ServiceNow · Source Control + App Repo Pipeline

🚫

ServiceNow Official Limitations — 3 Hard Constraints You Cannot Work Around ① Source Control NOT on PROD. Official docs: "Source control integration does not support managing applications on a production instance." Using apply_remote_changes on PROD triggers cascade deletes of configuration-linked data — silent and destructive. ② Publish to App Repo from DEV only. sncicd-publish-app must originate from a non-production (DEV) instance. TEST and PROD instances cannot publish to the App Repository. This is a platform constraint, not a convention. ③ apply_remote_changes = active branch only. The API operates only on the branch currently checked out on the instance. Switch branch in Studio first, then trigger the action — or the wrong code gets applied.

💻 feature/* → DEV

Developer codes in Studio manual

Studio → Create Branch

Commit Changes → GitHub push

Open PR → develop

🔵 develop → DEV Instance

Trigger: merge to develop auto

apply_remote_changes API

ATF smoke suite runs

Integration validation

🟡 release/* → TEST Instance

Trigger: release/* cut auto

Install from App Repo (official)

Full ATF regression suite

Auto-rollback if ATF fails 🔄

UAT sign-off + CHG raised

🟢 main → App Repo → PROD

Publish App from DEV App Repo

sncicd-publish-app action

Install on PROD via App Mgr

sncicd-install-app on PROD

✅Happy Path

feature/* → PR → develop

CI passes, 2 reviews

apply_remote_changes → DEV

release/* → TEST full ATF

UAT pass → merge to main

📦 Publish to App Repo (DEV)

🟢 Install on PROD via App Mgr

🚨CI Failure on PR

PR opened → CI triggers

Lint / test / CodeQL fails

PR blocked — cannot merge

Dev fixes same feature/*

CI re-runs on new commit

DEV instance untouched ✓

App Repo never reached

🐛Defect in TEST

QA finds bug on TEST

fix/* cut from release/*

Fix built on DEV, committed

PR: fix/* → release/*

Re-deploy TEST via SC

ATF re-run → UAT pass

Back-merge release → develop

🔥PROD Incident

Alert fires after install

Find prev stable version

sncicd-rollback-app action

Rolls PROD to prior version

App Repo version history ✓

Fix via normal cycle after

Never touch PROD Studio 🚫

⚡Hotfix (PROD)

hotfix/* cut from main

Fix built on DEV instance

Abbreviated TEST regression

hotfix/* → main (CAB)

📦 Publish hotfix to App Repo

🟢 Install on PROD (App Mgr)

Back-merge → develop ⚠

🚫

Never use Source Control on PROD

ServiceNow docs are explicit: apply_remote_changes on PROD triggers cascade deletes of config data. App Repository is the only approved PROD deployment method.

📦

App Repo = PROD gateway

After TEST passes: merge to main → sncicd-publish-app from DEV (version tagged) → sncicd-install-app on PROD via GitHub Actions.

🔁

Back-merge every time

Release branch fix or hotfix must always back-merge to develop. Skip once and the same bug reappears guaranteed in the next release.

⏮️

PROD rollback = App Repo version

Use sncicd-rollback-app GitHub Action. App Repository maintains full version history — rollback to any prior published version in minutes.

🏗️

One scoped app, one repo

Source Control links at app level. Never mix multiple scoped apps in one repo. Each app gets its own GitHub repo, pipeline, and App Repo entry.

🧪

ATF calibrated per environment

DEV → smoke only. TEST → full regression. PROD post-install → critical path only. Never run full regression suite after every PROD install.