection
- Have dedicated person monitoring during deployment
Warning Signs:
- Gradual increase in error rate
- Latency creeping up over time
- Increased database query times
- Growing request queue length
No Rollback Plan
What Happens: When issues occur, team scrambles to figure out how to recover, prolonging the incident.
Why It Happens: Optimism bias, time pressure, or lack of experience with rollbacks.
How to Avoid:
- Document rollback steps before deployment
- Verify previous version artifacts are available
- Test rollback procedure in staging
- Keep rollback instructions easily accessible
Recovery: If issues occur without rollback plan:
- Check version control history for last good commit
- Redeploy previous version using same deployment method
- Verify in staging first if time permits
- Communicate timeline to stakeholders
</common_pitfalls>
Standard Kubernetes Rolling Update
Context: Deploying a new version of a stateless API service to production with low-risk changes (bug fixes, minor improvements).
Situation:
- Service: user-api
- Current version: v2.3.1
- New version: v2.4.0
- Changes: Bug fixes, performance optimizations
- Traffic: Moderate (~1000 req/min)
Steps:
- Pre-deployment verification:
gh run view --repo company/user-api
kubectl get deployment user-api -n staging
curl https://staging.api.example.com/health
- Set up monitoring:
open https://monitoring.example.com/dashboards/user-api
slack post
- Execute deployment:
kubectl set image deployment/user-api \
user-api=registry.example.com/user-api:v2.4.0 \
-n production
kubectl rollout status deployment/user-api -n production
- Validate:
kubectl get pods -n production -l app=user-api
curl https://api.example.com/health
- Complete:
slack post
Expected Output:
Deployment successful
- Version: v2.4.0
- Pods: 5/5 running
- Health: All checks passed
- Metrics: Stable/Improved
- Duration: 8 minutes
Outcome: Deployment completed smoothly, performance improved as expected, no issues reported.
Blue-Green Deployment with Database Migration
Context: Deploying a major feature that requires database schema changes, using blue-green strategy to minimize downtime and enable fast rollback.
Situation:
- Service: payment-service
- Current version: v3.1.0 (blue)
- New version: v3.2.0 (green)
- Changes: New payment methods, database schema update
- Traffic: High (~5000 req/min)
- Migration: Adding tables for new payment types
Challenges:
- Database migration must be backward compatible
- High traffic requires zero-downtime deployment
- Financial service requires extra caution
Steps:
- Pre-deployment (extra careful):
gh run view --repo company/payment-service
curl -X POST https://staging.api.example.com/api/v1/payments \
-H "Authorization: Bearer $STAGING_TOKEN" \
-d '{"method": "new_payment_type", "amount": 100}'
kubectl exec -n staging payment-service-db -it -- \
psql -U app -c "\d payment_methods"
- Deploy green with migration:
kubectl apply -f migration-job.yaml -n production
kubectl wait --for=condition=complete job/payment-migration -n production
kubectl logs job/payment-migration -n production
kubectl apply -f deployment-green-v3.2.0.yaml -n production
kubectl wait --for=condition=ready pod \
-l app=payment-service,version=green \
-n production --timeout=600s
- Validate green before switching traffic:
kubectl port-forward -n production \
svc/payment-service-green 8080:80 &
curl http://localhost:8080/health
curl -X POST http://localhost:8080/api/v1/payments \
-H "Authorization: Bearer $TEST_TOKEN" \
-d '{"method": "new_payment_type", "amount": 100}'
kill %1
- Switch traffic to green:
slack post
kubectl patch service payment-service -n production \
-p '{"spec":{"selector":{"version":"green"}}}'
- Monitor and validate:
kubectl logs -n production -l app=payment-service,version=green \
--since=15m | grep -i error
- Complete deployment:
kubectl delete deployment payment-service-blue -n production
slack post
Expected Output:
Blue-Green Deployment Success
- Green version: v3.2.0
- Migration: Completed successfully
- Traffic switch: Seamless (no downtime)
- Validation period: 30 minutes
- Metrics: Stable
- Blue cleanup: Completed
- Total duration: 45 minutes
Outcome: Complex deployment with database changes completed successfully. New payment methods working. Zero downtime. Blue kept around for 30 minutes as safety net, then cleaned up.
Emergency Rollback During Canary
Context: Canary deployment detects issues; immediate rollback required.
Situation:
- Service: recommendation-engine
- Attempted version: v4.1.0 (canary)
- Stable version: v4.0.3
- Issue: Canary showing 5% error rate vs. 0.5% in stable
- Traffic: Canary at 20% (stable at 80%)
Steps:
- Detect issue:
- Execute rollback:
kubectl scale deployment recommendation-engine-canary \
--replicas=0 -n production
kubectl get deployment -n production
- Investigate and document:
kubectl logs -n production -l app=recommendation-engine,version=canary \
--since=30m > canary-failure-logs.txt
slack post
- Root cause analysis:
grep "ERROR" canary-failure-logs.txt | head -20
Expected Output:
Rollback Successful
- Detection time: 8 minutes into canary
- Rollback execution: 30 seconds
- Service recovery: 2 minutes
- Affected traffic: ~20% for 8 minutes
- Root cause: Found within 1 hour
- Fix: Deployed v4.1.1 next day after testing
Outcome: Quick detection and rollback prevented widespread issues. Root cause identified. Proper fix deployed after thorough testing. Canary deployment pattern prevented full-scale incident.
