CI and deployment

Question 1

continuous delivery

Answer 1

deploys built release to test and staging environments but does not release to production with out manual intervention/approval

Question 2

Continuous deployment

Answer 2

releases to production after automatic testing has been completed in dev/test and staging. Only a failed test will stop the release going to prod

Question 3

Continuous integration

Answer 3

automatic build of an application after a commit, merge or Pull request. Should include code quality tests

Question 4

Static analysis

Answer 4

check non-running code for bugs, vulnerabilities and knows bad programming patterns/smells

Question 5

Examples of static analysis tools

Answer 5

Sonarqube
white source bolt
PMD

Question 6

White source bolt

Answer 6

provides license and vulnerabilities details on 3-party packages in your project

Question 7

Dynamic analysis

Answer 7

ran against live deployed code. commonly used to run pentests against know vaubabilies like SQL injection

Question 8

Examples of Dynamic analysis tools

Answer 8

owsap ZED ATTACK PROXY (zap)

Question 9

What should unit tests be built for?

Answer 9

testing a single piece or a core function in isoloation.

Question 10

What test data should be used in unit tests

Answer 10

mock data from a file

Question 11

what data should be used in intergration tests

Answer 11

data hosted on the same DB system as the production enviormemtq

Question 12

Example of a good unit test

Answer 12

• short and run quickly
• tests code critical to the application
• needs to be repeatable and return the same result everytime when everything is in a working state
• should not test external libaires, this should be done in intergration tests
• should not be done on combined functions and methods

Question 13

When should you make a package

Answer 13

when code can be reused across your projects and the code does not need to be changed oftern

Question 14

what is a packaged

Answer 14

ready to run compiled or uncompiled code depeneding on the langauge. Stored in compressed zip files that have a different exnteions based on the langauge/frameworkv

Question 15

Symantec versioning

Answer 15

in x.x.x format. major breaking change. feature change that is backwards compatible. hotfix or patch

Question 16

Artifacts Feeds

Answer 16

can contained company created packages or used to monitor and maintain 3rd party packages being used if upstream sources has been enabled

Question 17

Common production deployment types

Answer 17

blue-green
canary/ring
rolling

Question 18

blue Green

Answer 18

release is deployed to green eniovrment then traffic is shifted fromm blue to green using azure taffic manage or appliaction gateway. provides a quick roll back option

Question 19

canary/ring

Answer 19

new features are provided to beta users so they can provide feedback

Question 20

rolling

Answer 20

release is deployed to 1 node/region at a time

Question 21

Where should secrets be stored

Answer 21

serects should not be stored on source control. Keyvault, secure varribles in pipelines and user profiles provided a plae to store serects with less risk

Question 22

Code Coverage

Answer 22

Shows % of code that is being tested via unit tests

Question 23

Code coverage fomrats suported by pipelines

Answer 23

coverlet, open cover, dotcover, visual studio, Cobertura and JaCoCo (JAVA)

Question 24

extension or task for adding code coverage in pipeline web interface

Answer 24

ReportGenerator

Question 25

difference between a gate and check

Answer 25

gates are in classic editor and checks are in used in yaml pipelines but a defined on the enivorment