Quality Gates for Releases | Automated Checkpoints
Set up release quality gates: test coverage, security scans, code quality, and approvals. GitScrum integrates with CI/CD to block deploys that don't meet criteria.
6 min read
Releasing without quality checks leads to production incidents, emergency patches, and eroded trust. Quality gates create automated checkpoints that ensure every release meets your standards. GitScrum integrates with CI/CD tools to enforce gates and provide release visibility.
Why Quality Gates Matter
| Without Gates | With Gates |
|---|---|
| "It worked on my machine" | Verified in CI environment |
| Production bugs | Caught before deploy |
| Emergency patches | Confident releases |
| Blame and stress | Systematic quality |
| Inconsistent releases | Repeatable process |
Quality Gate Categories
Gate Types
QUALITY GATE CATEGORIES
βββββββββββββββββββββββ
AUTOMATED (must pass):
βββ All tests passing
βββ Code coverage β₯ threshold
βββ No critical vulnerabilities
βββ Linting passes
βββ Build succeeds
βββ Performance benchmarks met
SEMI-AUTOMATED (verified + approved):
βββ Security scan reviewed
βββ Breaking changes documented
βββ API changes approved
βββ Database migrations tested
βββ Feature flags configured
MANUAL (human approval):
βββ Code review complete
βββ QA sign-off
βββ Stakeholder approval
βββ Release notes reviewed
βββ Rollback plan confirmed
Standard Gate Configuration
RELEASE QUALITY GATES
βββββββββββββββββββββ
GATE 1: BUILD
βββ Code compiles β
βββ Dependencies resolve β
βββ Artifact generated β
βββ Status: PASS/FAIL
GATE 2: TEST
βββ Unit tests pass β
βββ Integration tests pass β
βββ Coverage β₯ 70% β
βββ No test regression β
βββ Status: PASS/FAIL
GATE 3: QUALITY
βββ SonarQube gate passes β
βββ No new critical issues β
βββ Complexity within limits β
βββ Duplication < 5% β
βββ Status: PASS/FAIL
GATE 4: SECURITY
βββ SAST scan passes β
βββ Dependency scan passes β
βββ No critical CVEs β
βββ Secrets scan clean β
βββ Status: PASS/FAIL
GATE 5: APPROVAL
βββ Code review complete β
βββ QA sign-off β
βββ Product approval β
βββ Status: PASS/FAIL
RELEASE: All gates GREEN = can deploy
GitScrum Release Dashboard
Gate Status View
RELEASE READINESS DASHBOARD
βββββββββββββββββββββββββββ
Release: v2.4.0
Branch: release/2.4.0
Target: March 20, 2024
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β QUALITY GATES β
βββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β β Build β Tests β Quality β
β passed 2m ago 98% pass A rating β
β 87% coverage β
β β
β β Security β³ Approval β
β 0 critical 2/3 complete β
β 3 medium Missing: QA sign-off β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Overall: BLOCKED (awaiting QA) β
β [View Details] [Request QA Review] β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
Release Checklist
RELEASE CHECKLIST TASK
ββββββββββββββββββββββ
## Automated Gates
- [x] Build pipeline passes
- [x] Unit tests pass (236/236)
- [x] Integration tests pass (42/42)
- [x] Coverage threshold met (87% β₯ 70%)
- [x] SonarQube quality gate passes
- [x] Security scan clean
## Manual Verifications
- [x] Code review approved (3 reviewers)
- [x] Staging deployment tested
- [ ] QA sign-off pending
- [x] Product owner approval
## Documentation
- [x] CHANGELOG updated
- [x] Migration guide complete
- [x] API docs updated
- [x] Release notes drafted
## Deployment
- [ ] Feature flags configured
- [ ] Rollback plan documented
- [ ] On-call confirmed
- [ ] Monitoring alerts set
Gate Configuration
Threshold Settings
QUALITY THRESHOLD CONFIGURATION
βββββββββββββββββββββββββββββββ
TEST THRESHOLDS:
βββ Minimum coverage: 70%
βββ Coverage delta: No decrease
βββ Test pass rate: 100%
βββ Flaky test tolerance: 0
βββ Test time limit: 30 min
QUALITY THRESHOLDS:
βββ Quality rating: A or B
βββ New issues: 0 critical, 0 high
βββ Complexity: Max 15 per function
βββ Duplication: < 5%
βββ Tech debt: < 10 days
SECURITY THRESHOLDS:
βββ Critical vulnerabilities: 0
βββ High vulnerabilities: 0
βββ Medium: Review required
βββ Low: Document and track
βββ Secrets: 0 detected
Gate Bypass Policy
GATE BYPASS GOVERNANCE
ββββββββββββββββββββββ
NEVER BYPASS:
βββ Security critical (0 tolerance)
βββ Build failures
βββ Critical test failures
βββ Secrets detection
CAN BYPASS WITH APPROVAL:
βββ Coverage slightly below threshold
βββ Medium security issues (documented)
βββ Known flaky tests
βββ Non-critical quality issues
βββ Requires: 2 senior approvers
BYPASS DOCUMENTATION:
βββ Reason for bypass
βββ Risk assessment
βββ Remediation plan
βββ Approval chain
βββ Timeline for fix
TRACKING:
βββ All bypasses logged
βββ Monthly bypass review
βββ Trend analysis
βββ Process improvement
CI/CD Integration
Pipeline Configuration
QUALITY GATES IN CI/CD
ββββββββββββββββββββββ
stages:
- build
- test
- quality
- security
- approval
- deploy
quality_gate_check:
stage: quality
script:
- sonarqube-scan
- check-quality-gate
rules:
- if: $CI_COMMIT_BRANCH =~ /^release\//
allow_failure: false
security_gate_check:
stage: security
script:
- dependency-scan
- sast-scan
- secret-scan
rules:
- if: $CI_COMMIT_BRANCH =~ /^release\//
allow_failure: false
deploy_production:
stage: deploy
script:
- deploy-to-production
needs:
- quality_gate_check
- security_gate_check
- manual_approval
when: manual
GitScrum Webhook
GITSCRUM GATE SYNC
ββββββββββββββββββ
WEBHOOK CONFIGURATION:
βββ Endpoint: GitScrum release API
βββ Events: Pipeline completion
βββ Payload: Gate results
βββ Auth: API key
SYNC RESULTS:
βββ Gate status updated in GitScrum
βββ Release checklist auto-checked
βββ Notifications triggered
βββ Dashboard refreshed
βββ Blocking status updated
Best Practices
For Quality Gates
Anti-Patterns
QUALITY GATE MISTAKES:
β Too many manual gates
β Easy to bypass
β Gates that take hours
β No bypass tracking
β Gates ignored in emergencies
β Thresholds too lenient
β No notification of failures