How to Run a Canary Release with Manual Promotion in GitHub Actions
A canary only de-risks a release if someone looks at it before the full rollout; a protected environment forces that pause.
Deploy the canary in one job, then put the full rollout in a job targeting a protected production environment that requires a reviewer to approve.
Steps
- Create a
productionenvironment with required reviewers in repo settings. - Deploy the canary unconditionally in the first job.
- Put the full rollout in a
needsjob withenvironment: production. - The rollout pauses until a reviewer approves.
Workflow
.github/workflows/canary.yml
name: Canary Release
on:
push:
branches: [main]
jobs:
canary:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: ./scripts/deploy.sh --weight 5
promote:
needs: canary
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- run: ./scripts/deploy.sh --weight 100Notes
- The reviewer approval is configured on the environment, not in YAML.
- Add a wait timer on the environment if you want a forced soak before promotion is even offered.
Related guides
How to Require Manual Approval in GitHub ActionsGate a GitHub Actions deploy behind human sign-off using a protected environment with required reviewers, pau…
How to Roll Back on a Failed Health Check in GitHub ActionsAutomatically roll back a deploy in GitHub Actions when a post-deploy health check fails, using an if failure…