Questions on Pipeline Flashcards
(14 cards)
How did you handle failed builds or security vulnerabilities in the pipeline?
“If a build failed or a security issue was found, Jenkins would stop the pipeline and notify the team. We’d fix the issue, commit the changes, and restart the pipeline.”
What Jenkins plugins or configurations did you use to manage the pipeline?
“We used plugins like the Git plugin to pull code, the SonarQube plugin for code quality checks, and the UrbanCode Deploy plugin for deployments. Jenkins was configured to run tests and scans automatically.”
How did you ensure smooth deployments across different environments?
“UrbanCode Deploy handled the deployments, and we made sure each environment (Dev, QA, UAT, PROD) had the same setup. We also tested the deployment process in Dev before moving to other environments.”
How did you handle rollbacks or hotfixes in production?
“If something went wrong in production, we could roll back to the previous version using UrbanCode Deploy. For hotfixes, we’d create a separate branch, fix the issue, and deploy it quickly.”
How did you ensure compliance with coding standards and security policies?
“Tools like SonarQube and Checkmarx automatically checked the code for compliance and security issues. If any problems were found, we fixed them before deploying.”
Can you explain how SonarQube or Checkmarx integrates with Jenkins?
“Jenkins would run SonarQube and Checkmarx scans as part of the pipeline. If any issues were found, the pipeline would stop, and we’d get a report to fix the problems.”
What challenges did you face with UrbanCode Deploy, and how did you resolve them?
“Sometimes deployments would fail because of environment differences. We fixed this by making sure all environments were set up the same way and testing deployments in Dev first.”
How was the DEV environment auto-deployed?
the Dev environment is set up to automatically deploy code after it passes basic checks
After a Git commit, Jenkins would automatically build and test the code.
If the build and tests passed, Jenkins would trigger UrbanCode Deploy to push the code to the Dev environment.
This process didn’t require manual intervention, making it fast and efficient for developers to test their changes.
Did you have any environments that were automated? e.g. Dev environment
Yes, once a PR was merged and passed the necessary status checks in Github:
(Unit testing, Checkmarx, Blackduck, SonarQube….)
the code was merged into the main branch for the development environment. It triggered a deployment pipeline
What kind of tests were run during the PR checks?
“We used Jasmine and Karma for unit testing. These tools ran automatically when a pull request was created, ensuring the code met functionality standards.”
What tools were used for security and compliance checks?
“We used Checkmarx for security scans, Blackduck for open-source compliance, and TruffleHog for scanning secrets (e.g., API keys, passwords) in the codebase.”
What does Jenkins do?
Jenkins is responsible for building and testing the code. It pulls the code from the latest repository, installs dependencies, runs tests (e.g. Jasmine/Karma), and packages the code into an artifact (e.g., a .jar file, Docker image, or .zip file).
What does UrbanCode Deploy (UDeploy) do?
UDeploy is responsible for deploying the artifact to various environments. It takes the artifact created by Jenkins and deploys it according to predefined processes and configurations.
UDeploy ensures that deployments are consistent, repeatable, and
