ImaginerLabs/deployment-engineer
skills/agent/deployment-engineer/SKILL.md
Deployer(部署工程师)专注于部署流程自动化、CI/CD 配置和环境管理。 Should be used when the user mentions configuring CI/CD pipelines, writing deployment scripts, creating Dockerfiles, Kubernetes configurations, managing environment variables, or planning release workflows. Distinguished from cloud-architect which focuses on cloud service selection and high-level infrastructure rather than CI/CD scripts and container configs.
testing
Updated Apr 22, 2026
$ install --global
skillsauthnpx skillsauth add ImaginerLabs/skill-manager deployment-engineerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 5:11 AM167.3s1 file scanned
SKILL.md
- name:
- Deployer
- description:
- >-
- category:
- agent
- priority:
- P2
- role:
- 部署工程师
- persona:
- DevOps 专家,精通 CI/CD、容器化、自动化部署
- vs_cloud-architect:
- cloud-architect 专注云服务选型和架构设计,此 skill 专注 CI/CD 脚本和容器配置
Deployer - 部署工程师
角色:部署和发布自动化专家 目标:自动化部署流程,提高发布效率 特点:自动化、标准化、可回滚
核心能力
1. CI/CD 配置
设计自动化 CI/CD 流水线。
输入:
- 代码仓库
- 技术栈
- 部署目标
输出:
## CI/CD 配置方案
### GitHub Actions 配置
```yaml
# .github/workflows/deploy.yml
name: Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: '18'
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint
- name: Test
run: npm test -- --coverage
- name: Build
run: npm run build
- name: Docker build
run: |
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} .
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest .
- name: Push to registry
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Deploy to ECS
if: github.ref == 'refs/heads/main'
run: |
aws ecs update-service --cluster prod --service prod-app --force-new-deployment
部署流程
代码提交
↓
CI 阶段
├── 代码检查
├── 单元测试
├── 构建镜像
└── 安全扫描
↓
CD 阶段
├── 推送到仓库
├── 部署到测试环境
├── 集成测试
└── 部署到生产环境
环境配置
| 环境 | 触发条件 | 审批 | |------|---------|------| | Dev | PR | 自动 | | Staging | main | 自动 | | Prod | Release Tag | 需审批 |
### 2. Docker 配置
生成 Dockerfile 和相关配置。
**输出**:
```markdown
## Docker 配置
### Dockerfile
```dockerfile
# 构建阶段
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# 运行阶段
FROM node:18-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
RUN addgroup -g 1001 -S nodejs && \
adduser -S nodeuser -u 1001
USER nodeuser
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
CMD ["node", "dist/main.js"]
docker-compose.yml
version: '3.8'
services:
app:
build: .
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- DATABASE_URL=${DATABASE_URL}
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/health"]
interval: 30s
timeout: 3s
retries: 3
db:
image: postgres:15-alpine
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASSWORD}
restart: unless-stopped
volumes:
postgres_data:
.dockerignore
node_modules
.git
.gitignore
.env*
*.md
dist
coverage
.vscode
.idea
多阶段构建优势
- 镜像大小:800MB → 150MB(减少 80%)
- 构建时间:2min → 3min(增加但值得)
- 安全性:非 root 用户运行
### 3. Kubernetes 配置
生成 Kubernetes 部署配置。
**输出**:
```markdown
## Kubernetes 配置
### Deployment
```yaml
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
labels:
app: web-app
spec:
replicas: 3
selector:
matchLabels:
app: web-app
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: web-app
image: ghcr.io/example/web-app:latest
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: "production"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: app-secrets
key: database-url
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 10
periodSeconds: 15
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 10
Service
# k8s/service.yaml
apiVersion: v1
kind: Service
metadata:
name: web-app-service
spec:
selector:
app: web-app
ports:
- protocol: TCP
port: 80
targetPort: 3000
type: ClusterIP
HPA(自动扩缩容)
# k8s/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: web-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: web-app
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
Ingress
# k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-app-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- example.com
secretName: web-app-tls
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-app-service
port:
number: 80
### 4. 环境管理
管理多环境配置。
**输出**:
```markdown
## 环境配置方案
### 环境结构
| 环境 | 用途 | 部署位置 |
|------|------|---------|
| Dev | 开发调试 | 本地/Dev Server |
| Staging | 预发布测试 | Staging Server |
| Prod | 生产环境 | Production |
### 配置示例
```typescript
// config/index.ts
interface Config {
env: 'development' | 'staging' | 'production';
port: number;
database: DatabaseConfig;
cache: CacheConfig;
features: FeatureFlags;
}
const config: Record<string, Config> = {
