GitLab's guide to safe deployment practices

Orit Golowinski ·
Jul 23, 2020 · 3 min read

Here at GitLab we understand the importance of safe deployment practices.

Progressive delivery is continuous delivery with fine-grained control over who sees the change. This ensures that all code and configuration updates go through the CI/CD stages to catch any regressions or bugs before they reach customers. If something does make it past those gates, progressive delivery makes sure any negative impact is as small as possible.

We have recently added several features that add safeguards to your deployment process, which we will review in this blog post.

Protected Environments

It is important that deploy jobs are restricted to only those who are authorized to deploy in that environment, and we call this restriction by roles "protected". While this feature has been around for a while, it is important to remember that this should be the first step to take when thinking about safe deployments.

Take a deeper dive into protected environments.

Sequential Deployment (or Safe Continuous Deployment)

If your project follows the Continuous Deployment practice that deploys the master branch to the production environment with GitLab CI/CD pipelines, you may encounter the following problems due to the asynchronous nature of pipeline jobs:

To address these problems, GitLab provides the following options:

Limit job concurrency

You can limit deployment concurrency by adding a resource_group to any .gitlab-ci.yml jobs that should run one at a time. For example:

Prevent deployment of old versions

The execution order of pipeline jobs can vary from run to run, which could cause undesired behavior. For example, a deployment job in a newer pipeline could finish before a deployment job in an older pipeline. This creates a race condition where the older deployment finishes later, overwriting the "newer" deployment.

You can ensure that older deployment jobs are cancelled automatically when a newer deployment runs by enabling the prevent deployment of old versions feature.

Prevent deployment of old versions

Deployment Freeze

To prevent deployments for a particular period, such as during a planned holiday when most employees are out, you can set up a deploy freeze. During a deploy freeze, no deployments can be executed. This is helpful to ensure that deployments do not happen unexpectedly.

Find more detailed information about deployment safety.

Read more about GitLab and safety:

Cover image by Mathew Schwartz on Unsplash

“Want to deploy safely with @gitlab? Here's what you need to know.” – Orit Golowinski

Click to tweet

Guide to the Cloud

Harness the power of the cloud with microservices, cloud-agnostic DevOps, and workflow portability.

Learn more
Edit this page View source