Deployment Stuck (Pods Not Coming Up)
Symptoms:
kubectl rollout status shows "Waiting for deployment rollout to finish"
- Pods show
ImagePullBackOff or CrashLoopBackOff
- Deployment exceeds expected time
Diagnostic Steps:
kubectl get pods -n production -l app=service-name
kubectl describe pod <pod-name> -n production
kubectl logs <pod-name> -n production
Common Causes and Solutions:
1. Image Pull Error:
docker pull your-registry/service-name:version
kubectl set image deployment/service-name \
service-name=your-registry/service-name:correct-version \
-n production
2. Application Crash:
kubectl logs <pod-name> -n production --previous
kubectl set env deployment/service-name NEW_VAR=value -n production
3. Resource Constraints:
kubectl describe nodes | grep -A 5 "Allocated resources"
kubectl scale deployment low-priority-service --replicas=2
Prevention:
- Test deployments in staging with production-like resources
- Monitor cluster capacity
- Set appropriate resource requests/limits
Elevated Error Rate After Deployment
Symptoms:
- Error rate increases from baseline (e.g., 0.5% → 3%)
- Specific endpoints showing errors
- Client-side errors reported
Diagnostic Steps:
- Check which endpoints are affected
- Review error logs for patterns
- Compare error types (4xx vs 5xx)
- Check dependencies (database, APIs, cache)
Solution:
Immediate:
kubectl rollout undo deployment/service-name -n production
Investigation:
kubectl logs -n production -l app=service-name \
--since=30m | grep ERROR | sort | uniq -c | sort -rn
Alternative Approaches:
- If only specific endpoint affected, consider feature flag to disable
- If dependency issue, temporarily use fallback/cache
- If minor increase acceptable, monitor and investigate without rollback
Database Migration Failure
Symptoms:
- Migration job fails or times out
- Application can't connect to database
- Data inconsistency reported
Quick Fix:
kubectl logs job/migration-name -n production
Root Cause Resolution:
1. Lock Timeout:
kubectl exec -it db-pod -n production -- \
psql -U app -c "SELECT * FROM pg_stat_activity WHERE state = 'active';"
2. Migration Syntax Error:
3. Permission Issues:
kubectl exec -it db-pod -n production -- \
psql -U admin -c "GRANT ALL ON SCHEMA public TO app_user;"
Prevention:
- Always test migrations in staging first
- Use migration tools with rollback support (Alembic, Flyway)
- Keep migrations backward compatible
- Run migrations before deploying code when possible
<related_skills>
This skill works well with:
- database-migration: Detailed database migration procedures and rollback strategies
- incident-response: If deployment causes an incident, switch to incident response workflow
- monitoring-setup: Setting up comprehensive monitoring for new services
This skill may conflict with:
- rapid-prototyping: Prototyping emphasizes speed over safety; don't use both simultaneously
</related_skills>
<integration_notes>
Working with Other Tools
CI/CD Integration:
This skill assumes CI/CD has already run tests. For CI/CD setup, reference your platform documentation.
Monitoring Tools:
Examples use generic commands. Adapt for your monitoring stack:
- Datadog: Use Datadog API or UI
- Grafana: Open relevant dashboards
- Prometheus: Query metrics directly
Deployment Tools:
Examples use kubectl. Adapt for your deployment method:
- Helm:
helm upgrade --install
- ArgoCD: Update manifests, let ArgoCD sync
- Custom: Follow your deployment scripts
Skill Composition
Typical workflow combining multiple skills:
- code-review-checklist: Review code before merging
- integration-testing: Run tests in staging
- deployment-workflow (this skill): Deploy to production
- monitoring-setup: Configure alerts for new features
- incident-response: If issues arise during deployment
</integration_notes>
- Examples focus on Kubernetes; adapt for other platforms (VMs, serverless, etc.)
- Assumes you have monitoring infrastructure set up
- Database migration details are brief; use database-migration skill for complex scenarios
- Rollback procedures assume stateless services; stateful services require additional considerations
- You have access to production environment
- Monitoring dashboards are configured
- Staging environment mirrors production
- Team has agreed-upon deployment windows
- Rollback artifacts are retained for reasonable time
<version_history>
Version 1.0.0 (2025-01-20)
- Initial creation
- Core deployment workflow established
- Examples for rolling update, blue-green, and canary deployments
- Comprehensive troubleshooting guide
</version_history>
<additional_resources>
<success_criteria>
Deployment is considered successful when:
-
Pre-Deployment Validation Complete
- All CI/CD tests passed
- Staging deployment validated
- No active production incidents
- Rollback plan documented
-
Deployment Execution Success
- All new pods running and ready
- No deployment errors
- Rollout completed within expected timeframe
-
Post-Deployment Validation Pass
- Health checks returning success
- Smoke tests passed
- Error rate at or below baseline
- Latency metrics stable or improved
- No unexpected errors in logs
-
Monitoring Confirms Stability
- Metrics monitored for 15+ minutes post-deployment
- All KPIs within acceptable ranges
- No alerts triggered
-
Documentation and Communication Complete
- Team notified of successful deployment
- Deployment tracking updated
- Any issues documented
- Follow-up monitoring scheduled
</success_criteria>