Deployment Rollback Strategies
Also Known As
rollback
revert deployment
undo deploy
TL;DR
Strategies for reverting a broken deployment quickly — from git revert and re-deploy to instant traffic switching with blue-green or feature flags.
Explanation
Rollback options by speed: Feature flags (instant — flip a flag without deploying), Blue-green (instant — switch load balancer to previous environment), Canary (fast — redirect canary traffic to stable), Git revert + redeploy (minutes — depends on CI/CD pipeline speed), Database rollback (slow, risky — migrations may not be reversible). The fastest rollback is the one already in place before the deploy. Database migrations that are not reversible are the most common rollback blocker — always write forward-compatible migrations first.
Diagram
flowchart TD
DEPLOY[New Deploy] --> CHECK{Smoke Tests}
CHECK -->|Pass| LIVE[Live Traffic]
CHECK -->|Fail| RB1[Instant Rollback<br/>Blue-Green switch]
LIVE --> MONITOR{Monitoring}
MONITOR -->|Error spike| RB2[Rollback Options]
RB2 --> FF[Feature Flag off<br/>instant]
RB2 --> BG[Blue-Green switch<br/>seconds]
RB2 --> GR[Git revert + redeploy<br/>minutes]
style LIVE fill:#238636,color:#fff
style FF fill:#238636,color:#fff
style FAIL fill:#f85149,color:#fff
style ALERT fill:#f85149,color:#fff
Common Misconception
✗ You can always roll back by reverting the git commit — database schema changes that have already run cannot be rolled back by reverting code; the schema is still modified.
Why It Matters
A deployment that breaks production needs to be fixed in minutes, not hours — pre-planned rollback strategies are the difference between a 5-minute incident and a 2-hour outage.
Common Mistakes
- Irreversible database migrations — always add columns before removing old ones; never rename in one step.
- No rollback testing — rollback procedures that have never been tested will fail when needed most.
- Assuming git revert is sufficient — code reverted, DB schema already migrated — app breaks with old code on new schema.
- Rolling back without investigating root cause — rollback buys time; the fix still needs to be understood.
Code Examples
✗ Vulnerable
# Breaking migration with no rollback path:
ALTER TABLE users RENAME COLUMN email TO email_address;
# Old app code: SELECT email FROM users — now broken
# Rolling back the code: still broken, schema changed
# Only fix: another migration or forward-fix deploy
✓ Fixed
# Forward-compatible migration — allows rollback:
# Step 1: Add new column (app still uses old column):
ALTER TABLE users ADD COLUMN email_address VARCHAR(254);
UPDATE users SET email_address = email;
# Step 2: Deploy app reading both columns (backwards compatible)
# Step 3: Deploy app using only new column
# Step 4: Drop old column in a later migration
# Rollback possible at any step except after step 4Tags
🤝 Adopt this term
£79/year · your link shown here
Added
15 Mar 2026
Edited
22 Mar 2026
Views
25
🤖 AI Guestbook educational data only
|
|
Last 30 days
Agents 0
No pings yet today
No pings yesterday
Perplexity 6
Amazonbot 6
Ahrefs 2
Google 1
Majestic 1
ChatGPT 1
Also referenced
How they use it
crawler 17
Related categories
⚡
DEV INTEL
Tools & Severity
🟠 High
⚙ Fix effort: Medium
⚡ Quick Fix
Test your rollback procedure in staging monthly — a rollback you've never practiced is a rollback that won't work at 2am during an incident
📦 Applies To
PHP 5.0+
web
cli
🔗 Prerequisites
🔍 Detection Hints
No documented rollback procedure; database migrations without down() method; rollback requiring manual steps taking >10 minutes
Auto-detectable:
✗ No
capistrano
deployer
aws-codedeploy
⚠ Related Problems
🤖 AI Agent
Confidence: Low
False Positives: Medium
✗ Manual fix
Fix: High
Context: File