Script Valley
Docker: Complete Course
CI/CD with Docker and Container Registries/Assessment

Practice & Assessment

Test your understanding of CI/CD with Docker and Container Registries

Multiple Choice Questions

6
1

What is the advantage of tagging a Docker image with a Git commit SHA in CI?

2

What does `cache-to: type=gha,mode=max` do in a docker/build-push-action step?

3

Why should the `latest` tag never be used in a production deployment manifest?

4

In a GitHub Actions job with a PostgreSQL service container, when does the database become available to your test step?

5

Setting `exit-code: 1` in the Trivy GitHub Actions step does what?

6

What does `load: true` do in a docker/build-push-action step?

Coding Challenges

1
1

Write a GitHub Actions workflow that builds, scans, and pushes a Docker image

Write a complete GitHub Actions workflow YAML file (.github/workflows/docker.yml) that triggers on push to main. The workflow must: (1) check out the code, (2) log in to GHCR using GITHUB_TOKEN, (3) set up BuildKit using docker/setup-buildx-action, (4) use docker/metadata-action to generate tags including sha type and latest (only on main branch), (5) build and push the image to ghcr.io/your-org/your-repo with both cache-from and cache-to set to type=gha, (6) after the push step, build the image again with load: true (tagged as app:scan) and run aquasecurity/trivy-action with severity: CRITICAL,HIGH and exit-code: 1. The scan must run after the push step. Test the workflow locally using act or submit the YAML for review. Estimated time: 30 minutes.

Hard

Mini Project

1

End-to-End Dockerized Application with CI/CD Pipeline

Build a complete pipeline for a Node.js REST API. Part 1 — Application: Write a minimal Express app with one GET /health endpoint returning {status: 'ok'} and write an integration test that starts the server and calls the endpoint. Part 2 — Docker: Write a multi-stage Dockerfile (builder stage for TypeScript compilation, production stage using node:20-alpine with a non-root user). Write a .dockerignore. Part 3 — Compose: Write a docker-compose.yml for local dev with a bind mount on src/ and docker-compose.override.yml for any dev-only config. Part 4 — CI: Write a GitHub Actions workflow that on push to main: runs npm test, builds the image with GHA build cache, scans with Trivy blocking on CRITICAL/HIGH CVEs, uses metadata-action to tag with SHA and latest, and pushes to GHCR. The image must be under 150MB. Document the full workflow with a README covering local dev setup and CI/CD explanation.

Hard