Continuous deployment promises every passing commit ships to production within minutes — no manual gates, no release windows. The reality is messier. Most teams who flip the switch without the right tooling, tests, and rollback story end up firefighting in production within a week.
This is an implementation guide, not a theory dump. If you want the definition first, read what continuous deployment actually means. If you're still deciding between continuous delivery and continuous deployment, the continuous delivery vs continuous deployment breakdown covers the trade-off in detail — short version: continuous delivery still requires a human to push the button.
Below: a practical implementation walkthrough — the prerequisites you actually need, a five-stage pipeline you can copy, deployment patterns (blue-green, canary, rolling), the DORA metrics worth tracking, and how to wire it all together with a purpose-built deployment platform instead of duct-taping shell scripts onto a generic CI runner.
The five prerequisites for continuous deployment
Before any tooling, you need these in place. Skip any of them and you're not doing continuous deployment — you're doing continuous incidents.
- Trunk-based development or short-lived branches. Long-lived feature branches and continuous deployment are incompatible. Either use trunk-based development behind feature flags, or merge feature branches within 1-2 days. The longer a branch lives, the larger and riskier the eventual release.
- A test suite that runs in under 10 minutes and has meaningful coverage on critical paths. You don't need 100% coverage — you need confidence on the paths that take money or break customers. The DORA research consistently identifies test automation as one of the strongest predictors of deployment frequency.
- A one-command rollback. If
how do I roll back?
is answered by a Slack thread and a senior engineer, you cannot run continuous deployment safely. One-click rollback needs to be a button, not a runbook. - Production observability. Logs, metrics, and error rates need to be visible within seconds of a deploy, not minutes. If a bad deploy goes unnoticed for 30 minutes, the
minor incremental change
advantage of continuous deployment evaporates. - Feature flags or progressive exposure. Deployment ≠ release. Continuous deployment ships code; feature flags decide when users see it. This decoupling is what makes daily deploys safe.
If you don't have all five, start with continuous delivery (manual approval before production) and graduate to continuous deployment once the foundations are solid.
The five-stage continuous deployment pipeline
Every working continuous deployment pipeline has the same five stages, regardless of language or framework. Differences are in the tooling, not the structure.
| Stage | Purpose | Typical duration | Fail = block? |
|---|---|---|---|
| 1. Build | Compile, install dependencies, produce artifact | 1-5 min | Yes |
| 2. Test | Unit + integration + lint + type check | 3-10 min | Yes |
| 3. Static analysis | SAST, dependency scan (Snyk, npm audit, OWASP) | 1-3 min | Yes (high severity only) |
| 4. Deploy | Push artifact to production target | 30 sec - 5 min | Yes |
| 5. Post-deploy verification | Smoke tests, health checks, error rate watch | 2-15 min | Yes (auto-rollback) |
The last stage is the one most teams skip — and the one that makes the difference between continuous deployment and we just push to main and hope
. A two-minute smoke test that hits five critical endpoints catches 80% of broken deploys before users do.
A concrete example: Node.js app via GitHub Actions + DeployHQ
The build/test stages run in GitHub Actions (cheap, parallelisable, plays nicely with PR feedback). The deploy stage is handed off to a deployment-specific tool that knows how to talk to your servers, run SSH commands, and handle rollback.
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: '22' }
- run: npm ci
- run: npm run lint
- run: npm run typecheck
- run: npm test -- --coverage
- run: npm audit --audit-level=high
When the workflow passes, DeployHQ's webhook picks up the green commit on main, runs the build pipeline (transpile, bundle, generate artifacts), and pushes only the changed files to your servers via SFTP/SSH. The deploy itself usually takes under 30 seconds because differential uploads skip files that haven't changed.
The post-deploy verification runs as a DeployHQ post-deploy hook — a curl against a /health endpoint plus a check that recent error rates are below threshold. If either fails, an automatic rollback reverts to the previous release without human intervention.
