Deploy Windows vs Continuous: When Each Is Right

Continuous deploy is the engineering ideal; deploy windows are the realistic compromise for many businesses.

The continuous-deploy case

Continuous deploy is the engineering ideal. Code merges, CI passes, the change ships to production with no human gate. The case rests on mature observability and rollback.

• Mechanism. Code merges trigger CI; CI passes triggers deploy; production receives the change without manual intervention.
• Optimises for speed. Lead time from merge to production drops to minutes; the team ships routinely.
• Assumes maturity. Strong observability, fast rollback, and trust in the test suite are prerequisites.
• DORA correlation. Higher deploy frequency correlates with better reliability across DORA metrics; the data backs the model.

The deploy-windows case

• Deploy windows: deploys only during specific hours; manual approval often required.
• Optimizes for low-risk windows; assumes deploy carries non-trivial risk.

Four signals

Four signals decide whether continuous deploy fits. Each one has a clear answer once you ask; the answers compose into the right deploy posture.

• Customer sensitivity. Banks, healthcare, high-stakes products lean toward gated deploys; consumer SaaS leans continuous.
• Team maturity. Without rollback discipline and runbook hygiene, continuous deploy is unwise.
• Observability depth. Continuous deploy requires strong production telemetry; without it, the team is flying blind.
• Regulatory regime. Some compliance regimes (HIPAA, PCI, SOX) require change-management documentation that gated deploys make easier.

The hybrid posture

Most mature teams run a hybrid. Continuous to staging, window-gated to production; or continuous to production with manual gate for high-risk changes only.

• Staging continuous, prod gated. Continuous deploy to staging gives confidence; prod has explicit window or approval.
• Prod continuous, exceptions gated. Continuous to prod, manual gate only for changes flagged high-risk by classifier.
• Per-service. Different services on different cadences; high-risk services gated, low-risk continuous.
• Risk classifier drives. A blast-radius classifier on the PR decides which gate applies; mechanical, not political.

Antipatterns

• Continuous deploy without observability. Outages without diagnosis.
• Deploy windows that span 4 days. Defeats the purpose.
• Manual gate as the only safeguard. Replace with metrics + automation.

What to do this week

Three moves. (1) Apply this to one pipeline first. (2) Measure deploy frequency / MTTR before/after. (3) Document the outcome so the next team starts from data.