diagrams
DevOps

Deployment Approval Flow

A deployment approval flow is the governance process that requires explicit human or automated authorization before a new version of an application is released to a controlled environment, balancing speed of delivery with risk management.

diagram.mmd — flowchart
Edit in Graphlet →
Deployment Approval Flow flowchart diagram
About Source

A deployment approval flow is the governance process that requires explicit human or automated authorization before a new version of an application is released to a controlled environment, balancing speed of delivery with risk management.

How the flow works

The flow is triggered when the CD Pipeline completes all automated checks in a lower environment and is ready to promote to a higher one — usually staging-to-production or pre-prod-to-prod. The pipeline pauses and creates an approval request, attaching a deployment summary: the version being deployed, the changelog since the last release, the test results, and the name of the engineer requesting the deployment.

The approval request is routed to the designated approver group. This might be a dedicated release manager, the on-call engineer, a product owner, or an automated policy engine. The approver reviews the attached summary and makes a decision: approve or reject. If the approver needs more information, they can request clarification, placing the request back in a pending state.

If the deployment is rejected, the pipeline is cancelled and the requesting team is notified with the rejection reason, allowing them to address concerns and resubmit. If approved, the pipeline resumes and the deployment proceeds to the target environment.

Some organizations implement time-window constraints — deployments are only permitted during business hours or outside peak traffic periods. The approval flow can enforce these windows automatically, queuing approved deployments until the next permitted window opens.

Capturing every approval decision creates an audit trail that is invaluable for compliance reviews and incident post-mortems.

Free online editor
Edit this diagram in Graphlet
Fork, modify, and export to SVG or PNG. No sign-up required.
Open in Graphlet →

Frequently asked questions

A deployment approval flow is the governance step that requires explicit authorisation — from a human or an automated policy — before a new version is released to a controlled environment. It balances delivery speed with risk management.
When the CD pipeline is ready to promote to a higher environment, it pauses and creates an approval request containing the version, changelog, and test results. A designated approver reviews the summary and either approves (resuming the pipeline) or rejects (cancelling with a reason).
Use automated approval for low-risk, low-traffic changes that have passed a comprehensive automated test suite. Require manual approval for high-risk changes (database migrations, security updates, major feature releases) or deployments to production during peak traffic periods.
mermaid
flowchart TD PipelineReady[CD pipeline ready to deploy] --> CreateRequest[Create approval request with deployment summary] CreateRequest --> NotifyApprovers[Notify approver group] NotifyApprovers --> ApproverReview[Approver reviews changelog and test results] ApproverReview --> Decision{Approver decision} Decision -->|Clarification needed| RequestInfo[Request more information] RequestInfo --> ApproverReview Decision -->|Rejected| RejectDeploy[Cancel deployment pipeline] RejectDeploy --> NotifyTeam[Notify team with rejection reason] Decision -->|Approved| TimeWindow{Within permitted deploy window?} TimeWindow -->|No| QueueDeploy[Queue deployment for next window] QueueDeploy --> TimeWindow TimeWindow -->|Yes| ProceedDeploy[Resume deployment pipeline] ProceedDeploy --> AuditLog[Record approval in audit log] AuditLog --> Done[Deployment proceeds to environment]
Copied to clipboard