Interview CI/CD & GitOps

How would you implement automatic rollback if a deployment is unhealthy?

CI/CD & GitOps · Basic level

Answer

Automatic rollback should be driven by health checks, deployment status, and runtime metrics. The pipeline or rollout controller watches readiness, errors, latency, saturation, and business signals; if thresholds fail, it reverts traffic or rolls back the Deployment, Helm release, or GitOps commit.

Technical explanation

CI/CD should optimize both speed and safety: fast feedback for developers, controlled promotion for environments, and clear evidence for operations.

The deployable artifact should be built once, versioned, scanned, and promoted by immutable version or digest rather than rebuilt per environment.

Use automated gates for tests, policy, security, and health checks; use human approval only for risk decisions that automation cannot make reliably.

Track delivery health with lead time, deployment frequency, change-failure rate, MTTR, pipeline duration, queue time, and flaky failure rate.

Hands-on example

1. Create or update a Jenkinsfile for the scenario: How would you implement automatic rollback if a deployment is unhealthy.

2. Use a Declarative Pipeline skeleton: pipeline { agent { label 'linux && docker' } options { timestamps(); disableConcurrentBuilds() } stages { stage('Checkout') { steps { checkout scm } } stage('Test') { parallel { stage('Unit') { steps { sh 'make unit' } } stage('Lint') { steps { sh 'make lint' } } } } } post { always { junit 'reports/*.xml'; cleanWs() } failure { echo 'notify team' } } }.

3. Deploy the new artifact beside the old version, run smoke checks, shift 5% traffic, evaluate error rate and p95 latency for 10 minutes, then either increase traffic or rollback to the previous digest.

4. Publish the immutable result: tag the image with the Git SHA, push to ECR/Nexus, archive test reports, and record build URL, commit SHA, artifact digest, approver, and deployment status.

5. Prove the design by rerunning the same commit twice: the second run should reuse safe caches, produce the same artifact version or detect it already exists, and avoid duplicate side effects.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More CI/CD & GitOps interview questions

← All CI/CD & GitOps questions