CI/CD

Question 1

CI vs CD: What is CI?

Answer 1

Continuous Integration: frequently integrating changes into main with automated validation (build, unit tests, lint/static checks). Goal: main stays in a deployable state.

Question 2

CI vs CD: What is CD (Delivery)?

Answer 2

Continuous Delivery: every change passes the pipeline and is ready to deploy; production deploy may require manual approval.

Question 3

CI vs CD: What is Continuous Deployment?

Answer 3

A form of CD where every change that passes the pipeline is automatically deployed to production (less common in many orgs).

Question 4

Why do teams use CI/CD pipelines?

Answer 4

To automate quality checks, reduce human error, speed up delivery, ensure consistency/repeatability, and make deployments safer.

Question 5

Pipeline mental model

Answer 5

A production line: checkout → build → test → quality gates → package → publish artifact → deploy (dev/staging/prod) → post-deploy checks/monitoring.

Question 6

What is a pipeline stage?

Answer 6

A logical step in the automated workflow (e.g., build, unit tests, integration tests). Stages help isolate failures and enforce gates.

Question 7

Typical CI stage: Checkout

Answer 7

Pull the correct version of source code from the repository to the runner/agent so the build can run reproducibly.

Question 8

Typical CI stage: Build (Java)

Answer 8

Compile and package the app (e.g., mvn package / gradle build). Ensures code compiles and dependencies resolve.

Question 9

Typical CI stage: Unit tests

Answer 9

Fast, isolated tests (no real DB/network). Provide quick feedback and catch logic regressions early.

Question 10

Typical CI stage: Integration tests

Answer 10

Tests that run with real components (e.g., DB in container, Spring context). Catch wiring/config/contract issues.

Question 11

What is a quality gate?

Answer 11

Automated checks that must pass before merging/deploying (lint, static analysis, coverage thresholds, security scans).

Question 12

What is an artifact in CI/CD?

Answer 12

The immutable build output (e.g., JAR, Docker image). Best practice: build once, deploy the same artifact across environments.

Question 13

Why ‘build once, deploy same artifact’?

Answer 13

Prevents environment-specific differences, improves reproducibility, and makes debugging/rollbacks safer because you know exactly what ran in each env.

Question 14

What is promotion (artifact promotion)?

Answer 14

Moving the same artifact through environments (dev → staging → prod) after it passes validations in each stage.

Question 15

Why do we have environments (dev/staging/prod)?

Answer 15

Dev for rapid iteration, staging to validate in prod-like conditions, prod for real users. Separates risk and allows progressive validation.

Question 16

What should usually run in CI?

Answer 16

Build, unit tests, fast static checks, quick security scans. The goal is fast feedback on every PR/commit.

Question 17

What should usually run in CD?

Answer 17

Packaging/publishing artifacts, deployments to environments, smoke tests, post-deploy checks, approvals for prod.

Question 18

What is a smoke test?

Answer 18

A small set of fast tests that verify the deployed service is basically working (health endpoint, a key API call, DB connectivity).

Question 19

What is a rollback?

Answer 19

Returning to a known-good version after a bad deployment, often by redeploying the previous artifact.

Question 20

Simple rollback strategy

Answer 20

Redeploy the last known-good artifact/version. Works well when artifacts are versioned and deployments are automated.

Question 21

Blue/Green deployment

Answer 21

Maintain two environments (blue and green). Deploy to inactive one, switch traffic when healthy. Rollback = switch traffic back.

Question 22

Canary deployment

Answer 22

Deploy to a small percentage of users/traffic first. Monitor metrics. If healthy, ramp up; if not, stop/rollback.

Question 23

Feature flags: why useful?

Answer 23

Ship code disabled, enable gradually. Reduces risk, allows quick disable without redeploy, supports experiments.

Question 24

What is a runner/agent?

Answer 24

The machine/container that executes pipeline jobs (Jenkins agent/node or GitHub Actions runner).

Question 25

Jenkins vs GitHub Actions: Jenkins overview

Answer 25

Flexible CI server; pipelines defined in Jenkinsfile; requires more operational maintenance; uses agents/nodes and credentials store.

Question 26

Jenkinsfile: what is it?

Answer 26

A file defining the Jenkins pipeline (stages/steps). Can be Declarative or Scripted.

Question 27

GitHub Actions: workflow structure

Answer 27

YAML defines workflows → jobs → steps. Jobs run on runners; supports matrices, caching, environments, and secrets.

Question 28

GitHub Actions: what is a job?

Answer 28

A set of steps executed on the same runner. Jobs can run in parallel and depend on each other.

Question 29

GitHub Actions: what is a step?

Answer 29

A single action/command within a job (e.g., checkout code, run tests, build artifact).

Question 30

What is caching in CI?

Answer 30

Reusing dependencies/build outputs between runs to speed up builds (e.g., Maven/Gradle dependency cache).

Question 31

Why are flaky tests bad?

Answer 31

They fail intermittently without real regressions, wasting time, reducing trust in CI, and slowing delivery.

Question 32

Common causes of flaky tests

Answer 32

Time dependence, ordering dependence, shared state, network calls, race conditions, unstable external services.

Question 33

How to reduce flaky tests

Answer 33

Remove real network dependencies, control time, isolate state, deterministic data, proper waiting/timeouts, quarantine and fix root causes.

Question 34

What is 'works on my machine' in CI/CD context?

Answer 34

Local environment differs from CI (Java version, env vars, DB schema). Fix by standardizing environments and making builds reproducible.

Question 35

Common reasons a pipeline fails

Answer 35

Test failures, missing env vars/secrets, expired credentials, dependency conflicts, DB migration issues, timeouts.

