Standard : Artifact promotion between environments is automated and tracked

Purpose and Strategic Importance

This standard ensures that artifact promotion between environments (e.g., development, staging, production) is fully automated, governed, and traceable. Promoting validated artifacts without rebuilds preserves integrity, reduces human error, and accelerates safe delivery.

Aligned to our "Automate Everything Possible" and "Architect for Change" policies, this standard protects build fidelity, strengthens security, and increases deployment speed and confidence. Without it, deployments become manual, inconsistent, and error-prone, undermining trust in delivery pipelines.

Strategic Impact

  • Faster, safer, and more frequent releases
  • Greater trust in build and deploy pipelines
  • Stronger audit and compliance posture
  • Reduced friction in promoting features to production
  • Improved consistency and reduction in manual effort

Risks of Not Having This Standard

  • Inconsistent artifact versions deployed across environments
  • Increased manual errors and deployment outages
  • Reduced confidence in release quality
  • Lack of traceability for compliance and auditing
  • Slower deployment cycles due to manual handoffs

CMMI Maturity Model

Level 1 – Initial

Category Description
People & Culture Artifact promotion relies on manual steps or scripting.
Low awareness of build reproducibility risks.
Process & Governance No defined promotion process.
Test and production artifacts may differ.
Technology & Tools Builds are manually triggered or recompiled per environment.
No centralized artifact store.
Measurement & Metrics Promotion tracking is ad hoc or non-existent.

Level 2 – Managed

Category Description
People & Culture Teams begin scripting artifact copying.
Awareness of integrity grows.
Process & Governance Guidelines encourage reuse of built artifacts.
Still heavily reliant on manual verification.
Technology & Tools Shared drives or basic storage used.
Promotion not integrated into CI/CD.
Measurement & Metrics Promotion logs are sometimes recorded manually.

Level 3 – Defined

Category Description
People & Culture Teams embrace artifact immutability and shared pipelines.
Process & Governance Artifacts are built once and promoted through controlled stages.
Manual rebuilds are disallowed.
Technology & Tools Repositories (e.g., Artifactory, Nexus) and CI/CD integration are in place.
Metadata tagging applied.
Measurement & Metrics Full traceability enabled.
Promotion actions automatically logged and visible.

Level 4 – Quantitatively Managed

Category Description
People & Culture Teams track promotion failures and improve based on insights.
Process & Governance Automated gates, approvals, and compliance checks exist.
Audit readiness is maintained.
Technology & Tools Signed/checksummed artifacts.
Dashboards show promotion flow and integrity.
Measurement & Metrics Success/failure rates and promotion lead times are monitored.

Level 5 – Optimising

Category Description
People & Culture Teams experiment with rollout strategies and feedback loops to optimise flow.
Process & Governance Promotion metadata feeds release readiness and operational decisions.
Technology & Tools Intelligent routing and anomaly detection support real-time assurance.
Measurement & Metrics Promotion throughput improves over time.
Compliance rate approaches 100%.

Key Measures

  • % of deployments using automated artifact promotion
  • Artifact promotion success rate (first-pass success)
  • Time from artifact build to production deployment
  • % of releases with full traceability from source to environment
  • Number of promotion-related incidents or rollbacks