Microsoft: Docker Image Tagging with Commit SHA — DevOps Interview Q&A (2026)

All Questions Essential 0/100

81. Docker Image Tagging with Commit SHA

Beginner Mode

Start your terminal to use beginner mode.

Objective

A repository at /home/interview/repo contains a Dockerfile and a starter GitHub Actions workflow, but no automated build process.

Task

Complete the workflow at .github/workflows/build.yml so that every push to the main branch builds a Docker image named app tagged with the short commit SHA.

File Path

Workflow: /home/interview/repo/.github/workflows/build.yml
Dockerfile: /home/interview/repo/Dockerfile

name: build

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set commit tag
        run: |
          TAG=$(git rev-parse --short HEAD)
          echo "TAG=$TAG" >> $GITHUB_ENV

      - name: Build image
        run: docker build -t app:${{ env.TAG }} .

Explanation

Step 1: Checkout the Repository

- uses: actions/checkout@v4

GitHub Actions runners start with an empty workspace. Without actions/checkout, there is no repo, no Dockerfile, and no git history. This step clones the repository so subsequent steps can access the code and run git commands.

Step 2: Compute the Short Commit SHA

- name: Set commit tag
  run: |
    TAG=$(git rev-parse --short HEAD)
    echo "TAG=$TAG" >> $GITHUB_ENV

git rev-parse --short HEAD outputs the first 7 characters of the current commit hash (e.g. a3b8f1c). Writing it to $GITHUB_ENV makes the variable available to all subsequent steps in the job. This is the standard way to pass computed values between steps in GitHub Actions.

Step 3: Build and Tag the Image

- name: Build image
  run: docker build -t app:${{ env.TAG }} .

${{ env.TAG }} reads the variable set in the previous step. The resulting image is tagged as app:<short-sha> (e.g. app:a3b8f1c), which ties every image directly to the commit that produced it. This makes it trivial to trace a running container back to its source code.

Why Not Use latest?

Tagging images as latest tells you nothing about which version of the code is running. If two developers push within minutes of each other, both images are latest and you cannot tell them apart. Commit SHA tags are unique, immutable, and directly map to a point in the git history, making rollbacks and debugging straightforward.

Terminal requires a larger screen

Open this page on a desktop or tablet (≥ 768px) to launch the terminal and practice hands-on.

Linux Terminal Environment

Write and execute your solution in the terminal below.