Deployment patterns: which one fits your workload
Continuous deployment doesn't mean every deploy goes to 100% of users instantly
. The choice of deployment pattern is what separates a mature CD setup from a reckless one.
Rolling deployment
The default for most apps. Replace instances one at a time (or in small batches) while traffic continues. Works well when:
- You have ≥2 instances behind a load balancer.
- Database schema is backwards-compatible (old and new code can coexist).
- Sessions are stored externally (Redis, JWT, sticky-session-free).
Trade-off: A bad deploy still hits some users before health checks catch it. Acceptable for most non-critical paths.
Blue-green deployment
Two identical environments. Deploy to the idle one, smoke-test, then flip traffic at the load balancer. Rollback = flip back. DeployHQ's zero-downtime deployments use a variant of this pattern, where files are prepared in a release directory and atomically symlinked into place.
Trade-off: Doubles infrastructure cost during deploy. Worth it for revenue-critical services.
Canary deployment
Deploy to a small percentage of users (1-5%), watch error rates and business metrics, gradually ramp to 100%. The 4-eye principle of deployment patterns: automated gates plus human-readable telemetry catch problems before they scale.
Trade-off: Requires a routing layer that can split traffic (Istio, Linkerd, application-level routing, or a feature flag platform). More complex to set up but the safest pattern for high-traffic services.
Recreate (don't)
Stop everything, deploy, start everything. Incurs downtime. Acceptable for internal tools and dev environments only. If you're considering this for production, you're not doing continuous deployment yet — go set up a proper zero-downtime deployment first.
The DORA metrics: how to know it's working
The DORA (DevOps Research and Assessment) framework defines four metrics that correlate with team performance. Track them or you're flying blind.
| Metric | Elite team target | What it tells you |
|---|---|---|
| Deployment frequency | Multiple times per day | Pipeline speed and team velocity |
| Lead time for changes | Under 1 hour | Time from commit to production |
| Change failure rate | 0-15% | Quality of deploys reaching production |
| Mean time to recovery | Under 1 hour | Rollback and incident response maturity |
If change failure rate climbs above 15%, the answer isn't to deploy less often — it's to invest in test coverage, post-deploy verification, or canary deployments. Slowing down hides the symptom; the underlying problem still ships, just in larger, scarier batches.
Tooling: where the typical CI runner falls short
GitHub Actions, GitLab CI, CircleCI, and Jenkins are excellent at the build and test stages. They are mediocre at the deploy stage — and most continuous deployment failures happen at deploy time, not build time.
Generic CI runners struggle with:
- Server fleet management. You end up writing shell scripts that loop over IP addresses and pray nothing times out. There's no native concept of
deploy to these 4 servers, atomically, with rollback
. - Differential uploads. A typical CI runner rsyncs or scp's the whole build artifact every time. For PHP/WordPress/Laravel sites this means uploading 50,000 files for a 3-file change.
- Rollback without re-running the pipeline. Most CI tools'
rollback
means re-running the previous workflow and hoping the build is reproducible. Real rollback needs to be instant and not require a green build. - SSH/SFTP/FTP targets. Plenty of production fleets still deploy via SFTP to managed hosting. CI/CD pipelines genuinely struggle with FTP, and bolting it on is painful.
This is the niche purpose-built deployment platforms fill. Compare options in the best CI/CD tools breakdown — the right answer depends on your stack.
How DeployHQ fits a continuous deployment workflow
DeployHQ is a Git deployment automation platform that handles the deploy stage specifically — the part generic CI runners do poorly. It's typically paired with GitHub Actions, GitLab CI, or any CI runner for the build/test stages, then takes over for delivery to production.
The relevant capabilities for continuous deployment:
- Auto-deploy on green commits. DeployHQ watches your
mainbranch (or any branch/tag pattern) and triggers a deploy as soon as a passing commit lands. Works with deploy from GitHub and deploy from GitLab out of the box. - Differential file transfer. Only changed files get uploaded. For a typical WordPress or Laravel project, a deploy that would take 4 minutes via rsync runs in 15-20 seconds.
