13.2.1.3 Production Promotion Tags
A focused guide to Production Promotion Tags, connecting core concepts with practical Docker and container operations.
Production promotion tags mark an image as the one currently deployed (or specifically intended for deployment) to production, representing the final, most consequential stage of the promotion flow, typically requiring the most thorough validation and often an explicit manual approval before this tag is ever applied.
Applying the Production Tag as the Final Promotion Step
The production tag is applied only after an image has successfully passed every preceding stage, including staging validation.
promote-to-production:
needs: validate-staging
environment: production
steps:
- run: |
docker pull registry.example.com/myapp:staging
docker tag registry.example.com/myapp:staging registry.example.com/myapp:production
docker push registry.example.com/myapp:production
The environment: production configuration here can require explicit manual approval before this final promotion step actually runs, reflecting the elevated caution appropriate to this specific stage.
Why This Tag Should Have the Strictest Gating of All
Since this tag directly determines what real users actually experience, the checks gating its application should be the most thorough of any stage in the entire promotion flow.
production:
reviewers:
- release-manager
Requiring a specific, designated approver before this step runs provides an additional, deliberate human checkpoint for this most consequential promotion.
Maintaining a Clear Record of Production Promotions
Logging exactly when and what was promoted to production provides an auditable record useful for incident investigation or simply understanding deployment history.
docker inspect registry.example.com/myapp:production --format '{{.Created}}'
Why Production Promotion Tags Matter
The production tag represents the culmination of the entire promotion flow, and the rigor applied to gating its movement directly reflects how much genuine confidence can be placed in whatever currently carries this tag actually being safe and ready for real production traffic.