6 min read • Guide 84 of 877
Configuring Quality Gates for Releases
Releasing without quality checks leads to production incidents, emergency patches, and eroded trust. Quality gates create automated checkpoints that ensure every release meets your standards. GitScrum integrates with CI/CD tools to enforce gates and provide release visibility.
Why Quality Gates Matter
| Without Gates | With Gates |
|---|---|
| "It worked on my machine" | Verified in CI environment |
| Production bugs | Caught before deploy |
| Emergency patches | Confident releases |
| Blame and stress | Systematic quality |
| Inconsistent releases | Repeatable process |
Quality Gate Categories
Gate Types
QUALITY GATE CATEGORIES
═══════════════════════
AUTOMATED (must pass):
├── All tests passing
├── Code coverage ≥ threshold
├── No critical vulnerabilities
├── Linting passes
├── Build succeeds
└── Performance benchmarks met
SEMI-AUTOMATED (verified + approved):
├── Security scan reviewed
├── Breaking changes documented
├── API changes approved
├── Database migrations tested
└── Feature flags configured
MANUAL (human approval):
├── Code review complete
├── QA sign-off
├── Stakeholder approval
├── Release notes reviewed
└── Rollback plan confirmed
Standard Gate Configuration
RELEASE QUALITY GATES
═════════════════════
GATE 1: BUILD
├── Code compiles ✓
├── Dependencies resolve ✓
├── Artifact generated ✓
└── Status: PASS/FAIL
GATE 2: TEST
├── Unit tests pass ✓
├── Integration tests pass ✓
├── Coverage ≥ 70% ✓
├── No test regression ✓
└── Status: PASS/FAIL
GATE 3: QUALITY
├── SonarQube gate passes ✓
├── No new critical issues ✓
├── Complexity within limits ✓
├── Duplication < 5% ✓
└── Status: PASS/FAIL
GATE 4: SECURITY
├── SAST scan passes ✓
├── Dependency scan passes ✓
├── No critical CVEs ✓
├── Secrets scan clean ✓
└── Status: PASS/FAIL
GATE 5: APPROVAL
├── Code review complete ✓
├── QA sign-off ✓
├── Product approval ✓
└── Status: PASS/FAIL
RELEASE: All gates GREEN = can deploy
GitScrum Release Dashboard
Gate Status View
RELEASE READINESS DASHBOARD
═══════════════════════════
Release: v2.4.0
Branch: release/2.4.0
Target: March 20, 2024
┌─────────────────────────────────────────────────┐
│ QUALITY GATES │
├─────────────────────────────────────────────────┤
│ │
│ ✓ Build ✓ Tests ✓ Quality │
│ passed 2m ago 98% pass A rating │
│ 87% coverage │
│ │
│ ✓ Security ⏳ Approval │
│ 0 critical 2/3 complete │
│ 3 medium Missing: QA sign-off │
│ │
├─────────────────────────────────────────────────┤
│ Overall: BLOCKED (awaiting QA) │
│ [View Details] [Request QA Review] │
└─────────────────────────────────────────────────┘
Release Checklist
RELEASE CHECKLIST TASK
══════════════════════
## Automated Gates
- [x] Build pipeline passes
- [x] Unit tests pass (236/236)
- [x] Integration tests pass (42/42)
- [x] Coverage threshold met (87% ≥ 70%)
- [x] SonarQube quality gate passes
- [x] Security scan clean
## Manual Verifications
- [x] Code review approved (3 reviewers)
- [x] Staging deployment tested
- [ ] QA sign-off pending
- [x] Product owner approval
## Documentation
- [x] CHANGELOG updated
- [x] Migration guide complete
- [x] API docs updated
- [x] Release notes drafted
## Deployment
- [ ] Feature flags configured
- [ ] Rollback plan documented
- [ ] On-call confirmed
- [ ] Monitoring alerts set
Gate Configuration
Threshold Settings
QUALITY THRESHOLD CONFIGURATION
═══════════════════════════════
TEST THRESHOLDS:
├── Minimum coverage: 70%
├── Coverage delta: No decrease
├── Test pass rate: 100%
├── Flaky test tolerance: 0
└── Test time limit: 30 min
QUALITY THRESHOLDS:
├── Quality rating: A or B
├── New issues: 0 critical, 0 high
├── Complexity: Max 15 per function
├── Duplication: < 5%
└── Tech debt: < 10 days
SECURITY THRESHOLDS:
├── Critical vulnerabilities: 0
├── High vulnerabilities: 0
├── Medium: Review required
├── Low: Document and track
└── Secrets: 0 detected
Gate Bypass Policy
GATE BYPASS GOVERNANCE
══════════════════════
NEVER BYPASS:
├── Security critical (0 tolerance)
├── Build failures
├── Critical test failures
└── Secrets detection
CAN BYPASS WITH APPROVAL:
├── Coverage slightly below threshold
├── Medium security issues (documented)
├── Known flaky tests
├── Non-critical quality issues
└── Requires: 2 senior approvers
BYPASS DOCUMENTATION:
├── Reason for bypass
├── Risk assessment
├── Remediation plan
├── Approval chain
└── Timeline for fix
TRACKING:
├── All bypasses logged
├── Monthly bypass review
├── Trend analysis
├── Process improvement
CI/CD Integration
Pipeline Configuration
QUALITY GATES IN CI/CD
══════════════════════
stages:
- build
- test
- quality
- security
- approval
- deploy
quality_gate_check:
stage: quality
script:
- sonarqube-scan
- check-quality-gate
rules:
- if: $CI_COMMIT_BRANCH =~ /^release\//
allow_failure: false
security_gate_check:
stage: security
script:
- dependency-scan
- sast-scan
- secret-scan
rules:
- if: $CI_COMMIT_BRANCH =~ /^release\//
allow_failure: false
deploy_production:
stage: deploy
script:
- deploy-to-production
needs:
- quality_gate_check
- security_gate_check
- manual_approval
when: manual
GitScrum Webhook
GITSCRUM GATE SYNC
══════════════════
WEBHOOK CONFIGURATION:
├── Endpoint: GitScrum release API
├── Events: Pipeline completion
├── Payload: Gate results
└── Auth: API key
SYNC RESULTS:
├── Gate status updated in GitScrum
├── Release checklist auto-checked
├── Notifications triggered
├── Dashboard refreshed
└── Blocking status updated
Best Practices
For Quality Gates
- Start with essentials — Build, test, security
- Automate everything possible — Manual gates slow releases
- Clear bypass process — For true emergencies only
- Fast feedback — Gates should run in <15 min
- Visible status — Everyone sees gate status
Anti-Patterns
QUALITY GATE MISTAKES:
✗ Too many manual gates
✗ Easy to bypass
✗ Gates that take hours
✗ No bypass tracking
✗ Gates ignored in emergencies
✗ Thresholds too lenient
✗ No notification of failures