DEV Community

Jan Duris
Jan Duris

Posted on

CI is green. Your release may still be risky.

Every team has a moment like this: CI passes, the PR gets merged, the deploy goes out — and two hours later someone's asking why checkout is throwing 500s in production.

Nobody skipped a step. The pipeline was green the whole time.

The false comfort of green CI
Green CI feels like permission. It's a checkmark, it's fast, and it's automated — so it's easy to treat it as the final word on whether a release is safe. For a lot of teams, "tests passed" and "safe to ship" have quietly become the same sentence.

They're not.

What CI actually checks
Most CI pipelines are built to catch a specific, narrow slice of problems:

  • Does the code compile / build?
  • Do unit tests pass?
  • Does lint pass?
  • Maybe: does a small integration suite pass?

That's genuinely useful. It catches typos, broken imports, obvious logic errors, regressions in covered code paths. It's necessary.

It's just not the same thing as "this release is safe to put in front of users."

What CI doesn't tell you
CI has no opinion on:

  • Downstream dependencies — does the third-party API you call still behave the way your integration test mocked it to?

  • Manual steps — did someone actually run the DB migration on staging before merging, or is that still "to do"?

  • Deploy-time risk — blue-green cutover, cache invalidation, feature flag state — none of that is exercised by a test suite that runs against a branch.

  • Human process gaps — did the person who approved this PR actually understand the blast radius, or did they approve because the CI badge was green?

None of this shows up as a failing check. It shows up as an incident.

Release risk is a different question than test pass/fail
"Did the tests pass" is a yes/no question about code. "Is this release safe to ship" is a probabilistic question about a system: what changed, how big is the diff, does it touch a critical path, is there a rollback plan, has this kind of change caused problems before.

Most teams answer that second question with vibes — a Slack message, a shrug, "looks fine to me." That works fine until it doesn't, and by the time it doesn't, you're writing a postmortem instead of a checklist.

What a release risk gate actually looks like
The teams that don't get burned by this usually have some version of the same thing, whether they call it that or not:

  • A policy layer that blocks release on concrete conditions (required approvals, coverage thresholds, freeze windows) — not vibes, actual enforced rules.

  • A signal aggregator that pulls test results, error rates, and coverage into one release health view instead of five open tabs.

  • An audit trail — an immutable record of what was actually in a release, so when something breaks you're debugging from evidence, not memory.

None of this requires an enterprise platform. Small teams can build a lightweight version of this with GitHub Actions, a policy file, and some discipline. The point isn't the tooling — it's separating "code compiles" from "release is safe" as two distinct questions with two distinct answers.

Where to start if you don't have this yet
You don't need to build a whole release control system this week. Start smaller:

  • Write down the 3–5 things that, if skipped, have caused an incident before. Turn them into a checklist that's actually enforced, not just documented.

  • Add one non-negotiable gate to your PR template — coverage on touched files, or a manual QA sign-off for anything touching payments/auth.

  • Capture a snapshot of what shipped in each release (commit list, who approved, what tests ran) so your next postmortem starts with facts instead of "let me check Slack."

If you want a starting point instead of building it from scratch, I put together a Release Checklist Pack and a GitHub QA Gates Pack — practical templates for exactly this, no platform lock-in required.

I'm building Dulvarn, a release control system for GitHub-first teams, plus a set of standalone QA/release tools and templates. This post reflects my own experience shipping software, not any employer's views or confidential information.

Top comments (0)