Chapters
Try It For Free
Harness
/
Blog
/
Technical
April 2, 2026

The pipeline that never reached production | Harness Blog

Anmol Pandey

All this author’s posts

Stefano Mazzone

All this author’s posts

How template-driven CD prevents governance drift

Modern CI/CD platforms allow engineering teams to ship software faster than ever before.

Pipelines complete in minutes. Deployments that once required carefully coordinated release windows now happen dozens of times per day. Platform engineering teams have succeeded in giving developers unprecedented autonomy, enabling them to build, test, and deploy their services with remarkable speed.

Yet in highly regulated environments-especially in the financial services sector-speed alone cannot be the objective.

Control matters. Consistency matters. And perhaps most importantly, auditability matters.

In these environments, the real measure of a successful delivery platform is not only how quickly code moves through a pipeline. It is also how reliably the platform ensures that production changes are controlled, traceable, and compliant with governance standards.

Sometimes the most successful deployment pipeline is the one that never reaches production.

This is the story of how one enterprise platform team redesigned their delivery architecture to ensure that production pipelines remained governed, auditable, and secure by design.

The subtle risk in fast CI/CD platforms

A large financial institution had successfully adopted Harness for CI and CD across multiple engineering teams.

From a delivery perspective, the transformation looked extremely successful. Developers were productive, teams could create pipelines quickly, and deployments flowed smoothly through various non-production environments used for integration testing and validation. From the outside, the platform appeared healthy and efficient.

But during a platform architecture review, a deceptively simple question surfaced:

“What prevents someone from modifying a production pipeline directly?”

There had been no incidents. No production outages had been traced back to pipeline misconfiguration. No alarms had been raised by security or audit teams.

However, when the platform engineers examined the system more closely, they realized something concerning.

Production pipelines could still be modified manually.

In practice this meant governance relied largely on process discipline rather than platform enforcement. Engineers were expected to follow the right process, but the platform itself did not technically prevent deviations. In regulated industries, that is a risky place to be.

The architecture shift: separate authoring from execution

The platform team at the financial institution decided to rethink the delivery architecture entirely. Their redesign was guided by a simple but powerful principle:

Pipelines should be authored in a non-prod organization and executed in the production organization. And, if additional segregation was needed due to compliance, the team could decide to split into two separate accounts.

Authoring and experimentation should happen in a safe environment. Execution should occur in a controlled one.

Instead of creating additional tenants or separate accounts, the platform team decided to go with a dedicated non-prod organization within the same Harness account. This organization effectively acted as a staging environment for pipeline design and validation.

Architecture diagram

This separation introduced a clear lifecycle for pipeline evolution.

The non-prod organization became the staging environment where pipeline templates could be developed, tested, and refined. Engineers could experiment safely without impacting production governance.

The production organization, by contrast, became an execution environment. Pipelines there were not designed or modified freely. They were consumed from approved templates.

Guardrail #1: production pipelines must use templates

The first guardrail introduced by the platform team was straightforward but powerful.

Production pipelines must always be created from account-level templates.

Handcrafted pipelines were no longer allowed. Project-level template shortcuts were also prohibited, ensuring that governance could not be bypassed unintentionally.

This rule was enforced directly through OPA policies in Harness.

Example policy

package harness.cicd.pipeline

deny[msg] {
  template_scope := input.pipeline.template.scope
  template_scope != "account"
  msg = "pipeline can only be created from account level pipeline template"
}

This policy ensured that production pipelines were standardized by design. Engineers could not create or modify arbitrary pipelines inside the production organization. Instead, they were required to build pipelines by selecting from approved templates that had been validated by the platform team.

As a result, production pipelines ceased to be ad-hoc configurations. They became governed platform artifacts.

Guardrail #2: governance starts in the non-prod organization

Blocking unsafe pipelines in production was only part of the solution.

The platform team realized it would be even more effective to prevent non-compliant pipelines earlier in the lifecycle.

To accomplish this, they implemented structural guardrails within the non-prod organization used for pipeline staging. Templates could not even be saved unless they satisfied specific structural requirements defined by policy.

For example, templates were required to include mandatory stages, compliance checkpoints, and evidence collection steps necessary for audit traceability.

Example policy

package harness.ci_cd

deny[msg] {
  input.templates[_].stages == null
  msg = "Template must have necessary stages defined"
}

deny[msg] {
  some i
  stages := input.templates[i].stages
  stages == [Evidence_Collection]
  msg = "Template must have necessary stages defined"
}

These guardrails ensured that every template contained required compliance stages such as Evidence Collection, making it impossible for teams to bypass mandatory governance steps during pipeline design.

