The Ten-Factor CI Job
Job config is checked into source control.
Job operation is documented.
Job config uses one line commands.
All job dependencies are declared.
Dependencies are locked to specific versions.
The environments running jobs are immutable.
Job config does not contain hard-coded files paths.
Secrets are externalized.
Physical location of services is abstracted from the job.
Service dependencies are declared explicitly.
Build, release, run
The job produces a release artifact.
Test run data are extracted for human review.
There is a version constraint between the code being testing and the job's config.
No file system data is written for access by other runs or jobs.
The job is portable across different CI nodes.
The job performs resource cleanup on abnormal termination.
Base environment and dependencies can be provisioned in development.
Trusted users have controlled and audited access to secrets.
Job logs verbosely to stdout and stderr.
A permanent record is kept of each job, parameters, and generated artifacts.
View your Score