Back
Zero to Production in Thirty Minutes

Zero to Production in Thirty Minutes

/8 min read/
DevOpsCI/CDArchitecture

On a new engineer's first day at our company, they deploy to production. Not as a stunt. Not as a hazing ritual. It is part of their onboarding, and it takes thirty minutes from the moment they push code.

This was not always the case. Two years ago, our deployment process involved a shared staging environment, a manual QA sign-off, a deployment coordinator who ran a 47-step checklist, and a prayer. A single deployment took the better part of a day, and we shipped twice a week on "deployment Tuesdays and Thursdays." The anxiety around those days was palpable.

Today, we deploy to production dozens of times per day, and nobody breaks a sweat. Here is how we got there.

The North Star

Before diving into the technical details, I want to explain the principle that guided every decision: any engineer should be able to go from code to production in 30 minutes with full confidence, regardless of experience level.

That "regardless of experience level" part is critical. If your deployment process requires tribal knowledge — knowing which config file to tweak, which Slack channel to notify, which incantation to type — then you have not built a pipeline. You have built a set of folk customs.

The 30-minute constraint forced us to eliminate every manual step that could not justify its existence. It turns out most of them could not.

The Pipeline in Detail

Here is what happens from the moment an engineer merges code to main.

Stage 1: Build and Unit Tests (0-4 minutes)

The merge triggers our CI pipeline. We use a monorepo, so the first thing the pipeline does is determine which services are affected by the change using dependency graph analysis. This is crucial — we are not rebuilding the entire system for a one-line change.

Affected services get built in parallel. Unit tests run during the build phase, not after it. We made a deliberate architectural choice early on: unit tests must be fast. If a unit test takes more than 100 milliseconds, it is not a unit test — it is an integration test wearing a disguise. This policy keeps our unit test suite under two minutes for any individual service.

The build produces immutable Docker images tagged with the git SHA. These exact images are what will run in production. No rebuilding later. No "works on my machine." The artifact you test is the artifact you deploy.

Stage 2: Integration Tests (4-12 minutes)

This is where things get interesting. Each affected service gets spun up in an isolated environment with its real dependencies — databases, message queues, caches — provisioned as ephemeral containers. We use a custom orchestrator built on top of Kubernetes that can spin up a complete service topology in under 90 seconds.

Integration tests exercise the actual API contracts between services. We auto-generate contract tests from our OpenAPI specifications, so if a service changes its API shape, the tests catch it before any human needs to notice.

Database migrations run in this stage too. If your migration is destructive or takes too long, you find out here, not in production at 2 AM.

One thing we learned the hard way: flaky tests are deployment pipeline poison. We have a zero-tolerance policy. If a test fails intermittently, it gets quarantined immediately and the owning team has 48 hours to fix or delete it. We track test reliability as a team-level metric. Our current suite reliability is 99.7%.

Stage 3: Security and Compliance Scanning (runs in parallel with Stage 2)

Given that we operate in a regulated industry, this stage is non-negotiable. Container images get scanned for known vulnerabilities. Dependencies are checked against our approved list. Static analysis tools look for common security anti-patterns — SQL injection vectors, unvalidated inputs, hardcoded credentials.

We also run automated compliance checks specific to our regulatory requirements. Things like ensuring PHI is never logged, encryption is enforced for data at rest, and audit trails are properly maintained. These used to be manual review items. Automating them was one of the highest-ROI investments we made.

Stage 4: Canary Deployment (12-22 minutes)

This is the stage that gives us confidence to deploy dozens of times a day. Rather than deploying to all production instances at once, we deploy the new version to a small subset — typically 5% of traffic.

During the canary window, we monitor a set of golden signals: error rate, latency (p50, p95, p99), throughput, and business-specific metrics like transaction completion rate. We set automatic thresholds: if the error rate increases by more than 0.1% or p99 latency degrades by more than 50 milliseconds, the canary is automatically rolled back. No human intervention required.