Essential

Linux 0/29

AWS 0/10

Kubernetes 0/15

CI/CD 0/5

Networking 0/9

Question	Difficulty	Company	Access
Create AWS IAM Admin User with Group and Policy	Easy	Accenture	Free
Create IAM Role for EC2 with Full IAM Access	Easy	Coinbase	Free
Create a Hello World Lambda Function	Easy	Adobe	Free
Launch an EC2 Web Server Instance	Easy	EPAM	Free
Design Egress Only VPC with NAT	Medium	Twitch	Free
Audit and Enforce Least-Privilege IAM Permissions	Easy	Amazon	Free
Create Route 53 Hosted Zone and DNS Records	Easy	Kayak	Free
Create Route 53 Health Checks	Easy	Autodesk	Free
Build a Serverless API with Lambda, API Gateway, and DynamoDB	Hard	Amazon	Free
Deploy an Internal Web App with VPC, EC2, ALB, and Route 53	Hard	Lyft	Free
Managing High I/O Processes	Easy	Revolut	Free
Analyzing Log Partition Usage	Medium	RedHat	Free
Using Unmounted Partitions	Medium	RedHat	Free
Tracing Log File Writes	Easy	Bloomberg	Free
Port Conflict Resolution	Easy	Datadog	Free
Diagnose Nginx CPU Bottleneck	Easy	Palantir	Free
Debug SSH Lockout	Medium	TCS	Free
Monitoring Process Ownership	Medium	HashiCorp	Free
Rapid Disk Growth on /var	Hard	Google	Free
Detect Memory Leak by Monitoring RSS	Medium	Google	Free
Fix Inode Exhaustion Issue	Medium	DeutscheBank	Free
Fix HTTPS Certificate Error	Medium	GitHub	Free
Real-Time Log Timestamping	Medium	Adobe	Free
Manage Service Failure Recovery	Hard	Apple	Free
Nginx Rate Limit Calculation	Hard	Cloudflare	Free
Update Cloud Configs	Medium	Stripe	Free
Automated Archive and Retention	Hard	Microsoft	Free
Trace Process Service Ownership	Hard	NVIDIA	Free
Handling Large Log Archives	Easy	Amazon	Free
Upload-Safe File Partitioning	Medium	GoDaddy	Free
Fix Port Exhaustion for High-Speed Scraper	Medium	X	Free
Validating Network Routes	Medium	Google	Free
Validating DNS Consistency	Easy	SAP	Free
Network Packet Loss Diagnosis	Easy	Cloudflare	Free
Network Port Service Cleanup	Easy	Apple	Free
Temporary Route Configuration	Easy	Spotify	Free
Inspecting HTTP Traffic Flow	Medium	Airbnb	Free
Network Socket Usage Analysis	Easy	SAP	Free
Forward Traffic Between Ports	Medium	Meta	Free
Crashing Misconfigured Pod	Medium	Reddit	Free
Image Pull BackOff and Secrets	Medium	Datadog	Free
CronJob Schedule Misconfiguration	Medium	RedHat	Free
Traffic Splitting with Native Kubernetes	Medium	Adobe	Free
ConfigMap Reload with Sidecar	Medium	Yelp	Free
Implement StatefulSet with Stable DNS	Medium	Okta	Free
StorageClass and PVC Expansion	Medium	Datadog	Free
OOMKilled Pod Analysis & Fix	Medium	Accenture	Free
Secure Internal Service Communication	Medium	Dropbox	Free
CRD Schema Validation	Hard	Slack	Free
Dynamic Volume Expansion	Easy	EPAM	Free
Custom Resource Definition Setup	Medium	ActivisionBlizzard	Free
Create Namespace	Easy	Accenture	Free
Pod with Readiness Probe	Easy	Zscaler	Free
Pod Viewer Access	Easy	Reddit	Free
Insecure Container with Root User	Medium	Accenture	Free
Macvlan Network Configuration Fix	Hard	Uber	Free
Container CPU Limit Configuration	Easy	IBM	Free
Memory Limit and OOM Killer	Medium	DeliveryHero	Free
Graceful Shutdown with SIGTERM Handling	Medium	Robinhood	Free
Log Rotation Size Limit Configuration	Easy	DeliveryHero	Free
Docker Multi-Architecture Image	Easy	Accenture	Free
Docker Binary Architecture	Easy	Adobe	Free
Docker Storage Driver Performance	Medium	GitHub	Free
Docker Volume Cross-Platform Consistency	Easy	GitLab	Free
Optimize Dockerfile	Medium	Shopify	Free
Rebase Feature Branch onto Correct Base	Easy	Samsung	Free
Restore File to Previous Version	Medium	Slack	Free
Convert Remote from HTTPS to SSH	Easy	EPAM	Free
Rebase Feature Branch	Easy	GitHub	Free
Stash Work, Fix Bug, Restore and Update	Medium	IBM	Free
Remove Last Commit and Discard Changes	Easy	GitLab	Free
Shallow Clone Limited to Latest Commit	Easy	Elastic	Free
Checkout Single File from Another Branch	Easy	Twilio	Free
Remove File from Entire Git History	Medium	Netflix	Free
Merge Repositories Preserving Both Histories	Medium	Zscaler	Free
Fix Repository with Unrelated Histories	Medium	Zscaler	Free
Stage Only Specific Files	Easy	CrowdStrike	Free
Undo Commits but Keep Changes	Easy	CrowdStrike	Free
Cherry-Pick Specific Commit	Easy	Ubisoft	Free
Recover Lost Commits from Detached HEAD	Medium	Kayak	Free
Docker Image Tagging with Commit SHA	Medium	Microsoft	Free
Matrix Build Strategy	Medium	Spotify	Free
Multi-Job Workflow with Artifact Handoff	Medium	Anthropic	Free
Path-Based Workflow Execution	Medium	Coinbase	Free
Automated Rollback on Deployment Failure with Values File Restoration	Medium	NVIDIA	Free
Two Sum	Easy	Cloudflare	Free
Valid Palindrome	Easy	Capital One	Free
Best Time to Buy and Sell Stock	Easy	Palantir	Free
Valid Parentheses	Easy	Splunk	Free
Binary Search	Easy	Intel	Free
Group Anagrams	Medium	Netflix	Free
Top K Frequent Elements	Medium	Cloudflare	Free
Product of Array Except Self	Medium	Samsung	Free
Valid Sudoku	Medium	AMD	Free
Longest Consecutive Sequence	Medium	Meta	Free
Two Sum II - Input Array Is Sorted	Medium	Databricks	Free
Container With Most Water	Medium	Amazon	Free
Search a 2D Matrix	Medium	SAP	Free
Contains Duplicate	Easy	Apple	Free
Valid Anagram	Easy	Anthropic	Free

Need more practice in this area? Explore more questions →