deployment-pipeline-design
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
About this skill
This skill empowers an AI agent to design robust and secure deployment pipelines by applying established architectural patterns for multi-stage CI/CD workflows. It guides the agent to clarify goals, constraints, and required inputs, leverage industry best practices, and validate outcomes. The agent can provide actionable steps, verification strategies, and, if needed, detailed implementation playbooks, making it invaluable for optimizing release processes, ensuring code quality, and improving deployment reliability and security.
Best use case
Ideal for software development teams and DevOps professionals who need to design new CI/CD pipelines, optimize existing ones, or incorporate advanced deployment strategies (e.g., blue/green, canary releases) with robust approval gates and security measures. It provides strategic architectural guidance rather than just tactical code generation.
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
A well-structured and comprehensive deployment pipeline design, including architectural patterns, best practices, clear stages, defined approval gates, recommended deployment strategies, actionable steps, and verification methods, tailored to the specified requirements.
Practical example
Example input
Design a CI/CD pipeline for a cloud-native microservices application deployed on AWS EKS. The pipeline should support automated testing, require a manual approval for production deployments, and implement a blue/green deployment strategy to minimize downtime.
Example output
Based on your requirements, here's a proposed CI/CD pipeline design for your AWS EKS microservices:
**1. Goals & Constraints Clarification:**
- **Goals:** Automated testing, secure production deployments, zero-downtime blue/green strategy.
- **Constraints:** AWS EKS environment, microservices architecture, manual production approval.
**2. Architecture & Stages:**
- **Stage 1: Source & Build**
- **Input:** Code commit to Git repository (e.g., GitHub, GitLab).
- **Actions:** Automated build (Docker images, artifacts), unit tests.
- **Output:** Versioned Docker images pushed to ECR, build artifacts.
- **Stage 2: Test & Scan**
- **Input:** New Docker images from Stage 1.
- **Actions:** Integration tests, end-to-end tests, security scans (SAST/DAST), vulnerability scanning on Docker images.
- **Output:** Test reports, scan results. Failure triggers rollback.
- **Stage 3: Staging Deployment**
- **Input:** Validated images from Stage 2.
- **Actions:** Deploy to a dedicated staging EKS environment. Perform user acceptance testing (UAT), performance testing.
- **Output:** Staging environment accessible for testing.
- **Stage 4: Production Approval Gate**
- **Input:** Successful staging deployment.
- **Actions:** Require manual approval from designated approvers (e.g., Lead Developer, Product Owner) before proceeding to production.
- **Output:** Approval confirmation or rejection.
- **Stage 5: Production Deployment (Blue/Green)**
- **Input:** Approved images from Stage 4.
- **Actions:**
1. Provision a 'Green' EKS environment (or new set of pods/deployments) alongside the existing 'Blue' environment.
2. Deploy new application version to the 'Green' environment.
3. Run automated smoke tests against 'Green'.
4. Gradually shift traffic from 'Blue' to 'Green' using a load balancer (e.g., ALB/NLB with target groups, Istio service mesh).
5. Monitor 'Green' for stability. If issues arise, quickly revert traffic to 'Blue'.
6. Once stable, deprovision 'Blue'.
- **Output:** Live application running on the new version with minimal downtime.
**3. Key Technologies & Best Practices:**
- **CI/CD Orchestrator:** Jenkins, GitLab CI, GitHub Actions, AWS CodePipeline.
- **Container Registry:** AWS ECR.
- **Deployment Tool:** Helm, Kubernetes manifest files.
- **Testing:** JUnit, Selenium, Cypress, JMeter.
- **Security:** SonarQube, Aqua Security, Clair.
- **Monitoring:** Prometheus, Grafana, CloudWatch.
- **IaC:** Terraform/CloudFormation for environment provisioning.
**4. Verification:**
- Ensure all automated tests pass at each stage.
- Verify manual approval status before production deployment.
- Monitor production traffic and application metrics during and after blue/green switch.
- Conduct post-mortem analysis for any deployment failures.
Would you like to refine any specific stage or explore implementation details using the `resources/implementation-playbook.md`?When to use this skill
- When designing a new CI/CD pipeline from scratch.
- When optimizing, refactoring, or enhancing an existing deployment pipeline.
- When incorporating specific deployment strategies like blue/green, canary, or rolling updates.
- When defining secure approval gates and compliance checks within a deployment workflow.
When not to use this skill
- When the task is unrelated to the architectural design of deployment pipelines.
- When you need to generate specific CI/CD configuration files (e.g., YAML for GitHub Actions, Jenkinsfile) without prior design guidance.
- When seeking a tool for executing deployments, monitoring pipeline performance, or managing infrastructure, as this skill focuses on design principles.
