Platform Lifecycle and Deployment Architect Exam Prep - Building

Building consists of 14% of total score in Salesforce Platform Lifecycle and Deployment Architect Exam. The topic covers source control, Salesforce DX & source tracking, development models and environments.

NOTE

Most of the content in this work was generated with the assistance of AI and carefully reviewed, edited, and curated by the author. If you have found any issues with the content on this page, please do not hesitate to contact me at support@issacc.com.

🧭 Source Control, Testing & Quality (Salesforce)

⚡ TL;DR

• 🧰 Git as source of truth; pick a branching model by team size, cadence, risk.
• 🧪 Own your test data; cover positive/negative/permission; mock externals.
• 📦 Prefer package-based + scratch orgs for modular CI/CD; use org-based + sandboxes for simpler/legacy.
• ✅ Enforce standards + PRs + reviews + static analysis in CI/CD.

---

1) 🗂️ Source Control Essentials (Git/GitHub)

Why Git: history, rollback, parallel work, reviews, CI hooks.

Key terms: repo • branch • commit • merge • tag
Merge types: fast-forward ↔️ recursive
Conflicts: overlapping edits on same lines (or delete vs edit)

🌳 Branching Models — Quick Chooser

• 🧩 Centralized: 1–3 devs, super simple.
• 🚀 GitHub Flow: CI/CD, short-lived features → PR → main.
• 🛤️ Gitflow: schedules, multiple trains; main + develop + feature/release/hotfix.
• 🌍 Forking: open-source, strict control.
• 🌲 Trunk-Based Dev (TBD): tiny branches, daily merges; feature flags.

❓ Flashcard: What triggers a merge conflict?

Same lines edited on different branches (or delete vs edit). Resolve locally, then merge.

🏷️ Flashcard: When to tag?

At releases using Semantic Versioning.

---

2) 🧰 Salesforce DX & Source Tracking

• 📜 VCS = source of truth; DX enables source-driven work.
• 🖥️ Salesforce CLI for pull/push, tests, deploy.
• 🧪 Scratch orgs: disposable, configurable, perfect for packages & CI.
• 🔁 Source Tracking: default in scratch; can enable for prod→Dev/Dev Pro sandboxes (some metadata still manual).

💡 Flashcard: Why scratch orgs for packages?

Clean, reproducible envs; automation-friendly; minimal config drift.

---

3) 🧪 Test Data & Unit Testing (Apex)

Always create test data → repeatable, env-agnostic tests.
Methods: brute force • @TestSetup • Test Data Factory • CSV static resource (great for large volumes).
Default: tests don’t see org data → avoid SeeAllData=true (rare exceptions).

Test types

• ✅ Positive: valid in → expected out.
• 🚫 Negative: invalid/edge → graceful handling.
• 🔐 Permission-based: System.runAs() to verify CRUD/FLS/perm behavior.
• 🧪 Mocks/Stubs: HttpCalloutMock, Test.setMock(), StubProvider.

📦 Flashcard: When to use a CSV static resource?

Seeding large data volumes fast (scale/perf tests).

🧱 Flashcard: What belongs in @TestSetup?

Reusable baseline records shared by all tests (reset between methods).

---

4) 🏗️ Development Models & Environments

🏢 Org-Based Model

• Sandboxes + VCS; more manual change tracking.
• Good for smaller/legacy teams.

📦 Package-Based Model

• Modular (unlocked/2GP) packages, immutable versions, dependencies.
• Needs Dev Hub (enable Unlocked/2GP).
• Works best with scratch orgs, CI, automated tests.

🧱 Environments

• 🧪 Scratch orgs: temp, automated, ideal for features/CI/packages.
• 🏖️ Sandboxes: dev/integration/testing/training with prod-like data.
• 🧑‍💻 Dev Edition vs 🤝 Partner DE: Partner DE = more API/storage/licenses (great for partners & apps).

Tip

Many teams & modules + CI ➜ Package-based + scratch orgs
Simpler/legacy ➜ Org-based + sandboxes

---

5) ✅ Ensuring Code Quality

Standards & frameworks

• 🧾 Team naming/style; trigger framework (e.g., Kevin O’Hara), error logging, bypass via custom perms/settings.
• 🧠 Apex best practices: bulkify, avoid SOQL/DML in loops, use Limits, clear comments.

PRs & Reviews

• Every change via PR → automated checks + human review.
• Use a checklist: standards, limits, security (CRUD/FLS), performance, readability.
• Keep feedback respectful & actionable; fix before merge.

