Skip to content
Latchkey

How to Log Incidents and Rollbacks in CI

Marking a deployment inactive on rollback and stamping the incident id gives auditors a clear record of what was reverted, why, and by whom.

Change control covers rollbacks too. When you revert, update the GitHub deployment status and emit a structured record that links the action to an incident. This page shows the pattern; it is educational guidance for auditable remediation.

Steps

  • Trigger the rollback with the target version and the incident id as inputs.
  • Set the prior deployment status to inactive and the rollback to success.
  • Emit a structured log line linking the rollback to the incident.

Rollback job

.github/workflows/rollback.yml
on:
  workflow_dispatch:
    inputs:
      to_sha: { required: true }
      incident: { required: true }
permissions:
  deployments: write
jobs:
  rollback:
    runs-on: ubuntu-latest
    environment: production
    steps:
      - run: ./deploy.sh --sha "${{ github.event.inputs.to_sha }}"
      - run: |
          echo "{\"event\":\"rollback\",\"to_sha\":\"${{ github.event.inputs.to_sha }}\",\"incident\":\"${{ github.event.inputs.incident }}\",\"actor\":\"${{ github.actor }}\",\"ts\":\"$(date -u +%FT%TZ)\"}"

Notes

  • Routing rollback through the same protected environment keeps separation of duties intact.
  • Ship the JSON record to your SIEM so the remediation trail lives outside CI.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →