Skip to content
AI Playbook

Deployment: Predictive CI/CD

Goal: Move from “Blind Deployment” to Risk-Aware Release Orchestration. AI analyzes the changes, predicts the impact, and decides whether to deploy.

The Workflow

Section titled “The Workflow”
graph TD
    Dev[Developer] -->|Push Code| git[GitHub]
    git -->|Trigger| Pipeline[CI Pipeline]
    Pipeline -->|Analysis| AI[Risk Analyzer Agent]
    AI -->|Score Low| Deploy[Auto-Deploy]
    AI -->|Score High| Manual[Manual Approval Needed]
    Deploy -->|Canary| Monitor[AI Monitor]
    Monitor --x|Error Spike| Rollback[Auto-Rollback]
    
    style AI fill:#ffcc80
    style Monitor fill:#b39ddb
    style Rollback fill:#ef9a9a

Tools Used

Section titled “Tools Used”
  • Orchestration: GitHub Actions / Azure DevOps.
  • IaC: Terraform / Bicep (generated by AI).
  • Deployment: ArgoCD / Kubernetes.
  • Risk Analysis: Custom script calling LLM with git diffs.

Step-by-Step Implementation

Section titled “Step-by-Step Implementation”
  1. Generate Infrastructure: Use AI to write Terraform Scripts.
  2. Generate Pipeline Config: Ask AI to write the YAML for GitHub Actions.
  3. Release Risk Scoring: Add a step in CI that sends the git diff to an LLM: “Rate the risk of this change on a scale of 1-100.”
  4. Canary Deployment: Use AI to monitor the health of the Canary release.

Example Scenario: Deploying a Microservice

Section titled “Example Scenario: Deploying a Microservice”

1. Generating IaC (Terraform)

Section titled “1. Generating IaC (Terraform)”

Prompt:

“Write a Terraform script for an Azure App Service Plan and a Linux Web App. Include a Staging slot.”

AI Output:

resource "azurerm_service_plan" "example" {
  name                = "example-app-service-plan"
  os_type             = "Linux"
  sku_name            = "P1v2"
  ...
}

2. Release Risk Scoring (The “AI Gate”)

Section titled “2. Release Risk Scoring (The “AI Gate”)”

Concept: Instead of deploying everything, we script a check:

Prompt to LLM:

“Analyze these files changed in this PR: auth-service.ts, database-schema.sql. Does this involve:

  1. Authentication Logic? (High Risk)
  2. Database Migrations? (High Risk)
  3. UI Colors? (Low Risk) Output a JSON with { riskScore: number, reason: string }.”

Response:

{ "riskScore": 85, "reason": "Modifies core authentication logic and schema." }

Pipeline Logic:

If riskScore > 50, require Manager Approval. Else, Auto-Deploy.

Implementation Guidelines

Section titled “Implementation Guidelines”
  • Don’t Trust, Verify: AI generated Terraform can sometimes destroy resources. Always run terraform plan first.
  • Context Limit: You can’t send the whole codebase diff. Send the filenames and summaries of changes.
  • Explainability: If AI blocks a deployment, it must explain why (e.g., “Detected potential SQL injection vulnerability in line 45”).

Key Pitfalls

Section titled “Key Pitfalls”

Key Takeaways

Section titled “Key Takeaways”
  1. Smart Gates: Replacing hard-coded rules with semantic understanding (e.g., “Is this risky?” vs “Did test pass?”) is a game changer.
  2. Velocity: Low-risk changes (CSS, Copy) fly through; High-risk changes get scrutiny.
  3. Infrastructure is Code: And AI is great at writing code.