2.1.3. Building and Managing Artifacts

Imagine deploying version 2.3 of your application and discovering it behaves differently in production than in staging — same code, different behavior. This usually means the artifact wasn't truly immutable: dependencies shifted, a library updated between builds, or the build environment drifted. Without proper artifact management, every deployment becomes a gamble — you can't guarantee what you're deploying is what you tested. Worse, a compromised artifact repository can inject malicious code into your entire deployment pipeline without anyone noticing.

This section covers how to automate artifact creation (application bundles, container images, AMIs) and manage them securely through their lifecycle. How do you ensure that the container image running in production is byte-for-byte identical to what passed your integration tests?