deployment-strategy
Deployment Strategy
Decide how the release reaches production, how it is verified, and how it is reversed if reality disagrees with the plan.
Context
CI/CD automates the path to deployment; deployment strategy decides how much risk to take on each step of that path. It selects the rollout pattern that matches the change's blast radius, reversibility, and operational visibility.
Use this skill when "deploy" is no longer a binary action. The questions are: canary or blue-green, full rollout or staged activation, what to verify before expanding traffic, and what exact action restores service if the release misbehaves.
Inputs
- ci-cd-pipeline -- The automated delivery path and available gates.
- build-artifacts -- The exact release package that will be deployed.
- release-plan -- The intended scope, release window, and stakeholder expectations when one exists.
Process
Step 1: Classify Release Risk
Assess user impact, data migration risk, trust-boundary change, reversibility, and observability quality. Decide whether the release is low risk, staged-risk, or high risk.
Step 2: Choose the Rollout Pattern
Match the pattern to the risk:
- rolling for low-risk stateless changes
- canary for user-facing or behavior-sensitive changes
- blue-green when instant rollback matters more than infrastructure cost
- big-bang only when the system or migration constraints truly require it
If the release cannot be observed or rolled back safely, the strategy is wrong.
Step 3: Define Verification and Expansion Gates
Specify what must be checked before traffic increases:
- smoke tests
- error rate and latency thresholds
- dependency health
- data validation
- business event sanity checks for the changed flow
Tie each checkpoint to an owner and a stop/continue decision.
Step 4: Write the Rollback-First Runbook
Document the exact release sequence, rollback trigger conditions, rollback commands, communication path, and post-deploy observation window. A rollout plan without a concrete rollback path is incomplete.
Outputs
- deployment-runbook -- The chosen rollout pattern, verification sequence, rollback path, communications, and ownership for the release.
Quality Gate
- Rollout pattern matches the release risk and blast radius
- Verification checkpoints and stop conditions are explicit
- Rollback path is concrete, fast, and tested or rehearsed
- Release ownership and communication path are documented
- The runbook is specific to this release, not a generic template
Anti-Patterns
- Default full rollout -- treating every release as equally safe.
- Monitoring after the fact -- deploying first and deciding what to watch later.
- Rollback in theory only -- naming rollback without documenting or rehearsing the actual path.
- Pipeline equals strategy -- assuming automation alone decides rollout risk.
Related Skills
- ci-cd -- provides the automated delivery path
- monitoring-observability -- supplies the signals used for rollout verification
- runbooks -- operationalizes the deployment procedure after release
- release-management -- coordinates the broader human release process
Distribution
- Public install surface:
skills/.curated - Canonical authoring source:
skills/06-delivery/deployment-strategy/SKILL.md - This package is exported for
npx skills add/updatecompatibility. - Packaging stability:
beta - Capability readiness:
beta
More from yknothing/prodcraft
system-design
Use when reviewed requirements or specifications are ready and the team must decide high-level architecture, component boundaries, integration seams, or brownfield coexistence strategy before API design, technology selection, or task planning.
6ci-cd
Use when a reviewed implementation slice needs an automated build, test, and deployment pipeline, especially when brownfield rollback, release-boundary checks, contract/integration gates, and staged delivery must be explicit before shipping.
6intake
The mandatory gateway for all new engineering work. Triage and route new products, apps, features, migrations, tech-debt, or any 'not sure where to start' request to the correct lifecycle path. Use before starting design or implementation. Do not use for ongoing tasks, specific debugging, or PR reviews.
6feature-development
Use when a reviewed task slice has tests or acceptance targets and the team must turn it into a small, mergeable implementation increment without expanding scope, breaking contracts, or hiding release-boundary risk.
6monitoring-observability
Use when a live service or newly delivered release needs actionable telemetry, dashboards, and alerts that expose real user-impactful boundaries, especially when brownfield coexistence rules, unsupported-flow safety, rollback health, or queue/backfill behavior must be visible before incidents escalate.
6incident-response
Use when a live production issue needs coordinated containment, severity triage, stakeholder communication, and evidence capture, especially when a recent release, brownfield coexistence rules, rollback decisions, or unresolved contract boundaries must be handled before root-cause work.
6