Static Analysis

• 🔎 Tools: PMD, Salesforce CLI Scanner, CodeScan, Clayton.
• Run in CI on every PR; block on criticals.

Security (AppExchange)

• 🛡️ Validate vs OWASP threats; enforce CRUD/FLS (common failure).

🧰 Flashcard: What runs in CI before merge?

Static analysis + unit tests (plus build/package steps).

---

🧭 Scenario Playbook (Quick Picks)

🔀 Multiple teams, different timelines

GitHub Flow or Gitflow; feature branches + PR; protect main.

🚑 Need releases + hotfixes

Gitflow with release/hotfix branches.

🌐 External contributors

Forking; PRs from forks; maintainers control merge.

⚡ Rapid CI/CD, minimal branch complexity

TBD with feature flags; small daily merges.

🧩 Tests broke after record type changes

Update @TestSetup; query record type Ids dynamically (no hard-coding).

📈 Ops volume up (150 → 300/hr)

Double test data; factory/CSV; add negative & permission tests.

🏗️ One org, independent releases

Package-based + scratch orgs; enable Dev Hub, Unlocked/2GP.

---

🧾 Mini-Checklists

PR Checklist

• 🧪 Tests (positive/negative/perm) updated
• 🔎 Static analysis passes (no new criticals)
• 🔐 CRUD/FLS + limits respected
• 🧱 Naming/format/trigger framework followed
• 🏷️ Release tag/rollback plan ready

Test Checklist

• 🧰 @TestSetup or factory used
• 🚫 No SeeAllData=true (unless justified)
• 🌐 Mock callouts; stub internals
• ✅ Asserts verify behavior & messages
• 📊 Data volumes approximate reality

📈 Flow Charts

🌳 Branching Strategy Chooser

flowchart TD
  A[Start] --> B{Team size / cadence}
  B -->|Tiny team, simple| C[Centralized<br/>single main]
  B -->|Rapid CI/CD| D[GitHub Flow<br/>short-lived branches + PRs]
  B -->|Multiple releases / hotfixes| E[Gitflow<br/>main + develop + feature/release/hotfix]
  B -->|External contributors| F[Forking<br/>PRs from forks]
  B -->|Daily merges, flags| G[Trunk-Based Dev<br/>tiny branches + feature flags]

🚀 GitHub Flow (happy path)

flowchart LR
  A[Create branch from main] --> B[Commit changes]
  B --> C[Open Pull Request]
  C --> D[CI: tests & static analysis]
  D -->|Pass| E[Review & Approve]
  D -->|Fail| B
  E --> F[Merge to main]
  F --> G[Delete branch & deploy]

🛤️ Gitflow Overview

flowchart LR
  subgraph Primary
    M[main] --- D[develop]
  end

  subgraph Feature Cycle
    D --> F1[feature/*]
    F1 --> D
  end

  subgraph Release Cycle
    D --> R[release/*]
    R --> M
    R --> D
  end

  subgraph Hotfix
    M --> H[hotfix/*]
    H --> M
    H --> D
  end

🌲 Trunk-Based Development

flowchart TD
  A[Work in trunk or very short-lived branch] --> B[Small commits daily]
  B --> C[CI runs: build, tests, lint]
  C -->|Green| D[Merge quickly to main]
  C -->|Red| A
  D --> E[Feature flags hide incomplete work]
  E --> F[Continuous deploy]

🧪 Apex Testing & Test Data Map

flowchart LR
  T1["@TestSetup / Factory / CSV"] --> T2["Isolated Test Data"]
  T2 --> T3["Positive Tests"]
  T2 --> T4["Negative Tests"]
  T2 --> T5["Permission-based Tests (runAs)"]
  T2 --> T6["Mocks & Stubs"]
  T3 --> T7["Assertions: expected outputs"]
  T4 --> T8["Try/Catch + expected exceptions"]
  T5 --> T9["CRUD/FLS & sharing verified"]
  T6 --> T10["External deps isolated"]

🔁 Merge Types (quick reference)

flowchart LR
  subgraph Fast-Forward
    A1[main] --> B1[feature tip]
  end
  subgraph Recursive Merge
    A2[main] --- B2[feature]
    B2 --> C2[merge commit on main]
  end

📚 Flashcards

🌳 Git & Branching

🌱 What’s the difference between Git and GitHub?

• Git: local version control tool (commits, branches, merges).

• GitHub: hosted collaboration platform (PRs, issues, reviews, CI hooks).

🧩 When should I use Centralized workflow?

• Tiny team (1–3)

• Simple collaboration, minimal branching

• Low risk of conflicting changes

🚀 When should I use GitHub Flow?

