Your company is developing a web-based application. You need to make sure that production deployments are linked to source code commits and are fully auditable. What should you do?
Your company is developing a web-based application. You need to make sure that production deployments are linked to source code commits and are fully auditable. What should you do?
To ensure production deployments are linked to source code commits and are fully auditable, the best approach is to make the container tag match the source code commit hash. This method automatically ties each deployment to a specific state of the source code without requiring manual intervention. The Git commit hash is unique, immutable, and provides a precise reference to the exact version of the code, thus making verification and traceability straightforward and reliable.
Developer shouldn't tag or comment every commit with some specific data, like timestamps or something else. There might be an app version, but it's not mentioned. I'd go with C as it's an automated, error-less approach that answers the question.
@Kopper2019- what do you think about ans C?
C. Make the container tag match the source code commit hash.
Not sure how the container tag match with the commit will help to audit, can someone explain?
if you got the commit hash from the container you can check the corresponding commit in the git repository. So the change, that was made and deployed into your environment can be audited.
From: https://cloud.google.com/architecture/best-practices-for-building-containers Under: Tagging using the Git commit hash (bottom of page almost) "In this case, a common way of handling version numbers is to use the Git commit SHA-1 hash (or a short version of it) as the version number. By design, the Git commit hash is immutable and references a specific version of your software. You can use this commit hash as a version number for your software, but also as a tag for the Docker image built from this specific version of your software. Doing so makes Docker images traceable: because in this case the image tag is immutable, you instantly know which specific version of your software is running inside a given container."
I think answer is A. In Git, tag is used to mark release points (v1.0, v2.0 and so on). You can tag the release based on the time stamp and using git show <tag-name> command, you can see the commit detailed history. Reference: https://git-scm.com/book/en/v2/Git-Basics-Tagging C could be the correct answer for the case if you are going with container based solution which is not mentioned anywhere in the question.
I got similar question on my exam. Answered C.
C is the answer. https://cloud.google.com/architecture/best-practices-for-building-containers#tagging_using_the_git_commit_hash You can use this commit hash as a version number for your software, but also as a tag for the Docker image built from this specific version of your software. Doing so makes Docker images traceable: because in this case the image tag is immutable, you instantly know which specific version of your software is running inside a given container.
It's got to be A. Option C talks about containers whereas there is no mention of containers in the question.
No manual intervention is preferred in automatic deployments. Only automating the container tag to match the commit hash will be fully auditable with the help of the scm.
C is correct "By design, the Git commit hash is immutable and references a specific version of your software." as per https://cloud.google.com/architecture/best-practices-for-building-containers#tagging_using_the_git_commit_hash
Every Git commit with timestamp A doesn't make since. C is right
C is ok
Answer is C
C is the correct answer
Agreed with C instead of A with them.
Really C should say image? We have to seperate systems: source code repo & container repo. How do we link the two together? C is the only attempt at solving the problem.
Can't fathom A. This is what ChatGPT says about A - I agree to this. Option A (tagging with date and time): Using date and time as tags may not be precise enough to identify the exact code version associated with a deployment, especially if multiple commits occurred within the same time window.
Linking Deployments to Commits: By tagging the container image with the source code commit hash, you create a direct link between the deployed container and the specific state of the source code. This provides a clear and auditable trail from the deployed application back to the exact source code that was used to build it. Auditability: Using the commit hash as the container tag ensures that each deployment can be traced back to a unique and immutable source code commit. This makes it easy to audit deployments and verify which version of the code is running in production.