--- name: deployment-automation-architecture description: "Deployment automation architecture on Salesforce: pipeline orchestration, branch strategy, environment topology, quality gates, release trains. Selecting between Copado, Gearset, Flosum, and native SFDX + GitHub Actions. NOT for cloud-specific deploy mechanics (use cloud-specific-deployment-architecture). NOT for CI/CD tool tutorials." category: architect salesforce-version: "Spring '25+" well-architected-pillars: - Reliability - Scalability - Security tags: - deployment - cicd - pipeline - branch-strategy - environment-topology - release-train - governance triggers: - "how do we design a salesforce cicd pipeline for an enterprise org" - "copado vs gearset vs flosum vs sfdx decision" - "branch strategy for salesforce with 20 developers" - "release train design salesforce multi team" - "environment topology dev uat staging prod salesforce" - "deployment quality gates apex coverage pmd scanner" inputs: - Team size and developer count - Current tooling and pain points - Release cadence and risk profile - Regulatory / SOX / change-management requirements outputs: - Pipeline topology (branches, environments, gates) - Tool-selection recommendation with rationale - Quality gate specification - Governance and rollback plan dependencies: [] version: 1.0.0 author: Pranav Nagrecha updated: 2026-04-21 --- # Deployment Automation Architecture Activate when designing or overhauling the Salesforce deployment pipeline: branch model, environment topology, tool selection (Copado / Gearset / Flosum / Salesforce DX + GitHub Actions), quality gates, release train cadence. This is an architect-level decision that determines release velocity, blast radius, and auditability. ## Before Starting - **Articulate the pain point.** "We want CI/CD" is not a requirement. "Hotfixes take 5 days" or "scratch-org setup is 2 hours" are requirements. Design to the problem. - **Count the teams and environments.** One team and one sandbox is different from six teams and thirty sandboxes. Tooling selection changes with scale. - **Identify the compliance envelope.** SOX, HIPAA, SOC 2 impose audit trail requirements. Copado / Flosum / Gearset offer native audit trails; DIY SFDX + GitHub Actions can match but must be deliberately designed. ## Core Concepts ### Branch strategy Common patterns: trunk-based (short-lived feature branches merged into main) and GitFlow (long-lived develop / release branches). Trunk-based suits fast-moving teams with strong CI; GitFlow suits release-train governance. ### Environment topology Dev sandbox per developer → shared feature integration sandbox → UAT → Staging → Prod. Scratch orgs replace per-developer sandboxes for app/package development. Partial Copy and Full Copy sandboxes for UAT/Staging. ### Quality gates Static analysis (PMD / CodeScan / SFDX Scanner), Apex coverage, security scan (Checkmarx / Salesforce Code Analyzer), validation deploys. Gate failures block promotion. ### Release train Time-boxed release cycles (two-week, monthly). All changes merge by cutoff; everything else waits. Reduces coordination overhead for large orgs. ### Tool category - **Commit-based** (Copado, Gearset Promote, Flosum): Git-native with platform-specific deploy engines. - **Artifact-based**: Build a package per deploy; promote artifacts. - **Native**: SFDX + GitHub Actions / Azure DevOps / Jenkins. ## Common Patterns ### Pattern: Small team, trunk-based, SFDX + GitHub Actions One main branch. PR triggers validation deploy to a feature sandbox. Merge triggers deploy to UAT; manual gate to prod. Low TCO, needs engineering discipline. ### Pattern: Enterprise, Copado / Flosum, release train Multiple teams merge into a release branch on a two-week cadence. Tool tracks stories / user stories, enforces approval gates, generates audit trail. High TCO, lowest coordination friction. ### Pattern: Hybrid — Gearset for data/diff + GitHub Actions for pipeline Gearset handles metadata diffs and data deploys; GitHub Actions orchestrates. Suits mid-size teams that want pipeline ownership but not to build diffing. ## Decision Guidance | Situation | Recommended Approach | Reason | |---|---|---| | <10 devs, engineering-led | SFDX + GitHub Actions | Flexible, low TCO | | 10-50 devs, mixed dev + admin | Gearset + GitHub Actions | Best diff tooling | | 50+ devs, regulated | Copado / Flosum | Audit + governance | | ISV / package-based development | SFDX second-gen packaging | Native packaging | | High change volume, low risk | Trunk-based + fast gates | Velocity | | Low change volume, high risk | Release train + heavy gates | Safety | ## Recommended Workflow 1. Articulate the release problem to solve (velocity, risk, audit, developer experience). 2. Inventory teams, environments, and current pain points. 3. Define branch strategy aligned to team size and risk profile. 4. Design environment topology with explicit promotion path. 5. Select tooling with an evaluation matrix (cost, capability, scale). 6. Define quality gates — static analysis, coverage, security, validation deploy. 7. Roll out incrementally: one team migrates first; iterate; broaden. ## Review Checklist - [ ] Release problem documented and agreed by stakeholders - [ ] Branch strategy chosen with rationale - [ ] Environment topology diagrammed - [ ] Tool selection justified against evaluation matrix - [ ] Quality gates defined and measurable - [ ] Audit trail meets compliance requirements - [ ] Rollback plan documented and rehearsed ## Salesforce-Specific Gotchas 1. **Metadata API deploys are not atomic across components.** A partial failure may leave an environment in a mixed state — design for idempotent re-deploys. 2. **Profiles deploy as the whole profile.** Unintended FLS changes ride along if not diffed carefully. 3. **Destructive changes require a separate destructive manifest.** Tooling handles this differently; validate your pipeline actually deletes what it should. ## Output Artifacts | Artifact | Description | |---|---| | Pipeline topology diagram | Branches + environments + gates | | Tool selection memo | Evaluation matrix + decision | | Quality gate spec | Checks and thresholds | | Rollback playbook | Per-environment rollback steps | ## Related Skills - `architect/cloud-specific-deployment-architecture` — per-cloud mechanics - `devops/cicd-pipeline-design` — implementation patterns - `devops/sandbox-strategy` — environment lifecycle