Book Exercise Lanes and External Exercises
This module is practice-heavy. External docs and hands-on work dominate; local book chunks are targeted reinforcement for git branching and tagging only.
How To Use This Page
- Finish the relevant concept page first.
- Attempt the practice page or kata from memory.
- Only then open the matching lane below.
- Keep a mistake log with tags such as
rebuilt per environment,long-lived branch,no rollback plan,coupled migration with code,static cloud key in CI,unsigned artifact deployed,approval without reviewer.
Lane 1: Branching and Tagging (Git book chunks)
Use this lane when the branching semantics from cluster 1 or the tagging semantics from cluster 4 feel shaky.
- Pro Git: Branch Management / Long-Running Branches
- Pro Git: Topic Branches and Remote Branches
- Pro Git: Pushing to Tracking Branches
- Pro Git: Rebasing, cherry-pick, and preparing a release
- Pro Git: Tagging
- Pro Git: Listing tags / deleting tags
- Pro Git: Signing commits and tags
- Git from the bottom up: Branching and rebase
Target outcomes:
- comfortable creating, pushing, and deleting remote-tracking branches
- comfortable with annotated and signed tags, including pushing tags to the remote
- can describe in one paragraph why rebasing a short-lived branch is safe while rebasing a published branch is not
Lane 2: Pipeline YAML Fluency (GitHub Actions)
- GitHub Actions quickstart -- build a first workflow
- Workflow syntax reference -- every key
- Example workflows -- copy-and-modify starting points
- Reusable workflows -- for larger pipelines
- Matrix builds -- testing across versions / OSes
Target outcomes:
- 3 working workflows authored (one each: test-only, build-and-push, deploy)
permissions:set explicitly on every workflow- actions pinned by SHA for anything with
secrets:exposure - caches configured for dependencies
Lane 3: Pipeline YAML Fluency (GitLab CI)
- Get started
.gitlab-ci.ymlreference- Pipeline architecture patterns -- multi-stage, child pipelines
- CI/CD components -- reuse across projects
Target outcomes:
- 2 working
.gitlab-ci.ymlfiles (one monorepo-style, one simple service) - stages and
needs:used deliberately, not by accident - protected environments configured
- ID tokens / OIDC used for cloud auth where applicable
Lane 4: Deployment Strategy Practice
- Argo Rollouts: Getting started
- Argo Rollouts: Canary
- Argo Rollouts: BlueGreen
- Flagger tutorials -- service-mesh-native canary
- Google SRE Workbook: Canarying Releases
Target outcomes:
- one Argo Rollouts or Flagger canary manifest that you have actually applied and observed
- rollback exercised intentionally at least once per strategy
- a written rollback trigger in PromQL (or vendor equivalent) for each scenario
Lane 5: Release Engineering Practice
- Semver.org -- spec walkthrough
- Keep a Changelog 1.1.0
- Conventional Commits 1.0.0
- release-please (GoogleCloudPlatform) -- versioning + changelog automation
- semantic-release -- alternative automation
- Sigstore Cosign usage -- signing commands
- SLSA -- provenance generation for GitHub Actions -- ready-to-use SLSA L3 generator
Target outcomes:
- one automated release (release-please or semantic-release) on a repo
- one signed image verified in a deploy pipeline
- one SLSA provenance document produced and attached to an artifact
Lane 6: Database Migration Practice
- Martin Fowler: EvodB -- foundational reading
- Flyway: Getting started
- Liquibase: Get started
- gh-ost -- online MySQL
- pg_repack -- online PostgreSQL
Target outcomes:
- one end-to-end expand/contract sequence performed on a staging database with production-like data volumes
- timed at least one big-table migration with an online tool and documented the duration vs a naive
ALTER TABLE - a team-facing playbook documenting which migration shapes are safe-by-default and which need a dry run
Lane 7: Pipeline Security Practice
Target outcomes:
- at least one long-lived cloud credential replaced with OIDC
- at least one workflow with overly-broad permissions tightened
- a written threat model for a real pipeline listing which OWASP CI/CD risks apply
Self-Curated Problem Set
Build a custom set with at least:
- 2 pipelines authored from scratch (one Actions, one GitLab)
- 1 rollout plan with metric-gated rollback exercised in staging
- 1 expand/contract migration performed end-to-end
- 1 signed release with verified provenance
- 1 pipeline-security review producing a concrete remediation list
Completion Checklist
- Completed at least one lane in full
- Logged at least 10 real delivery mistakes and corrections
- Authored at least two working pipelines from scratch
- Exercised at least one rollback intentionally (not during an incident)
- Shipped at least one expand/contract migration without downtime
- Replaced at least one static cloud credential with OIDC