The canary period runs for ten minutes. We arrived at that duration through experimentation — it is long enough to surface most issues with statistical significance, but short enough to keep the pipeline fast.

If the canary passes, the deployment gradually rolls out to the full fleet over the next few minutes. If anything goes wrong during the rollout, automatic rollback kicks in.

Stage 5: Post-Deployment Verification (22-30 minutes)

After full rollout, a suite of synthetic transactions runs against production. These are not tests in the traditional sense — they are real user journeys executed by automated agents. Sign up for an account. Create a resource. Perform a transaction. Verify the result. If any of these fail, we get alerted immediately.

We also compare key business metrics against their historical baselines. A deployment that passes all technical checks but causes a 15% drop in user engagement is still a bad deployment. The system flags anomalies for human review but does not auto-rollback based on business metrics alone — those require judgment.

What Made This Possible

The pipeline I described above is not complicated in concept. Most engineering leaders could sketch something similar on a whiteboard. The hard part is building the organizational discipline to make it real. Here is what actually mattered.

Investing in Developer Experience

We have a dedicated platform engineering team whose entire job is making the deployment pipeline fast, reliable, and invisible. They treat internal engineers as their customers and measure success by deployment frequency and engineer satisfaction scores.

This team maintains the CI infrastructure, the ephemeral environment orchestrator, the canary deployment system, and all the tooling around it. When the pipeline breaks, they are on call. When it is slow, it is their top priority. This level of investment is not cheap, but the leverage is enormous — every minute saved in the pipeline is multiplied by every engineer and every deployment.

Trunk-Based Development

We moved to trunk-based development early on. Engineers work on short-lived feature branches — ideally less than a day — and merge to main frequently. Long-lived branches are the enemy of fast deployment because they create large, risky changesets.

Feature flags decouple deployment from release. Engineers can merge code to main and deploy it to production without exposing it to users. This means deployment is a non-event — it is just shipping code. The decision to enable a feature for users is separate, controlled by product managers through our feature flag system.

Testing Philosophy

Our testing pyramid is strictly enforced. Many unit tests (fast, cheap). Fewer integration tests (slower, more expensive, but high-value). Very few end-to-end tests (slow, brittle, but necessary for critical paths).

The most important testing decision we made was to optimize for speed over coverage in the pipeline. A test suite that takes an hour to run and catches 98% of bugs is worse than a test suite that takes ten minutes and catches 90% of bugs — because the fast suite enables more frequent deployment, which means smaller changesets, which means fewer bugs in the first place.

Culture of Ownership

Every service has a clear owner. Every deployment is automatically attributed to the engineer who merged the code. There is no deployment coordinator, no release manager, no "ops team" that handles production. If you wrote the code, you own the deployment.

This might sound intimidating, but combined with the safety nets described above — automated tests, canary deployments, automatic rollbacks — it is actually liberating. Engineers feel confident deploying because they know the system will catch problems before users are affected.

The Numbers

Since implementing this pipeline:

  • Deployment frequency went from twice per week to an average of 34 times per day.
  • Lead time for changes went from 5 days to under 30 minutes.
  • Change failure rate dropped from 12% to 1.8%.
  • Mean time to recovery went from 4 hours to 11 minutes (automatic rollback handles most incidents).

These are not vanity metrics. They directly translate to faster feature delivery, fewer production incidents, and happier engineers. Our last internal survey showed that 91% of engineers rate our deployment process as "good" or "excellent."

Start Where You Are

If your current deployment process involves manual steps, long test suites, and deployment anxiety, you do not need to build everything I described at once. Start with the highest-leverage change: make your build fast and your deploys automatic. Eliminate one manual step per sprint. Measure deployment frequency and lead time, and hold yourself accountable to improving them.

The thirty-minute pipeline was not built in a day. It was built one improvement at a time, over eighteen months, by a team that refused to accept "that's just how deployments work" as an answer.

Every engineer deserves to ship code with confidence. Building the pipeline that makes that possible is one of the most valuable things a technical leader can do.