Question 36

How to debug a pipeline failure (process)

Answer 36

Identify the failing stage → read logs → reproduce locally if possible → isolate root cause (code vs config vs infra) → fix → add prevention (tests/alerts).

Question 37

What is a quality gate example for Java?

Answer 37

Checkstyle/Spotless formatting, SpotBugs, SonarQube rules, minimum coverage threshold, dependency vulnerability scan.

Question 38

What is SAST?

Answer 38

Static Application Security Testing: scans code for security issues (e.g., insecure patterns) during CI.

Question 39

What is dependency scanning (SCA)?

Answer 39

Software Composition Analysis: scans dependencies for known vulnerabilities/licenses and can fail builds if risk is high.

Question 40

What are pipeline approvals used for?

Answer 40

To control risk for sensitive steps (like prod deploy). Adds a manual gate even if everything else is automated.

Question 41

Why separate unit vs integration tests in pipeline?

Answer 41

Unit tests give fast feedback; integration tests are slower but catch environment/config issues. Separation speeds PR iteration.

Question 42

What is artifact versioning?

Answer 42

Tagging build outputs with unique versions (commit SHA, semantic version). Enables traceability, rollback, and consistent promotion.

Question 43

What does 'immutable artifact' mean?

Answer 43

Once built and published, the artifact should never change. A given version always corresponds to the same bits.

Question 44

What is 'configuration vs code' separation?

Answer 44

Same code/artifact in all environments; environment-specific config is injected via variables, config files, or secret managers.

Question 45

How should secrets be handled?

Answer 45

Never in repo. Inject at runtime via Jenkins credentials, GitHub Secrets, or cloud secret managers; apply least-privilege IAM.

Question 46

What is least privilege?

Answer 46

Give systems/users only the permissions they need—reduces blast radius if credentials leak or systems are compromised.

Question 47

CI/CD + database migrations: why risky?

Answer 47

Schema changes can break running code. You need backward compatibility and controlled rollout.

Question 48

Safe migration pattern (backward compatible)

Answer 48

Add nullable column → deploy code that writes both → backfill → switch reads → add constraints later (NOT NULL/unique) when safe.

Question 49

Why avoid destructive DB changes in one deploy?

Answer 49

Dropping/renaming columns can break older app versions during rollout or rollback. Prefer phased, compatible changes.

Question 50

What is a post-deploy verification step?

Answer 50

Checks after deploy (smoke tests, health checks, monitoring dashboards) to confirm service health and catch issues early.

Question 51

What is a health check endpoint?

Answer 51

An endpoint (e.g., /health) that reports service status; used by orchestration and monitoring to detect failures.

Question 52

What metrics are useful post-deploy?

Answer 52

Error rate, latency (p95/p99), throughput, saturation (CPU/mem), DB connection pool usage, and key business metrics.

Question 53

What’s an SLO/SLI (basic)?

Answer 53

SLI: a measured indicator (latency, availability). SLO: target for that indicator (e.g., 99.9% availability). Helps decide rollout/rollback.

Question 54

What is observability’s role in CD?

Answer 54

It validates deployments: you monitor logs/metrics/traces to detect regressions quickly and decide whether to proceed or rollback.

Question 55

Pipeline speed: how to improve safely?

Answer 55

Cache dependencies, run jobs in parallel, optimize test suites, separate slow tests, and avoid rebuilding unchanged components.

Question 56

When should you fail the pipeline?

Answer 56

On compile errors, failed tests, critical quality gate violations, security scans exceeding threshold, or deployment health checks failing.

Question 57

What is a 'deployment gate'?

Answer 57

A condition that must be met to deploy or proceed (approvals, tests, health checks, error budget, change window).

Question 58

What is a CI/CD “stage isolation” benefit?

Answer 58

It tells you exactly where it failed (build vs unit tests vs integration tests) and makes debugging faster.

Question 59

How does CI support code review?

Answer 59

CI runs on PRs to provide automatic validation; reviewers can trust the PR passes tests and quality checks.

Question 60

What is a typical Java/Spring pipeline command set?

Answer 60

Checkout → set Java version → mvn/gradle build → run unit tests → run integration tests → package JAR/Docker image → publish artifact → deploy → smoke tests.

Question 61

How to talk about CI/CD if you didn’t write pipelines directly

Answer 61

Emphasize you can read pipelines, interpret failures, collaborate with DevOps, and propose improvements (quality gates, faster feedback, safer deploy).

Question 62

Example CI improvement idea (SE II+)

Answer 62

Split unit and integration tests; make unit tests mandatory on PR, run integration tests on merge to main or nightly if expensive.

Question 63

Example CD safety improvement idea (SE III signal)

Answer 63

Adopt canary/blue-green for critical services, add automatic rollback triggers based on error rate/latency thresholds, and use feature flags.

Question 64

What is a 'release artifact repository'?

Answer 64

A place to store versioned build outputs (e.g., Artifactory, Nexus, container registry). Enables promotion and rollback.

Question 65

Why tag builds with commit SHA?

Answer 65

Traceability: you can map a deployed artifact back to exact source code and investigate regressions.

Question 66

How do approvals relate to compliance?

Answer 66

Some orgs require change control; approvals provide auditable checkpoints for production changes.

Question 67

What is drift between environments?

Answer 67

When environments differ (config, dependencies, schema). Minimizing drift improves reliability and reduces surprises in prod.

Question 68

How do you minimize environment drift?

Answer 68

Use infrastructure-as-code, promote same artifact, externalize config, use containers, and keep schemas aligned via migrations.

Question 69

What is a 'pipeline as code' benefit?

Answer 69

Versioned pipeline definitions (Jenkinsfile/YAML) reviewed via PRs; changes are auditable and reproducible.