- Pre- and post-deploy hooks. SSH commands run on your server before/after the file transfer — database migrations, cache warming, queue worker restarts, smoke tests, Slack notifications. Hooks can short-circuit a deploy if they fail.
- One-click rollback. Every deployment is recorded; reverting to any previous version is a button, not a script. No re-build required.
- Scheduled deployments. For teams that prefer release windows, scheduled deployments let you queue deploys for off-peak hours while keeping the rest of the workflow automated.
- RESTful API and webhooks. Trigger deploys from external systems, fetch deployment history, or pipe events into Slack/PagerDuty/Datadog.
- CLI access. With DeployHQ Agents, you can deploy from your terminal as part of an MCP-enabled workflow.
For teams who want the full step-by-step setup, the first-deployment walkthrough covers project creation, server config, and the first deploy in about 10 minutes. For a more in-depth pipeline build, the building a CI/CD pipeline from scratch guide walks through a full GitHub Actions + DeployHQ setup.
Common implementation gotchas
A few real failure modes worth knowing before you flip the switch:
- Database migrations that aren't backwards-compatible. Rolling and blue-green deployments require old and new code to coexist during the rollout. Adding a NOT NULL column without a default will break the old instances mid-deploy. The fix: ship migrations in two steps — add column (nullable, defaulted) in deploy N, backfill, then make NOT NULL in deploy N+1.
- Long-running migrations that lock tables. A 10-minute
ALTER TABLEon a 50M-row table will lock production. Use online schema-change tools (pt-online-schema-change, gh-ost) or run migrations out-of-band. - Cache invalidation timing. Code that depends on a cached config will see the old config until the cache rotates. Either invalidate the cache in a post-deploy hook or version your cache keys with the deploy hash.
- Cron jobs and queue workers. Long-running processes don't pick up new code automatically. Restart workers in a post-deploy hook, or use a process manager that supports graceful reloads (PM2, systemd with
Type=notify). - Secret rotation during deploy. Don't deploy a new app version and rotate its database password in the same window. Stagger them so a rollback doesn't lock you out of the old version.
These are unglamorous, but they're the gotchas that bite teams in week 2 of running continuous deployment.
Frequently asked questions
Is continuous deployment the same as continuous delivery?
No. Continuous delivery keeps software always releasable but typically still requires manual approval before production. Continuous deployment automatically pushes to production after checks pass — same pipeline, one fewer human gate.
Do I need 100% test coverage before adopting continuous deployment?
No. You need strong automated checks on critical paths — the flows that take money, change accounts, or affect a large share of users. Most teams adopt continuous deployment gradually and strengthen coverage over time. DORA research shows test automation matters more than raw coverage numbers.
Can DeployHQ roll back database changes automatically?
DeployHQ runs the SSH commands you define, including rollback commands. The actual rollback behaviour depends on your migration tooling (Rails migrations, Flyway, Liquibase, Alembic, DbUp) and the rollback scripts those tools generate. Plan and test rollback scripts the same way you test forward migrations.
What's the safest way to start with continuous deployment?
Pick one low-risk service (internal tool, marketing site, non-critical API). Enforce automated tests, post-deploy smoke tests, and one-command rollback. Run continuous deployment on it for 2-4 weeks while you tune health checks and alerts. Once change failure rate is under 15% and mean time to recovery is under an hour, expand to additional services.
How is continuous deployment different from CI/CD?
Continuous integration is the practice of merging code frequently and running automated tests on every commit. Continuous deployment is what happens after CI passes — automatically shipping to production. The complete CI/CD pipelines guide covers both halves.
Ready to set up a continuous deployment pipeline that works in production? Start a free DeployHQ trial and connect your first repository in under 10 minutes — or compare plans if you're scaling to multiple projects.
Questions about your continuous deployment setup? Email us at support@deployhq.com or follow @deployhq for deployment tips and updates.