Chapter 17: CI/CD and GitOps for Infrastructure

Word target: 3,400
Primary deliverable: Change pipeline with rollback controls
Key diagrams: Pipeline stages and promotion flow

Learning Goals

• Gate infrastructure changes with automated checks.
• Build safe promotion path from dev to live environments.
• Implement deterministic rollback for failed changes.

MVP Lab Worksheet

• Objective: Add CI checks to infra repo.
• Starting state: IaC/config repos exist.
• Steps:
  1. Add lint/validation jobs.
  2. Enforce PR-based change approvals.
  3. Verify failed check blocks merge.
• Evidence: CI run logs and policy config.
• Exit criteria: Unvalidated changes cannot reach main branch.
• Rollback: Temporarily disable strict gate via emergency policy.

Advanced Lab Worksheet

• Objective: Test end-to-end rollback path.
• Starting state: CI gates active.
• Steps:
  1. Introduce a controlled bad deploy.
  2. Trigger rollback workflow.
  3. Validate service and infra state recovery.
• Evidence: Deployment and rollback timeline.
• Exit criteria: Rollback completes inside target window.
• Rollback: Reapply last known good release tag.

Author Gap Check

Document when manual intervention is allowed and who approves it.