- Pipeline creates pre-production image
- Apply security patches onto production container image
- If patch application fails then process fails and notifies relevant parties
- Pushes resulting production container image into private registry from which we can deploy it
Dependency on SRE:
- Private registry
Can we deploy this to staging somewhere for smoke-tests and mwdebug testing?