- When the scope of the task is outside software deployment and release engineering.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/deployment-pipeline-design/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How deployment-pipeline-design Compares
| Feature / Agent | deployment-pipeline-design | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Top AI Agents for Productivity
See the top AI agent skills for productivity, workflow automation, operational systems, documentation, and everyday task execution.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Deployment Pipeline Design
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
## Do not use this skill when
- The task is unrelated to deployment pipeline design
- You need a different domain or tool outside this scope
## Instructions
- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.
## Purpose
Design robust, secure deployment pipelines that balance speed with safety through proper stage organization and approval workflows.
## Use this skill when
- Design CI/CD architecture
- Implement deployment gates
- Configure multi-environment pipelines
- Establish deployment best practices
- Implement progressive delivery
## Pipeline Stages
### Standard Pipeline Flow
```
┌─────────┐ ┌──────┐ ┌─────────┐ ┌────────┐ ┌──────────┐
│ Build │ → │ Test │ → │ Staging │ → │ Approve│ → │Production│
└─────────┘ └──────┘ └─────────┘ └────────┘ └──────────┘
```
### Detailed Stage Breakdown
1. **Source** - Code checkout
2. **Build** - Compile, package, containerize
3. **Test** - Unit, integration, security scans
4. **Staging Deploy** - Deploy to staging environment
5. **Integration Tests** - E2E, smoke tests
6. **Approval Gate** - Manual approval required
7. **Production Deploy** - Canary, blue-green, rolling
8. **Verification** - Health checks, monitoring
9. **Rollback** - Automated rollback on failure
## Approval Gate Patterns
### Pattern 1: Manual Approval
```yaml
# GitHub Actions
production-deploy:
needs: staging-deploy
environment:
name: production
url: https://app.example.com
runs-on: ubuntu-latest
steps:
- name: Deploy to production
run: |
# Deployment commands
```
### Pattern 2: Time-Based Approval
```yaml
# GitLab CI
deploy:production:
stage: deploy
script:
- deploy.sh production
environment:
name: production
when: delayed
start_in: 30 minutes
only:
- main
```
### Pattern 3: Multi-Approver
```yaml
# Azure Pipelines
stages:
- stage: Production
dependsOn: Staging
jobs:
- deployment: Deploy
environment:
name: production
resourceType: Kubernetes
strategy:
runOnce:
preDeploy:
steps:
- task: ManualValidation@0
inputs:
notifyUsers: 'team-leads@example.com'
instructions: 'Review staging metrics before approving'
```
**Reference:** See `assets/approval-gate-template.yml`
## Deployment Strategies
### 1. Rolling Deployment
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 10
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 1
```
**Characteristics:**
- Gradual rollout
- Zero downtime
- Easy rollback
- Best for most applications
### 2. Blue-Green Deployment
```yaml
# Blue (current)
kubectl apply -f blue-deployment.yaml
kubectl label service my-app version=blue
# Green (new)
kubectl apply -f green-deployment.yaml
# Test green environment
kubectl label service my-app version=green
# Rollback if needed
kubectl label service my-app version=blue
```
**Characteristics:**
- Instant switchover
- Easy rollback
- Doubles infrastructure cost temporarily
- Good for high-risk deployments
### 3. Canary Deployment
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 10
strategy:
canary:
steps:
- setWeight: 10
- pause: {duration: 5m}
- setWeight: 25
- pause: {duration: 5m}
- setWeight: 50
- pause: {duration: 5m}
- setWeight: 100
```
**Characteristics:**
- Gradual traffic shift
- Risk mitigation
- Real user testing
- Requires service mesh or similar
### 4. Feature Flags
```python
from flagsmith import Flagsmith
flagsmith = Flagsmith(environment_key="API_KEY")
if flagsmith.has_feature("new_checkout_flow"):
# New code path
process_checkout_v2()
else:
# Existing code path
process_checkout_v1()
```
**Characteristics:**
- Deploy without releasing
- A/B testing
- Instant rollback
- Granular control
## Pipeline Orchestration
### Multi-Stage Pipeline Example
```yaml
name: Production Pipeline
on:
push:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build application
run: make build
- name: Build Docker image
run: docker build -t myapp:${{ github.sha }} .
