All artifacts must be named, versioned, and retained in a repository.
A name and a semantic version allows artifacts to be located in a repository. The name and a build version allows artifacts to be traced back to source code and potentially reproduced.
- Artifact dependencies are artifacts.
- Versions in dependency tree should be pinned to ensure final artifact is immutable.
- Only releasable artifacts may be promoted to production environments.
- Releasable artifacts have a release semantic version (without -SNAPSHOT, -alpha, or -beta suffix).
- Releasable artifacts are immutable.
- The source code for releasable artifacts must be tagged in source control.
- An inventory of released artifacts (with license and dependency information) should be kept to enforce license policy
- Must be semantically versioned.
- Must be archived in a repository with the semantic version.
- Must be semantically and build versioned.
- Must have source code in source control.
- Must be queryable for their semantic version and dependency versions.
- Must be queryable for their build version, potentially a git hash code.
- Must be immutable.
- Must be traceable.
- Must have source code available.
- Must have an appropriate license.
- Must be immutable.
This work is licensed under a Creative Commons Attribution 4.0 International License.