Best Practices for Artifact Management and Version Control in CI/CD Pipelines

Artifact management is arguably the most important feature of a pipeline. At its core, a pipeline creates binary or package artifacts from source code and deploys them to the appropriate infrastructure, powering the applications being released.

The most important rules for assets and source code are as follows:

All files that constitute an application should be managed using source control.

Unfortunately, despite how basic this rule appears, many organizations still fail to follow it. Traditionally, developers only use version‑control systems for application source code and neglect other supporting files such as install scripts, configuration files, or test data.

Everything that participates in the application lifecycle should be checked into source control, including but not limited to:

Source code

Build scripts

Pipeline definition files

Configuration files

Tests and test data

Database schemas

Database migration scripts

Infrastructure definition scripts

Cleanup/installation/removal scripts

Other related files

The ultimate goal is that anyone can inspect everything related to the application and recreate it locally or in any alternative environment.

A common anti‑pattern is the use of special deployment scripts that exist only on a particular machine or a specific team member’s workstation, or even attachments on a wiki page.

Version control also means that all these resources have an audit trail and a detailed history of every change. If you want to see what the application looked like six months ago, you can easily retrieve that information using the tools provided by your version‑control system.

Note that while all these resources should be version‑controlled, they do not have to reside in the same repository. Whether you use multiple repositories or a single one is a decision that requires careful consideration and has no one‑size‑fits‑all answer. The important part is to ensure that everything is truly under version control.

Although GitOps is an emerging practice that promotes using Git for deployment, you should not adopt this best practice solely because you are using GitOps. Regardless of the software delivery model you follow, having a historical and auditable record of project assets is always beneficial.