Governance, in other words, became embedded directly into the pipeline architecture itself.

The source of truth: Git

The next question the platform team addressed was where the canonical version of pipeline templates should reside.

The answer was clear: Git must become the source of truth.

Every template intended for production usage lived inside a repository where the main branch represented the official release line.

Direct pushes to the main branch were blocked. All changes required pull requests, and pull requests themselves were subject to approval workflows that mirrored enterprise change management practices.

Governance flow

This model introduced peer review, immutable change history, and a clear traceability chain connecting pipeline changes to formal change management records.

For auditors and platform leaders alike, this was a significant improvement.

The promotion workflow

Once governance mechanisms were in place, the promotion workflow itself became predictable and repeatable.

Engineers first authored and validated templates within the non-prod organization used for pipeline staging. There they could test pipelines using real deployments in controlled non-production environments.

The typical delivery flow followed a familiar sequence:

After validation, the template definition was committed to Git through a branch and promoted through a pull request. Required approvals ensured that platform engineers, security teams, and change management authorities could review the change before it reached the release line.

Once merged into main, the approved template became available for pipelines running in the production organization. Platform administrators ensured that naming conventions and version identifiers remained consistent so that teams consuming the template could easily track its evolution.

Finally, product teams created their production pipelines simply by selecting the approved template. Any attempt to bypass the template mechanism was automatically rejected by policy enforcement

The day the model proved its value

Several months after the new architecture had been implemented, an engineer attempted to modify a deployment pipeline directly inside the production organization.

Under the previous architecture, that change would have succeeded immediately.

But now the platform rejected it. The pipeline violated the OPA rule because it was not created from an approved account-level template.

Instead of modifying the pipeline directly, the engineer followed the intended process: updating the template within the non-prod organization, submitting a pull request, obtaining the necessary approvals, merging the change to Git main, and then consuming the updated template in production.

The system had behaved exactly as intended. It prevented uncontrolled change in production.

Why this model works

The architecture introduced by the large financial institution delivered several key guarantees.

Production pipelines are standardized because they originate only from platform-approved templates. Governance is preserved because Git main serves as the official release line for pipeline definitions. Auditability improves dramatically because every pipeline change can be traced back to a pull request and associated change management approval. Finally, platform administrators retain the ability to control how templates evolve and how they are consumed in production environments.

The lesson for platform teams

Pipelines are often treated as simple automation scripts.

In reality they represent critical production infrastructure.

They define how code moves through the delivery system, how security scans are executed, how compliance evidence is collected, and ultimately how deployments reach production environments. If pipeline creation is uncontrolled, the entire delivery system becomes fragile.

The financial institution solved this problem with a remarkably simple model. Pipelines are built in the non-prod staging organization. Templates are promoted through Git governance workflows. Production pipelines consume those approved templates.

Nothing more. Nothing less.

Final takeaway

Modern CI/CD platforms have dramatically accelerated the speed of software delivery.

But in regulated environments, the true achievement lies elsewhere. It lies in building a platform where developers move quickly, security remains embedded within the delivery workflow, governance is enforced automatically, and production environments remain protected from uncontrolled change.

That is not just CI/CD. That is platform engineering done right.

Anmol Pandey

All this author’s posts

Stefano Mazzone

All this author’s posts

Previous
Next

What is a Kubernetes Container?

Spinnaker to Harness: A Conversion Story - Part 1

Shifting Down With Harness Cloud Cost Management

Modern Log Layers

GraphQL: Harness Your Way

CI/CD Pipeline: Everything You Need to Know

A Home for ECS Developers

CI/CD Testing: The Complete Guide for Modern Software Delivery

Your First Harness CI Installation, Build, and Publish

Spinnaker vs Harness - Filming My Journey

IT Audits - How Continuous Delivery can Help

Deploying With Harness & AppDynamics

Blue-Green Deployments With Kubernetes and Harness

Your First Kubernetes Cluster Deployment

Canary Deployments and Operations in Kubernetes

Lessons from the Harness Cloud Cost Management

Optimizing cloud logging to save over $140k in costs

6 Actionable GitOps Best Practices to Help You Get Started

An Introduction to Artificial Intelligence and Machine Learning

Applying AI/ML to CI/CD Pipelines

Metrics to Improve Continuous Integration Performance

Comparing Helm vs Kustomize

Continuous Integration Testing: Types, Best Practices, and Tools

Eliminates Delivery Toil

Introducing Recommendations API: Find Potential Cost Savings Programmatically

Accelerates AWS Cloud Migration

Selected Harness over Spinnaker for CI/CD

Replaced Spinnaker & Saved $275,000

Scaled Kubernetes Continuous Delivery with GitOps

Migrates to Kubernetes with One Developer and Harness

What is O11Y? Observability Demystified with Chris Riley from Splunk

Travis CI Alternatives To Consider

Kubernetes CI/CD Best Practices for Scalable, Secure Deployments

What is Cloud Cost Intelligence?

