Deploy

Back to SDLC Intro

Deploy is the action of pushing the software to the production environment where it becomes accessible to users. A mature deployment process is boring by design - predictable, automated, and reversible. If deploying to production feels risky, your deployment process needs work.

Deployment Strategies

Modern deployment focuses on minimising downtime and risk. Each strategy makes different trade-offs between complexity, speed, and safety.

Recreate (Replace)

Shut down the old version entirely, then start the new version. Simple but causes downtime.

Best for: Non-critical internal tools, batch jobs, or environments where brief downtime is acceptable.
Risk: Complete outage during the switchover window.

Rolling Deployment

Gradually replace instances of the old version with the new version, one (or a few) at a time. No downtime, but both versions run simultaneously during the rollout.

Best for: Stateless applications behind a load balancer.
Risk: Requires backward-compatible changes since both versions serve traffic simultaneously.

Blue/Green Deployment

Run two identical production environments. Deploy the new version to the idle environment (Green), test it, then switch traffic from the current environment (Blue) to Green.

Best for: Applications that need instant rollback capability. If Green has issues, switch traffic back to Blue immediately.
Risk: Requires double the infrastructure (though cloud auto-scaling mitigates this cost).

Canary Deployment

rolls out the new version to a small percentage of users (e.g. 1-5%) while the majority continue using the old version. Monitor error rates and performance, then gradually increase the canary percentage.

Best for: High-traffic applications where you want real-world validation before full rollout.
Risk: Requires sophisticated traffic routing and monitoring. Users on the canary may experience issues.

Infrastructure as Code

means managing infrastructure through version-controlled code rather than manual processes. This is foundational for reliable, repeatable deployments.

IaC Tools

Terraform: Cloud-agnostic, declarative infrastructure. The most widely adopted tool. Excellent for multi-cloud setups.
Pulumi: using general-purpose programming languages (TypeScript, Python, Go) instead of a . Preferred by teams who want full programming language capabilities.
AWS CloudFormation / Azure Bicep: Cloud-specific tools. Best when you are committed to a single cloud provider.

IaC Best Practices

Store all infrastructure code in version control alongside application code.
Use modules and reusable components to avoid duplication.
Implement a review process for infrastructure changes (Terraform plan review before apply).
Use remote state with locking to prevent concurrent modifications.

Environment Management

Environment Parity

Maintain consistent environments across the deployment pipeline:

Development: Local or cloud-based developer environments.
Staging / Pre-production: A that mirrors production as closely as possible - same infrastructure, same configurations, same data shapes (with synthetic data).
Production: The live environment serving real users.

The goal is to minimise the delta between environments. - where environments silently diverge - is a top cause of "works in staging, breaks in prod" failures.

Secrets Management

Never store secrets (API keys, database credentials, encryption keys) in code, environment variables checked into source control, or configuration files.

Use a dedicated secrets manager (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Doppler).
Rotate secrets on a defined schedule.
Audit access to secrets.

Zero-Downtime Deployment

For user-facing applications, zero-downtime deployment is a baseline expectation. Key techniques:

Database migrations must be backward-compatible: Deploy schema changes that work with both old and new application versions. Use expand-and-contract migration patterns.
Graceful shutdown: Applications should finish in-flight requests before terminating.
Health checks: Load balancers should only route traffic to instances that report healthy.
Orchestration: Container orchestration platforms like handle rolling updates, health checking, and automatic rollback natively.

By Company Stage

Startup: Use a (Vercel, Netlify, Railway, Render) for deployment. Push to main, it deploys automatically. Manual infrastructure is acceptable initially - do not over-invest in until you have . Focus on shipping, not infrastructure perfection.
Growth Stage: Adopt (Terraform or Pulumi) for all infrastructure. Containerise applications with . Implement multi-environment pipelines (dev → staging → production) with promotion gates. Introduce or deployments for critical services. Set up a secrets manager.
Established: Implement multi-region deployments with disaster recovery. Compliance-audited deployment pipelines ( controls, change records, approval workflows). or equivalent orchestration at scale. Dedicated platform engineering team owns deployment infrastructure. Regular disaster recovery drills. Deployment dashboards tracking .

Common Pitfalls

Anti-patterns to Avoid

Snowflake Servers: Environments configured manually and never reproduced. When they break, nobody knows how to rebuild them. eliminates this entirely.
No Rollback Procedure: If you cannot roll back a deployment within minutes, you do not have a deployment process - you have a one-way door. Test your rollback procedure regularly.
Configuration Drift: Staging and production silently diverge over time due to manual changes. Use and automated configuration management to keep environments in sync.
Deploying on Friday at 5pm: Deploy when your team is available to monitor and respond. If your deployment process is truly reliable, any time is fine - but build that confidence first.

Deployment Key Deliverables

Live Production System
Configuration Scripts
Deployment
Rollback Procedure (tested)
Environment Configuration Documentation

How AI Can Help: Deployment

AI optimizes the complex logistics of deployment:

Smart Infrastructure: AI generates and optimizes scripts for tools like Terraform and Pulumi, ensuring secure cloud configurations.
Continuous Deployment: AI-powered tools (including GitLab, GitHub and CircleCI) optimize deployment windows and predict potential failures.
Deployment visibility / DORA: Tools like Sleuth provide deployment tracking and -style metrics to improve deployment visibility and delivery performance.
Risk Assessment: Tools like Harness perform intelligent verification, analyzing post-deployment behavior to suggest automatic rollbacks if anomalies are detected.

Deployment Strategies​

Recreate (Replace)​

Rolling Deployment​

Blue/Green Deployment​

Canary Deployment​

Infrastructure as Code​

IaC Tools​

IaC Best Practices​

Environment Management​

Environment Parity​

Secrets Management​

Zero-Downtime Deployment​

Common Pitfalls​

Deployment Key Deliverables​