Release Process 2.0

From ceremonious, opaque releases to traceable, trunk-based delivery.

dev staging prod
Why it's changing · What's new · How it works
Why

Why are we changing?

🐢

Slow & risky

No staging. Manual deploys to dev caused prolonged integration risk and wasted time.

🎭

Ceremonious

Every release was a multi-step dance across two repos — for each environment.

🌫️

Opaque

You couldn't trace a commit to prod, or even tell what was deployed where.

Bottom line: shipping was slow, manual, and hard to reason about.

Before

Where we were

Hiding complexity is a smell, not a fix.

Before

Releasing was a 5-step ritual

1
Merge to dev mono repo
2
Raise a PR with the desired version infra repo
3
Ensure 1× approval + branch up to date infra repo
4
Type /deploy
5
Branch is deployed, then merged to main infra repo

Two repos, several manual gates — repeated for every environment. Traditional, ceremonious releases.

Before

Flying blind

Without traceability, every release carried hidden risk.

What — the new model

Now: dev → staging → prod

dev
auto-deploys on merge
auto on merge
staging
promote a known-good commit
promote
prod
promote a known-good commit
What — the new release

Releasing is now one step

Promote the desired commit to staging.
That's it.

  • dev is instant on merge — nothing to do.
  • staging / prod = a single promotion action.
  • No second repo. No version PR. No ceremony.

Was: 5 steps across 2 repos  →  Now: 1 promotion.

Before vs After

The shift at a glance

BeforeAfter
Environmentsdev → prod (no staging)dev → staging → prod
Dev deploysManualAutomatic on merge
Release steps5 steps, per environment1 promotion
Repos touchedTwo (mono + infra)One (from GitHub)
TraceabilityCommit → prod not traceableCommit traced end-to-end
What's deployed?Hard to tellVisible per env in GitHub
Release notesNoneChange set on every PR / run
K8s diffNot availableShown per PR / workflow run
What you gain

Trace one commit, end to end

commit a1b2c3d
dev
staging
prod
What you gain

Every change is legible

📝

Release notes on every PR & run

A change set is generated automatically — no more guessing what shipped.

🔍

See the delta

Shows everything that would go out when deployed to a given env — great for risk.

☸️

Kubernetes diff

See exactly what changes in Kubernetes for any PR or workflow run.

Fewer surprises

Better risk management — you review the impact before it lands.

How — the mechanics

How it works under the hood

How — the pipelines

Two pipelines: CI and CI/CD

🧪

CI  runs on branches

Validates your work — build, test, checks — on every branch / PR before it reaches main.

🚀

CI/CD  runs on main only

One workflow capable of taking a change all the way from dev → staging → prod.

What changed today: CI/CD used to run on branches too (with dev→staging→prod blocked). That caused workflows to get cancelled — and was redundant — so branch runs of CI/CD have been removed.
How — release management

Infra changes are in transition

TwoDotAi/infra
today — separate infra repo
moving to
mono repo · /infra
destination — alongside app code

Consolidating infra alongside app code — same workflow today, one repo tomorrow.

How — the mindset shift

The biggest change is how you think

Old mindset

"We're going to cut a release" — a deliberate, batched event you prepare for.

New mindset

Every change is a potential release candidate. We promote release candidates — we don't "cut releases".

How — operational jobs

Housekeeping & safety nets

🧹

Delete Workflow Runs

Manual, on-demand. Cleans up workflow runs from branches that pollute the Actions view — keeps the run history readable.

🗄️

Restore Postgres Database WIP

Runs on a schedule. Continuously verifies our database restore process actually works — so we find out before we ever need it.

Small jobs that keep the pipeline clean and our recovery trustworthy.

How — reading the views

What the colours mean

⚙️ Workflow view (Actions)

Failed — the run failed.
Tick — it went all the way to prod.
Yellow circle — waiting for promotion.

🚢 Deployments view

Failed — the deploy failed.
Green tick — successful, current deploy.
Grey tick — a past deployment, no longer latest.
Yellow circle — has things available for promotion.
About the times: the timestamps on the workflow & deployments views are when the commit was merged to main — not when it was released. To see a release's actual time (and who approved & deployed it), open the workflow run and scroll to the bottom.
▶  LIVE DEMO

Let's see it in action

Tip: each card is a clickable link — open them as you talk through the colours above.

Recap

The TL;DR

Before

Manual, ceremonious, opaque — no staging, two repos, no traceability.

Now

dev → staging → prod. Auto-dev, one-step promotion, full traceability and diffs.

The win

Faster, safer releases. See what's deployed, what's changing, and the K8s diff — every time.

Your part

Trunk-based, short-lived branches, toggle unfinished work, promote commits forward.

Troubleshooting

When something doesn't deploy

⚠️ "I made a change, merged to dev, and it's not being picked up in a release."
Check the path triggers in ci-cd.yaml. If your changed files don't match a trigger path, the CI/CD workflow won't run for that change.

More gotchas will live here as we learn them — shout if you hit one.

Discussion · if time allows

Open questions — let's decide together

That's the change. A few things still need a team decision — not blockers, just choices about how we want to use the new setup.

1 · Staging as a demo environment
2 · Where do PoCs live?
3 · Who can do deploys?
Discussion · 1 of 3
❓ Staging as a pseudo-demo environment

Who owns staging?

Are we OK with this trade-off (demo stability vs. testing throughput)?

Discussion · 2 of 3
❓ Where do PoCs live?

PoCs: staging, or prod behind a toggle?

Option A — In staging

PoCs are tested in staging (current direction). Safer, but competes with demo use and is less production-realistic.

Option B — In prod, behind a toggle

PoCs live in prod, gated by a feature flag. Maximally realistic, but more risk and toggle discipline required.

Which do we want — and does it depend on the PoC?

Discussion · 3 of 3
❓ Who can do deploys?

Who can deploy — and who reviews?

Do we want guardrails — restricted deployers, required peer review, or extra gates for prod?

Questions?

dev staging prod

Traceable. Trunk-based. One-step promotion.

Release Process 2.0
1 / 17
Use to navigate · F fullscreen