Challenge 3: Decide Whether Continuous Deployment Fits — Possible Solution ==================================================================== SCENARIO: A small internal tool used only by 5 employees, with a solid automated test suite. DISCUSSION: Continuous Deployment is a REASONABLE choice here. REASONING (using this chapter's definitions) -------------------------------------------------- - The chapter defines Continuous Deployment as removing the human approval gate entirely, deploying "straight to production with no human approval step at all" — the real question isn't whether this is "the most advanced" tier to reach for, but whether the SPECIFIC RISK of a bad deploy reaching users without a human checking it first is actually low enough here to accept. - Blast radius is small: only 5 employees are affected by any given deploy — a problem, if one slips through, is discovered and reported by a tiny, presumably forgiving internal audience, not thousands of paying external customers. This is a meaningfully different risk profile than a public-facing product, and it directly affects how much value a manual approval gate would actually add. - A "solid automated test suite" is explicitly given as a condition here — this matters because Continuous Deployment's safety net is ENTIRELY the automated test suite (there's no human double-check waiting to catch what tests missed). A weak or trivial test suite would make Continuous Deployment considerably riskier; a solid one is precisely the prerequisite that makes skipping the human gate defensible. - The chapter's own gotcha is relevant here too, in the OPPOSITE direction: since Continuous Deployment relies entirely on the tests actually being good (not just present), the team should be honestly confident their test suite reflects real coverage of the tool's actual behavior, not just "we have some tests and they pass" — the same "CI/CD automates test execution, not test quality" point applies with even higher stakes once there's no human left to catch what slips through. WHY THIS WORKS AS AN ANSWER ------------------------------ The decision isn't "Continuous Deployment is inherently better/worse" — it's about matching the level of automation to the actual RISK profile: low blast radius (5 internal users) + a genuinely solid test suite is close to an ideal case for skipping the human approval gate, whereas the same setup for a public product with a weak test suite would argue strongly for stopping at Continuous Delivery instead, keeping a human in the loop precisely because the safety net (the test suite) can't be fully trusted to catch everything on its own.