Stage: deploy-prod
The deploy-prod stage is the control auditors care about most: production is never automatic. A change-advisory-board member must approve, that approval is itself attested, and the Helm deploy runs in atomic mode so a failed migration rolls back cleanly.
Part of the Full pipeline action map. Use the Fullscreen button on the diagram to view it edge-to-edge.
flowchart TD
WAIT{"servicenow:cr:wait-prod<br/>poll for CAB approval<br/>(allow_failure: false)"}
MAN{"deploy:helm:prod<br/>when: manual — operator must trigger"}
APPR["fides:attest:approval<br/>attest CR approval + DORA"]
DEPLOY["deploy:helm:prod<br/>deployment gate -> karc-prod<br/>(podtato-head: ArgoCD manual sync)"]
ATT["fides:attest:deploy:prod<br/>deploy attestation"]
WAIT -->|approved| APPR
WAIT -->|approved| MAN
MAN -->|operator clicks play| DEPLOY --> ATT
WAIT -->|rejected / timeout| FAIL["pipeline fails"]
class WAIT,MAN gate
class DEPLOY prod
class ATT,APPR attest
class FAIL fail
classDef prod fill:#b62324,stroke:#6e0f10,color:#ffffff
classDef attest fill:#2da44e,stroke:#116329,color:#ffffff
classDef gate fill:#9a6700,stroke:#5c3d00,color:#ffffff
classDef fail fill:#b62324,stroke:#6e0f10,color:#ffffff
Jobs in this stage
Section titled “Jobs in this stage”| Job | What it does | Why |
|---|---|---|
servicenow:cr:wait-prod | Polls the prod CR for approval, chained after the qa approval. allow_failure: false. | Hard gate — production blocks on CAB approval; rejection/timeout fails the pipeline. |
deploy:helm:prod | when: manual — an operator must trigger it. Deployment gate into karc-prod: ensures the namespace + gitlab-registry pull secret and emits deploy.env for the CR-close/attestation chain. It no longer runs helm upgrade — podtato-head is deployed by ArgoCD (prod auto-sync is disabled by policy, so an operator manually syncs the Application after promote.sh bumps the tag). | Two gates: a human click and the approved CR, before GitOps rolls prod. |
fides:attest:approval | Attests the CR approval (number, risk, approver, timestamp) + DORA approval metric. | Bridges the ServiceNow CAB sign-off into the immutable trail; satisfies the karc-prod-strict policy. |
fides:attest:deploy:prod | Writes the prod deploy attestation. | Completes the evidence chain for production. |
Why this stage exists
Section titled “Why this stage exists”Every other gate can auto-approve; this one cannot. Production requires a human
CAB decision, enforced by the pipeline (when: manual + the approval poll) and
recorded as evidence (fides:attest:approval). Atomic Helm makes the deploy
itself safe to fail.
Stages: deploy-qa → deploy-prod → post-deploy · all stages