Standard : Artifact promotion between environments is automated and tracked

Purpose and Strategic Importance

This standard ensures that artifact promotion between environments (e.g., development, staging, production) is fully automated, governed, and traceable. Promoting validated artifacts without rebuilds preserves integrity, reduces human error, and accelerates safe delivery.

Aligned to our "Automate Everything Possible" and "Architect for Change" policies, this standard protects build fidelity, strengthens security, and increases deployment speed and confidence. Without it, deployments become manual, inconsistent, and error-prone, undermining trust in delivery pipelines.

Strategic Impact

Clearly defined impacts of meeting this standard include faster, safer deployments, improved auditability, reduced deployment errors, and stronger confidence in the delivery pipeline.

Risks of Not Having This Standard

  • Inconsistent artifact versions deployed across environments
  • Increased manual errors and deployment outages
  • Reduced confidence in release quality
  • Lack of traceability for compliance and auditing
  • Slower deployment cycles due to manual handoffs

CMMI Maturity Model

Level 1 – Initial

  • People & Culture

    • Artifact promotion relies on manual steps or scripting.
    • Limited awareness of the risks of rebuilding or manually copying artifacts.

  • Process & Governance

    • No consistent process for moving builds between environments.
    • Artifacts may differ between test and production deployments.

  • Technology & Tools

    • Builds are manually triggered or recompiled for each environment.
    • No centralized artifact repository.

  • Measurement & Metrics

    • No tracking of artifact promotion or deployment integrity.

Level 2 – Managed

  • People & Culture

    • Teams begin scripting artifact copying between environments.
    • Some attention to maintaining artifact integrity.

  • Process & Governance

    • Basic guidelines introduced to encourage artifact reuse.
    • Manual verification steps remain common.

  • Technology & Tools

    • Simple artifact repositories (e.g., shared drives, basic storage) are used.

  • Measurement & Metrics

    • Some logs or records of promotions are kept manually.

Level 3 – Defined

  • People & Culture

    • Teams value artifact immutability and promotion discipline.
    • Ownership of artifact lifecycle is clear.

  • Process & Governance

    • Standard processes ensure artifacts are built once and promoted.
    • Manual rebuilds after test are prohibited.

  • Technology & Tools

    • Central artifact repositories (e.g., Artifactory, Nexus) are mandated.
    • CI/CD pipelines automate artifact promotion with metadata tagging.

  • Measurement & Metrics

    • Artifact promotion logs are automatically captured.
    • Traceability from commit to deployment is ensured.

Level 4 – Quantitatively Managed

  • People & Culture

    • Teams monitor and optimise artifact promotion times and success rates.
    • Promotion failures are treated as incidents for root cause analysis.

  • Process & Governance

    • Promotion processes include approvals or automated checks where required.
    • Compliance and audit requirements are consistently met through traceability.

  • Technology & Tools

    • Artifacts are cryptographically signed or checksummed.
    • Automated promotion tracking integrated with deployment dashboards.

  • Measurement & Metrics

    • Artifact promotion success/failure rates are tracked and reported.
    • Deployment discrepancies are identified and addressed quickly.

Level 5 – Optimising

  • People & Culture

    • Artifact promotion processes evolve through continuous feedback.
    • Teams experiment with further optimisations (e.g., progressive rollouts).

  • Process & Governance

    • Promotion metadata feeds into release readiness assessments.
    • Automated verification of artifact provenance is standard.

  • Technology & Tools

    • Intelligent artifact routing optimises deployment speed and reliability.
    • Anomaly detection alerts on unusual promotion patterns.

  • Measurement & Metrics

    • Deployment lead time is continuously reduced.
    • Compliance audit success rate approaches 100%.

Key Measures

  • % of deployments using automated artifact promotion
  • Artifact promotion success rate (first-pass success)
  • Time from artifact build to production deployment
  • % of releases with full traceability from source to environment
  • Number of promotion-related incidents or rollbacks