Portal | Level: L1: Foundations | Topics: CI/CD | Domain: DevOps & Tooling
CI/CD Drills¶
10 drills for CI pipeline and security scanning operations. Each takes 1-5 minutes.
Difficulty: [E] Easy (recall) | [I] Intermediate (combine flags/tools) | [H] Hard (multi-step debugging)
Remember: The CI pipeline order matters: Lint (cheapest, fastest) -> Test (catch logic errors) -> Build (compile/image) -> Scan (vulnerabilities) -> Deploy (most expensive). Fail fast: put the quickest checks first so broken code never reaches the slow steps. Mnemonic: "LTBSD" — Lint, Test, Build, Scan, Deploy.
Gotcha:
trivy imagescans the image filesystem for OS and library CVEs, but it does NOT catch misconfigurations in your Dockerfile. Usetrivy config Dockerfileseparately to catch things like running as root, hardcoded secrets, or missing health checks.Debug clue: If
helm template | kubectl apply --dry-run=clientpasses but the actual deploy fails, the issue is likely runtime — missing secrets, unavailable images, or resource quota exhaustion.--dry-run=clientonly validates schema, not cluster state.
Drill 1: Run Trivy scan [I]¶
Question: Scan the grokdevops Docker image for CRITICAL and HIGH vulnerabilities.
Relevant lab:training/interactive/runtime-labs/lab-runtime-06-trivy-fail-to-green/
Answer: answers/ci_answers.md
Drill 2: Lint the Helm chart [E]¶
Question: Validate the grokdevops Helm chart for template errors.
Answer: answers/ci_answers.mdDrill 3: Run unit tests [E]¶
Question: Run the Python test suite for the grokdevops application.
Answer: answers/ci_answers.mdDrill 4: Build the Docker image [E]¶
Question: Build the grokdevops Docker image with a test tag.
Answer: answers/ci_answers.mdDrill 5: Validate Terraform [I]¶
Question: Check Terraform configuration for syntax errors and formatting issues.
Answer: answers/ci_answers.mdDrill 6: Check CI workflow [E]¶
Question: Find the GitHub Actions CI workflow file and list which jobs it runs.
Answer: answers/ci_answers.mdDrill 7: Scan for specific CVE [I]¶
Question: Check if the grokdevops image is affected by a specific CVE (e.g., CVE-2023-44487).
Answer: answers/ci_answers.mdDrill 8: Validate Kubernetes manifests [I]¶
Question: Validate all Helm-generated Kubernetes manifests against the K8s schema.
Answer: answers/ci_answers.mdDrill 9: Check image base [E]¶
Question: Determine the base image used in the grokdevops Dockerfile.
Answer: answers/ci_answers.mdDrill 10: Run the full CI pipeline locally [H]¶
Question: Run all CI checks (lint, test, build, scan) in sequence locally.
Answer: answers/ci_answers.mdWiki Navigation¶
Related Content¶
- Adversarial Interview Gauntlet (30 sequences) (Scenario, L2) — CI/CD
- CI Pipeline Documentation (Reference, L1) — CI/CD
- CI/CD Flashcards (CLI) (flashcard_deck, L1) — CI/CD
- CI/CD Pipelines & Patterns (Topic Pack, L1) — CI/CD
- Circleci Flashcards (CLI) (flashcard_deck, L1) — CI/CD
- Dagger / CI as Code (Topic Pack, L2) — CI/CD
- Deep Dive: CI/CD Pipeline Architecture (deep_dive, L2) — CI/CD
- GitHub Actions (Topic Pack, L1) — CI/CD
- Interview: CI Vuln Scan Failed (Scenario, L2) — CI/CD
- Jenkins Flashcards (CLI) (flashcard_deck, L1) — CI/CD
Pages that link here¶
- Adversarial Interview Gauntlet
- CI Pipeline
- CI/CD - Skill Check
- CI/CD Pipeline Architecture
- CI/CD Pipelines & Patterns
- CI/CD Pipelines - Primer
- Dagger
- Dagger / CI as Code - Primer
- DevOps Tooling Domain
- Drills
- GitHub Actions - Primer
- Github Actions
- Platform Engineering Patterns - Primer
- Runbook: Build Failure Triage
- Runbook: Container Registry Pull Failure