This cheatsheet is a release-safety quick start for teams that need to ship frequently while limiting blast radius, using clear rollback triggers, canary checks, and incident command discipline to make decisions quickly under deployment pressure without turning every deploy into a high-stakes guessing game.
Pre-release Gate
- Feature flags are available for risky changes.
- Health checks are green in staging.
- Migration strategy includes backward compatibility.
- Rollback owner is explicitly assigned.
10-Minute Release Checklist
- Deploy to a small canary slice first.
- Watch error rate, p95 latency, and saturation.
- Compare business KPIs against baseline.
- Pause rollout immediately if two signals degrade.
Rollback Decision Rules
Rollback now if any of these happen:
- Error rate increases by more than 2x baseline for 5 minutes.
- p95 latency increases by more than 50% for critical endpoints.
- Checkout/auth/payment funnels drop materially.
- On-call cannot identify a safe mitigation in under 10 minutes.
Hotfix vs Rollback
- Choose rollback when blast radius is broad or diagnosis is unclear.
- Choose hotfix only when issue is isolated and fix is verified.
- Never do both simultaneously without a single incident commander.
Post-Incident Notes
Record before closing:
- Exact trigger condition and detection timestamp.
- Why guardrails did or did not fire.
- Follow-up action to prevent repeat failures.