How do you handle build artifacts and where do you store them (Nexus, ECR)?
CI/CD & GitOps · Basic level
Answer
Build artifacts should be stored in a durable artifact repository or registry, not only in a Jenkins workspace. Examples are Nexus or Artifactory for packages, ECR for container images, S3 for build outputs, and Jenkins archiveArtifacts only for short-term logs or diagnostics.
Technical explanation
Artifacts should be immutable and addressed by version or digest, with metadata linking them to commit SHA and pipeline run.
Jenkins archived artifacts are convenient for diagnostics, but production deployment should consume from a controlled artifact repository or registry.
Keep build execution away from the controller; agents should be disposable, labeled, and sized for the workload.
Treat the pipeline definition as production code: peer review it, test changes, version shared libraries, and avoid hidden UI-only job logic.
Use least-privilege credentials, immutable artifacts, deterministic versions, and clear post-build cleanup to make pipelines repeatable and auditable.
Design stages around fast feedback: fail cheap checks early, isolate workspaces, parallelize independent work, and publish evidence such as test reports and build metadata.
Hands-on example
1. Create or update a Jenkinsfile for the scenario: How do you handle build artifacts and where do you store them (Nexus, ECR).
2. Use a Declarative Pipeline skeleton: pipeline { agent { label 'linux && docker' } options { timestamps(); disableConcurrentBuilds() } stages { stage('Checkout') { steps { checkout scm } } stage('Test') { parallel { stage('Unit') { steps { sh 'make unit' } } stage('Lint') { steps { sh 'make lint' } } } } } post { always { junit 'reports/*.xml'; cleanWs() } failure { echo 'notify team' } } }.
3. Inject secrets only in the narrowest stage, for example withCredentials([string(credentialsId: 'scanner-token', variable: 'TOKEN')]) { sh 'scanner --fail-on critical' }; do not echo TOKEN or write it into archived artifacts.
4. Publish the immutable result: tag the image with the Git SHA, push to ECR/Nexus, archive test reports, and record build URL, commit SHA, artifact digest, approver, and deployment status.
5. Prove the design by rerunning the same commit twice: the second run should reuse safe caches, produce the same artifact version or detect it already exists, and avoid duplicate side effects.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More CI/CD & GitOps interview questions
- What is CI/CD, and what is the difference between continuous delivery and continuous deployment?
- What are the goals of a CI pipeline beyond just running tests?
- What is Jenkins, and what is the difference between a controller and an agent?
- What is the difference between a freestyle job and a pipeline job in Jenkins?
- What is the difference between a declarative and a scripted Jenkins pipeline?
- What is a Jenkinsfile, and why keep your pipeline as code in the repo?
- Explain the structure of a declarative pipeline (agent, stages, steps, post).
- What is the post section used for, and what are its conditions (success, failure, always)?