ShipTalk Podcast - A Time Before, During, and After Kubernetes

Tutorial: How to Use the New Vault Agent Integration Method With Harness

Pipeline Patterns for CI/CD Pipelines

Feature Flags: Should I Build or Buy?

Measuring and Improving Developer Productivity: A Practical Guide for DevOps Teams

4 Best CI/CD Tools for DevOps

Migrating to Harness Feature Flags: Our Technical Journey

Tutorial: Turning a GitHub Repo Into a Helm Chart Repo

Change Management in the World of Continuous Delivery

Laying the Groundwork for an Effective FinOps Organization

How to set up cross-account access for S3 bucket policies

Harness the Power of AWS EKS-Anywhere

Test Intelligence™: Move Fast, Don’t Break Things

Tutorial: [GraphQL] How to Interact With the Harness API Using Python

What Are Audit Trails & Why You Need Them in CD

5 Feature Flag Use Cases You May Not Have Thought Of

Announcing Support for Python in Harness Feature Flags

The Benefits of Feature Flags in Software Delivery

Announcing Support for .NET in Harness Feature Flags

How to Write Your First Plugin for CI

Migrating From Jenkins to Harness CIE: A Journey

Feature Flags With Python

Intelligent & Automated Feature Flags With Harness

Find and Fix Vulnerabilities in Your Pipeline With Snyk and Harness

Cloud Center of Excellence: What It Is, Best Practices, & More

What Is Testing in Production & How to Avoid The Risks

Simplifying Kubernetes Cost Management With Harness

Cloud Cost Workload Recommendations

GitHub Actions Support in Harness CI

How Feature Flags Help With Trunk-Based Development

AutoStopping Rules for Kubernetes Clusters

Dashboarding, Or Data Visualization

Feature Flags Best Practices also known as Feature Toggles

Micro-Frontend Architecture in the Harness Software Delivery Platform

Lessonly by Seismic Says Goodbye to Jenkins and Toil With Harness CI Enterprise

What Is Split.io? A Look at Features and Use Cases

Harness CI Enterprise for UI Builds

Feature Flags Overview For PMs: Getting Qualitative Feedback and Managing Releases

Kubernetes Mistakes: A Beginner’s Guide to Avoiding Common Pitfalls

In-Depth: Harness Feature Flags Relay Proxy

Announcing: Public APIs for Feature Flags

Announcing Support for Xamarin in Harness Feature Flags

The Git Sync Experience in Harness

Git Branching in Harness

Source Code Management in DevOps

Harness Service Reliability Management (SRM) - Key Capabilities

Harness Security Testing Orchestration (STO) - Key Capabilities

Quality vs Reliability

Build System vs CI System: What's the Difference and Why Does it Matter?

3 Reasons to Correlate Cloud Costs to Engineering Releases

The Best Open Source CI Tools

Harness Infrastructure Provisioners and ARM Templates - Part 2

Benefits of GitOps & Why GitOps Is Important

The Importance of Continuous Integration and Its Benefits

What Are GitOps Principles?

GitOps Tools for Kubernetes: Best Platforms to Scale Continuous Delivery

Deploy Your Simple Node.js Application Using Local Docker Images in Minikube

Kubernetes Services Explained

Harness CI and Harness CD - Your First True CI/CD Pipeline

Continuous Delivery vs. Continuous Deployment: What’s the Difference?

Move Fast and Fix Faster with Harness 24/7 Service Guard

Value Stream Mapping for Software Delivery

How to Maintain Istio Service Mesh with Harness

Rancher Rio vs Harness - Filming my Journey

Using Github Actions with Harness

Solving Standardization in Continuous Delivery

Similar Blogs

DevOps & Automation
DevOps & Automation
DevOps & Automation
Continuous Delivery & GitOps
Continuous Integration
Technical
Continuous Delivery & GitOps
Continuous Integration