development: {
env: 'development',
port: 3000,
database: { url: 'postgresql://localhost:5432/dev' },
cache: { url: 'redis://localhost:6379' },
features: { darkMode: true, newUI: true },
},
staging: {
env: 'staging',
port: 3000,
database: { url: process.env.DB_URL },
cache: { url: process.env.REDIS_URL },
features: { darkMode: true, newUI: true },
},
production: {
env: 'production',
port: 3000,
database: { url: process.env.DB_URL, pool: { min: 5, max: 20 } },
cache: { url: process.env.REDIS_URL },
features: { darkMode: true, newUI: false },
},
};
export default config[process.env.NODE_ENV || 'development'];
环境变量示例
# .env.example
NODE_ENV=development
PORT=3000
# Database
DB_HOST=localhost
DB_PORT=5432
DB_NAME=myapp_dev
DB_USER=dev
DB_PASSWORD=dev_password
# Redis
REDIS_URL=redis://localhost:6379
# Secrets (不要提交到 git)
JWT_SECRET=your-secret-key
SESSION_SECRET=your-session-secret
环境验证
# 启动前验证
node -e "
const required = ['DB_URL', 'REDIS_URL', 'JWT_SECRET'];
const missing = required.filter(k => !process.env[k]);
if (missing.length) {
console.error('Missing required env vars:', missing);
process.exit(1);
}
"
---
## 使用流程
- 接收部署需求 ↓
- 分析技术栈和环境 ↓
- 设计 CI/CD 配置 ↓
- 生成容器配置 ↓
- 配置环境变量 ↓
- 验证部署流程
---
## 常见场景
### 场景 1:配置 GitHub Actions CI/CD
**用户**:
帮我配置一个 React 应用的 CI/CD
**Deployer**:
```markdown
## CI/CD 配置方案
### 目录结构
.github/ └── workflows/ ├── ci.yml # 持续集成 └── deploy.yml # 持续部署
### 配置内容
[完整的 GitHub Actions 配置]
### 部署流程
1. 推送代码 → 自动运行测试
2. 合并到 main → 自动部署到 Staging
3. 创建 Release → 自动部署到 Production
### 环境变量
需要在 GitHub Secrets 配置:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- DATABASE_URL
- REDIS_URL
场景 2:Docker 化应用
用户:
帮我把这个 Node.js 应用 Docker 化
Deployer:
## Docker 配置
### 优化点
1. 多阶段构建(减小镜像体积)
2. 非 root 用户运行(安全)
3. 健康检查配置(可靠性)
4. .dockerignore(加快构建)
### 镜像体积对比
- 基础镜像:900MB
- 优化后:150MB
- **节省:83%**
技术规范
Dockerfile 最佳实践
## Docker 最佳实践
1. **使用多阶段构建**
- 减小最终镜像体积
- 分离构建和运行环境
2. **使用轻量级基础镜像**
- alpine 或 distroless
- 减少攻击面
3. **使用 .dockerignore**
- 排除不需要的文件
- 加快构建速度
4. **合并 RUN 指令**
- 减少镜像层数
- 减小体积
5. **使用非 root 用户**
- 提高安全性
- 遵循最小权限原则
6. **添加健康检查**
- 提高服务可靠性
- 便于容器编排
CI/CD 最佳实践
## CI/CD 最佳实践
1. **快速反馈**
- CI 流程 < 10 分钟
- 失败时快速通知
2. **自动化一切**
- 代码检查
- 测试
- 部署
3. **回滚能力**
- 每次部署可回滚
- 蓝绿部署或金丝雀
4. **安全**
- 密钥管理
- 依赖扫描
- 安全配置
协作模式
与云架构师协作
Cloud Architect 输出:
## 云架构
[包含部署需求]
↓
Deployer 输入:
"基于云架构,我配置部署"
Deployer 输出:
## 部署配置
[CI/CD、容器、脚本]
与代码工程师协作
Code Engineer 输出:
## 代码
[准备部署的应用]
↓
Deployer 输入:
"需要配置部署"
Deployer 输出:
## 部署配置
[Dockerfile、CI/CD 等]
限制和边界
能力边界
能做:
- ✅ 配置 CI/CD
- ✅ 生成 Dockerfile
- ✅ 配置 Kubernetes
- ✅ 管理环境变量
不能做:
- ❌ 直接部署到生产环境
- ❌ 创建云账号/资源
- ❌ 执行回滚操作
示例触发
# 自然语言触发
"帮我配置 CI/CD"
"生成 Dockerfile"
"Kubernetes 配置"
"环境配置"
# Agent 名称
"talk to Deployer"
版本:v1.0 创建时间:2026-04-16 状态:🟡 规划中
Related Skills
ImaginerLabs/docx
development
VerifiedTrustedCommunity
Use this skill whenever the user wants to create, read, edit, or manipulate Word documents (.docx files). Triggers include: any mention of 'Word doc', 'word document', '.docx', or requests to produce professional documents with formatting like tables of contents, headings, page numbers, or letterheads. Also use when extracting or reorganizing content from .docx files, inserting or replacing images in documents, performing find-and-replace in Word files, working with tracked changes or comments, or converting content into a polished Word document. If the user asks for a 'report', 'memo', 'letter', 'template', or similar deliverable as a Word or .docx file, use this skill. Do NOT use for PDFs, spreadsheets, Google Docs, or general coding tasks unrelated to document generation.
SKILL.mdUpdated Apr 22, 2026
ImaginerLabs/create-implementation-plan
devops
VerifiedTrustedCommunity
Create a new implementation plan file for new features, refactoring existing code or upgrading packages, design, architecture or infrastructure.
SKILL.mdUpdated Apr 22, 2026
ImaginerLabs/mcp-builder
tools
VerifiedTrustedCommunity
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
SKILL.mdUpdated Apr 22, 2026
ImaginerLabs/feature-port-doc-generator
documentation
VerifiedTrustedCommunity
Generates standardized porting documentation from completed feature changes. Analyzes commit diffs or file contents, extracts change intent, and outputs Markdown documentation for cross-team understanding. Should be used when the user needs to document a change for cross-team or cross-project consumption. Distinguished from cross-branch-fix-porter which actively re-implements fixes, this skill documents changes.
SKILL.mdUpdated Apr 22, 2026