Your company is developing a web-based application.
You need to make sure that production deployments are linked to source code commits and are fully auditable.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
To ensure that production deployments are linked to source code commits and are fully auditable, the best approach is to use a continuous integration and continuous deployment (CI/CD) pipeline. The CI/CD pipeline allows for automated testing and deployment of code changes, which makes it easier to track changes to the codebase and ensure that all deployments are fully auditable.
Option A, tagging the code commit with the date and time of the commit, is not enough to link production deployments to code commits. While it is useful to have a timestamp for each code commit, it does not provide any link to the actual deployment. Moreover, relying on manual tagging can lead to errors and inconsistencies.
Option B, adding a comment to the commit that links to the deployment, is also not sufficient. While it is helpful to have comments that provide additional context to code changes, they do not provide a reliable link between code commits and deployments. Furthermore, developers may forget to add comments, or they may not provide enough information to accurately track the deployment.
Option D, tagging commits with latest, is not a recommended practice. Tagging code commits with ambiguous tags like "latest" can make it difficult to track code changes and may cause confusion when attempting to identify specific code versions.
Option C, making the container tag match the source code commit hash, is the best approach to linking production deployments to code commits. This approach involves creating a container image for each code commit, and tagging it with the unique hash of the code commit. This ensures that each container image is linked to a specific code version, making it easy to identify and track changes to the codebase. Additionally, this approach allows for automated deployment of container images using tools like Kubernetes, which ensures that each deployment is fully auditable and can be traced back to a specific code commit.
In summary, to ensure that production deployments are linked to source code commits and are fully auditable, the best approach is to use a CI/CD pipeline and tag container images with the unique hash of the code commit.