There are so many issues with what you have here… where to start…
You aren’t running tests, unless you put them in the dockerfile which is a bad idea…
You aren’t running security scans. how do you deploy manifest changes? Using Latest as a tag has so many issues.
This is a trivial and niave pipeline I would expect from a junior or intern.
Build pipelines are becoming more complicated because software is more complex. You can still promote ownership of the full pipeline while giving developers control.
Don’t shy away from it, understand it, embrace it. It’s just going to continue getting more complex
Adding steps for code quality scanning, dependency vulnerability analysis and a license scanner certainly makes it look like you actually achieved something in the next performance review, I will give you that.
You aren’t running tests, unless you put them in the dockerfile which is a bad idea…
You aren’t running security scans. how do you deploy manifest changes? Using Latest as a tag has so many issues.
This is a trivial and niave pipeline I would expect from a junior or intern.
Build pipelines are becoming more complicated because software is more complex. You can still promote ownership of the full pipeline while giving developers control.
Don’t shy away from it, understand it, embrace it. It’s just going to continue getting more complex