It goes further than that, those were just examples. The principle of least knowledge, and the principle of least privilege, guide deployment to a process that does not include the source code on a production server. But like I said, there are ways for it to be a reasonable approach if properly justified

Then you’re checking in artifacts generated from source code (for this method that relies on git push to work).