- name: Push to registry
run: docker push myapp:${{ github.sha }}
test:
needs: build
runs-on: ubuntu-latest
steps:
- name: Unit tests
run: make test
- name: Security scan
run: trivy image myapp:${{ github.sha }}
deploy-staging:
needs: test
runs-on: ubuntu-latest
environment:
name: staging
steps:
- name: Deploy to staging
run: kubectl apply -f k8s/staging/
integration-test:
needs: deploy-staging
runs-on: ubuntu-latest
steps:
- name: Run E2E tests
run: npm run test:e2e
deploy-production:
needs: integration-test
runs-on: ubuntu-latest
environment:
name: production
steps:
- name: Canary deployment
run: |
kubectl apply -f k8s/production/
kubectl argo rollouts promote my-app
verify:
needs: deploy-production
runs-on: ubuntu-latest
steps:
- name: Health check
run: curl -f https://app.example.com/health
- name: Notify team
run: |
curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
-d '{"text":"Production deployment successful!"}'
```
## Pipeline Best Practices
1. **Fail fast** - Run quick tests first
2. **Parallel execution** - Run independent jobs concurrently
3. **Caching** - Cache dependencies between runs
4. **Artifact management** - Store build artifacts
5. **Environment parity** - Keep environments consistent
6. **Secrets management** - Use secret stores (Vault, etc.)
7. **Deployment windows** - Schedule deployments appropriately
8. **Monitoring integration** - Track deployment metrics
9. **Rollback automation** - Auto-rollback on failures
10. **Documentation** - Document pipeline stages
## Rollback Strategies
### Automated Rollback
```yaml
deploy-and-verify:
steps:
- name: Deploy new version
run: kubectl apply -f k8s/
- name: Wait for rollout
run: kubectl rollout status deployment/my-app
- name: Health check
id: health
run: |
for i in {1..10}; do
if curl -sf https://app.example.com/health; then
exit 0
fi
sleep 10
done
exit 1
- name: Rollback on failure
if: failure()
run: kubectl rollout undo deployment/my-app
```
### Manual Rollback
```bash
# List revision history
kubectl rollout history deployment/my-app
# Rollback to previous version
kubectl rollout undo deployment/my-app
# Rollback to specific revision
kubectl rollout undo deployment/my-app --to-revision=3
```
## Monitoring and Metrics
### Key Pipeline Metrics
- **Deployment Frequency** - How often deployments occur
- **Lead Time** - Time from commit to production
- **Change Failure Rate** - Percentage of failed deployments
- **Mean Time to Recovery (MTTR)** - Time to recover from failure
- **Pipeline Success Rate** - Percentage of successful runs
- **Average Pipeline Duration** - Time to complete pipeline
### Integration with Monitoring
```yaml
- name: Post-deployment verification
run: |
# Wait for metrics stabilization
sleep 60
# Check error rate
ERROR_RATE=$(curl -s "$PROMETHEUS_URL/api/v1/query?query=rate(http_errors_total[5m])" | jq '.data.result[0].value[1]')
if (( $(echo "$ERROR_RATE > 0.01" | bc -l) )); then
echo "Error rate too high: $ERROR_RATE"
exit 1
fi
```
## Reference Files
- `references/pipeline-orchestration.md` - Complex pipeline patterns
- `assets/approval-gate-template.yml` - Approval workflow templates
## Related Skills
- `github-actions-templates` - For GitHub Actions implementation
- `gitlab-ci-patterns` - For GitLab CI implementation
- `secrets-management` - For secrets handlingRelated Skills
deployment-procedures
Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.
kubernetes-deployment
Kubernetes deployment workflow for container orchestration, Helm charts, service mesh, and production-ready K8s configurations.
linux-shell-scripting
Provide production-ready shell script templates for common Linux system administration tasks including backups, monitoring, user management, log analysis, and automation. These scripts serve as building blocks for security operations and penetration testing environments.
iterate-pr
Iterate on a PR until CI passes. Use when you need to fix CI failures, address review feedback, or continuously push fixes until all checks are green. Automates the feedback-fix-push-wait cycle.
istio-traffic-management
Comprehensive guide to Istio traffic management for production service mesh deployments.
incident-runbook-templates
Production-ready templates for incident response runbooks covering detection, triage, mitigation, resolution, and communication.
incident-response-smart-fix
[Extended thinking: This workflow implements a sophisticated debugging and resolution pipeline that leverages AI-assisted debugging tools and observability platforms to systematically diagnose and res
incident-responder
Expert SRE incident responder specializing in rapid problem resolution, modern observability, and comprehensive incident management.
expo-cicd-workflows
Helps understand and write EAS workflow YAML files for Expo projects. Use this skill when the user asks about CI/CD or workflows in an Expo or EAS context, mentions .eas/workflows/, or wants help with EAS build pipelines or deployment automation.
error-diagnostics-error-trace
You are an error tracking and observability expert specializing in implementing comprehensive error monitoring solutions. Set up error tracking systems, configure alerts, implement structured logging,
error-debugging-error-trace
You are an error tracking and observability expert specializing in implementing comprehensive error monitoring solutions. Set up error tracking systems, configure alerts, implement structured logging, and ensure teams can quickly identify and resolve production issues.
error-debugging-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.