How to prevent old deployments

I have a workflow in circleCI doing continuous delivery that looks roughly like:

merge to main → build → deploy to dev → approval → deploy to prod

My concern is that we could have someone restart an old build and end up reverting to older code in dev. Or as we only approve some builds, then we could have someone accidentally approve a (previously unapproved) really old build and end up reverting code in production.

What tooling exists in circleCI that can prevent these bad scenarios from happening?
Or is there a different way to achieve essentially the same goals in a safer way?

The CircleCI platform does not have any way to retain state information as part of its standard configuration. So you can not easily record the version of the last approved deployment and then record it to allow a check to take place the next time the deployment is run to make sure that the version number is now higher.

What you could do within the CircleCI is use the API to create/delete a project level environment variable that contains the version value you want to store between deployments.

I’ve not used the API for this type of storage process, but it would involve using curl to access the API. Any value you set would then be available as an environment variable the next time the project is run.