A release agent reads the GitHub Actions run, the ArgoCD diff, and open incidents, then writes a deploy-readiness brief into Dock. An engineer reads the brief, checks the evidence, and approves. ArgoCD then promotes. The pipeline still lives in GitHub Actions. The decision lives in Dock, attributed to a named engineer with the agent draft preserved next to it.
GitHub Actions and ArgoCD stay the system of record for the raw data. Dock is the system of record for what the AGENT INTERPRETS. Each Dock row carries a pointer back to the platform record, agent identity, decision, reviewer, and timestamp. The agent re-fetches platform data via fresh API reads when it needs current state.
The deploy-readiness table
One row per candidate promotion. The agent drafts the verdict. The engineer signs.
| Run | Service | Agent verdict | Evidence | Reviewer | Promoted |
|---|---|---|---|---|---|
| gh-run/8821 | checkout-api | Ship | green CI, no P1 incidents, ArgoCD diff = config only | priya@ | yes, 14:02 UTC |
| gh-run/8822 | billing-worker | Hold | flaky integration test on retry path, owner paged | rahul@ | rejected, 14:18 UTC |
| gh-run/8823 | search-indexer | Ship with canary | schema migration touches hot table, canary 5% for 30m | priya@ | yes, 14:41 UTC |
Each row points back to a GitHub Actions run URL and an ArgoCD application revision. The agent identity column records which release-bot drafted the verdict. The reviewer column records the human who signed. This is the same pattern we describe in the agent audit log.
The workflow
A protected GitHub Actions environment fires a webhook into Dock when a promotion is pending. The release agent runs three reads: the workflow run summary, the ArgoCD diff for the target application, and open P1s touching the service. It writes a four-line brief into the deploy-readiness row (verdict, top risk, blast radius, suggested rollout) and tags the on-call engineer.
The engineer opens the row, clicks through to the GitHub run and the ArgoCD diff, and either approves or rejects. Approval flips a Dock field. A webhook tells GitHub Actions to release the deployment gate. ArgoCD syncs. Rejection fails the workflow and the row stays as the record of why.
Promotions that touch production data, drop tables, or rotate secrets follow the dangerous-ops contract and require a two-key handshake.
Why this matters
GitHub deployment protection rules support required reviewers, who can approve, reject, or comment on a pending job before secrets release (GitHub Docs, "Reviewing deployments"). What GitHub does not give you is the agent's reasoning. The approval button records that priya@ clicked yes. It does not record that a release agent read three sources, weighed them, and recommended ship with canary. Dock holds that draft next to the click.
DORA's delivery metrics treat change lead time and change fail rate as the throughput and stability of the pipeline (DORA, "DORA's Five Metrics"). Agent-drafted briefs cut human read time per promotion without removing the human. The engineer owns the decision. The agent does the gathering. This is the operating model in Cloud 2.0 for engineering.
The release-bot has its own identity, not a borrowed service account. The row attributes the draft to that identity and the decision to the human. Two principals, one row.
See the deploy-readiness table on a real pipeline in the DevOps pillar.
FAQ
Does Dock replace GitHub Actions or ArgoCD? No. GitHub Actions runs the pipeline. ArgoCD reconciles the cluster. Dock holds the agent's brief and the engineer's sign-off, with pointers back to both systems.
What if the agent's verdict is wrong? The engineer overrides it. The row keeps the agent draft and the human decision side by side, which is the audit trail you want when a bad promotion needs a postmortem.
How does the agent authenticate to GitHub and ArgoCD? With its own identity and scoped tokens, not a shared service account. The token is bound to the release-bot principal so every API call is traceable.
Can the agent approve its own deployments? No. GitHub environments can block self-approval, and Dock requires a human reviewer field on every promoted row. The agent drafts, the engineer signs.