PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #70: Real Exam Question with Answer & Explanation

Question

You are creating a CI/CD pipeline in Cloud Build to build an application container image. The application code is stored in GitHub. Your company requires that production image builds are only run against the main branch and that the change control team approves all pushes to the main branch. You want the image build to be as automated as possible. What should you do? (Choose two.)

Options

• ACreate a trigger on the Cloud Build job. Set the repository event setting to 'Pull request'.
• BAdd the OWNERS file to the Included files filter on the trigger.
• CCreate a trigger on the Cloud Build job. Set the repository event setting to 'Push to a branch'
• DConfigure a branch protection rule for the main branch on the repository.
• EEnable the Approval option on the trigger.

Explanation

To automate production image builds from the main branch and ensure pushes to it are approved, configure a Cloud Build trigger for main branch pushes and enforce approvals via GitHub branch protection.

Common mistakes.

• A. A trigger on 'Pull request' builds changes before they are merged into the main branch, which is for pre-merge validation, not for building production images from the main branch after approval.
• B. Adding an OWNERS file to the trigger's included files filter is not the mechanism for enforcing branch approval or triggering production builds.
• E. While Cloud Build triggers can have an approval option, the primary mechanism for enforcing approvals for pushes to the main branch itself is via repository branch protection rules in GitHub; adding a Cloud Build approval after a push might add an unnecessary manual step if the main branch is already protected.

Concept tested. Cloud Build triggers and GitHub branch protection

Reference. https://cloud.google.com/build/docs/automating-builds/create-github-triggers

No community discussion yet for this question.