InfiniteSolutions

Delivery Systems

Build/Release/Run & Provenance

Source: content/manual/02-12factor/chapters/03-build-release-run-provenance.md

Purpose and scope

Separate build, release, and run; record provenance for traceability.

Outcomes

Reproducible releases with signed artifacts.
Faster rollback and audit readiness.
Lower cross-env drift.

Signals of trouble

Rebuilding per environment.
Unclear origin of production artifacts.
Manual promotion without records.

Remediation steps

Build once; sign OCI images; store provenance (SLSA/Sigstore).
Promote via GitOps; record approvals and environment diffs.
Automate rollback; test reversibility regularly.

Checklists and assets

playbooks/12factor-modernized/checklist.md build/run items.

References

SLSA, Sigstore, supply chain playbooks.