• CI/CD with rapid releases

• Short-lived feature branches → PR → main

• High collaboration, fast feedback

🛤️ When should I use Gitflow?

• Multiple release trains / scheduled releases

• Need release and hotfix branches

• Large/complex projects

🌍 When should I use Forking?

• Open-source or external contributors

• Strict control over what gets merged

🌲 When should I use Trunk-Based Development (TBD)?

• Very fast delivery

• Tiny/short-lived branches, daily merges to main

• Use feature flags for incomplete work

🔀 What causes a merge conflict?

• Two edits to the same lines (or delete vs edit) across branches.

🏷️ When should I create a tag?

• At releases; prefer Semantic Versioning (e.g., v2.3.1).

⛳ Fast-forward vs recursive (merge commit)?

• Fast-forward: target moves to feature tip; no merge commit.

• Recursive: creates a merge commit to combine histories.

---

🧰 Salesforce DX & Environments

🧭 What’s the source of truth in modern Salesforce dev?

• The version control system (Git), not any individual org.

🧪 Why use scratch orgs?

• Disposable, configurable, reproducible

• Great for packages, automation, CI

🔁 What is Source Tracking?

• Auto-tracks changes between local project and scratch org (and eligible sandboxes when enabled). Some metadata still requires manual tracking.

🧱 Sandboxes vs Scratch Orgs—quick rule?

• Scratch: short-lived, automated, feature/CI/package work.

• Sandbox: longer-lived, integration/testing/training with prod-like data.

🤝 When use Partner Developer Edition over Developer Edition?

• Need more API/storage/licenses for partner app builds or managed beta testing.

---

📦 Dev Models

🏢 When to prefer org-based development?

• Smaller/legacy teams

• Heavier use of sandboxes, more manual change tracking

📦 Why move to package-based development?

• Modularity & immutable versions

• Independent releases and rollbacks

• Strong CI/CD fit; declare dependencies across packages

🧷 What must be enabled to use packages?

• Dev Hub, Unlocked Packages, Second-Generation Managed Packages.

---

🧪 Apex Testing & Test Data

🔒 Why must tests create their own data?

• Ensures repeatability; no hidden dependency on org data.

• Avoid SeeAllData=true except rare cases.

🧰 Four ways to create test data?

• Brute force inserts

• @TestSetup method

• Test Data Factory

• CSV static resource (great for large volumes)

🟢 What are positive tests?

• Valid inputs → confirm expected outputs via asserts.

🔴 What are negative tests?

• Invalid/edge inputs → ensure graceful handling (exceptions captured and verified).

🔐 What are permission-based tests?

• Verify behavior under different users/permissions via System.runAs(); check CRUD/FLS/sharing.

🧪 How to isolate external dependencies?

• HttpCalloutMock, Test.setMock() for callouts

• StubProvider for class/method behavior

📦 When to use CSV static resource?

• Need large data volumes quickly for scale/perf tests.

🧱 What belongs in @TestSetup?

• Reusable baseline records shared by tests (reset each method).

---

✅ Quality: Standards, PRs, Reviews, Static Analysis

🧾 Why adopt coding standards?

• Consistency, maintainability, fewer bugs, faster onboarding.

🧱 What’s a good trigger framework?

• Single trigger per object, handler class, prevent recursion, bulk-safe, reusable, traceable (e.g., Kevin O’Hara’s pattern).

🔎 Which static analysis tools are common?

• PMD, Salesforce CLI Scanner, CodeScan, Clayton.

🔁 Where should static analysis run?

• In CI on every PR; block on critical findings.

🔐 What’s the top AppExchange security failure?

• Missing CRUD/FLS enforcement. Also handle OWASP threats (XSS, injection, etc.).

🧑‍⚖️ PR checklist essentials?

• Tests (positive/negative/permission)

• Static analysis passes

• CRUD/FLS & governor limits respected

• Standards/format/framework followed

• Tag/release notes ready

---

🧭 Scenario Quick Hits

🧵 Multiple teams, different timelines—branching?

• GitHub Flow (fast) or Gitflow (scheduled)

• Feature branches + PRs, protect main.

🚑 Need hotfixes during heavy dev?

• Gitflow with release and hotfix branches.

🧪 Tests broke after record type changes—fix?

• Update @TestSetup to query record type Ids dynamically, never hard-code.

📈 Volume jump (e.g., 150 → 300/hr)—what to do?

• Increase test data accordingly (factory/CSV)

• Add negative and permission test coverage.

🏗️ One org, independent releases for many teams?

• Move to package-based + scratch orgs; enable Dev Hub & 2GP.