Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

adaptive-enforcement-lab/modular-release-pipelines

Name: modular-release-pipelines
Author: adaptive-enforcement-lab

plugins/build/skills/modular-release-pipelines/SKILL.md

npx skillsauth add adaptive-enforcement-lab/claude-skills modular-release-pipelines

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Modular Release Pipelines

When to Use This Skill

This guide covers implementing release automation with:

Release-please for version bumping and changelog generation
GitHub App authentication for proper workflow triggering
Change detection to skip unnecessary builds
Cascade rebuilds when shared dependencies change

flowchart LR
    subgraph release[Release Pipeline]
        Main[Push to Main] --> AppToken[GitHub App Token]
        AppToken --> RP[Release-Please]
        RP --> PR[Creates PR]
    end

    subgraph build[Build Pipeline]
        PR -->|pull_request event| DC[Detect Changes]
        DC --> Test[Test]
        Test --> Build[Build]
        Build --> Status[Build Status]
    end

    %% Ghostty Hardcore Theme
    style Main fill:#65d9ef,color:#1b1d1e
    style AppToken fill:#9e6ffe,color:#1b1d1e
    style RP fill:#9e6ffe,color:#1b1d1e
    style PR fill:#fd971e,color:#1b1d1e
    style DC fill:#fd971e,color:#1b1d1e
    style Test fill:#9e6ffe,color:#1b1d1e
    style Build fill:#a7e22e,color:#1b1d1e
    style Status fill:#5e7175,color:#f8f8f3

Prerequisites

Before implementing release pipelines, set up a GitHub App for your organization:

GitHub App Setup - Create and configure the App
Token Generation - Generate tokens in workflows

Implementation

Set up GitHub App for your organization
Configure release-please with App token
Set up change detection for your components
Handle protected branches if applicable

Examples

See examples.md for code examples.

Related Patterns

GitHub App Setup
Idempotency Patterns
Three-Stage Design

References

Source Documentation
AEL Build

adaptive-enforcement-lab/modular-release-pipelines

plugins/build/skills/modular-release-pipelines/SKILL.md

Automate version management and changelog generation with smart builds. Only build changed components using GitHub App tokens and release-please integration.

development

Updated Mar 27, 2026

$ install --global

skillsauth

npx skillsauth add adaptive-enforcement-lab/claude-skills modular-release-pipelines

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 29, 2026, 8:34 AM36.8s1 file scanned

SKILL.md

name:: modular-release-pipelines
description:: >-

Modular Release Pipelines

When to Use This Skill

This guide covers implementing release automation with:

Release-please for version bumping and changelog generation
GitHub App authentication for proper workflow triggering
Change detection to skip unnecessary builds
Cascade rebuilds when shared dependencies change

flowchart LR
    subgraph release[Release Pipeline]
        Main[Push to Main] --> AppToken[GitHub App Token]
        AppToken --> RP[Release-Please]
        RP --> PR[Creates PR]
    end

    subgraph build[Build Pipeline]
        PR -->|pull_request event| DC[Detect Changes]
        DC --> Test[Test]
        Test --> Build[Build]
        Build --> Status[Build Status]
    end

    %% Ghostty Hardcore Theme
    style Main fill:#65d9ef,color:#1b1d1e
    style AppToken fill:#9e6ffe,color:#1b1d1e
    style RP fill:#9e6ffe,color:#1b1d1e
    style PR fill:#fd971e,color:#1b1d1e
    style DC fill:#fd971e,color:#1b1d1e
    style Test fill:#9e6ffe,color:#1b1d1e
    style Build fill:#a7e22e,color:#1b1d1e
    style Status fill:#5e7175,color:#f8f8f3

Prerequisites

Before implementing release pipelines, set up a GitHub App for your organization:

GitHub App Setup - Create and configure the App
Token Generation - Generate tokens in workflows

Implementation

Set up GitHub App for your organization
Configure release-please with App token
Set up change detection for your components
Handle protected branches if applicable

Examples

See examples.md for code examples.

Related Patterns

GitHub App Setup
Idempotency Patterns
Three-Stage Design

References

Source Documentation
AEL Build

Related Skills

adaptive-enforcement-lab/workload-identity-federation-implementation

documentation

VerifiedTrustedCommunity

Workload Identity Federation implementation guide. GKE setup, IAM bindings, ServiceAccount configuration, migration from service account keys, and troubleshooting patterns.

SKILL.mdUpdated Mar 27, 2026

adaptive-enforcement-lab/workload-identity-federation-implementation

adaptive-enforcement-lab/workflow-trigger-security

development

VerifiedTrustedCommunity

Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.

SKILL.mdUpdated Mar 27, 2026

adaptive-enforcement-lab/workflow-trigger-security

adaptive-enforcement-lab/third-party-action-risk-assessment

development

VerifiedTrustedCommunity

Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.

SKILL.mdUpdated Mar 27, 2026

adaptive-enforcement-lab/third-party-action-risk-assessment

adaptive-enforcement-lab/storing-credentials

testing

VerifiedTrustedCommunity

Securely store GitHub App credentials across different environments. GitHub Actions secrets, external CI, Kubernetes, and automated rotation patterns.

SKILL.mdUpdated Mar 27, 2026

adaptive-enforcement-lab/storing-credentials

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/adaptive-enforcement-lab/claude-skills.git

# Copy into Claude Code skills folder (global)
cp -r claude-skills/plugins/build/skills/modular-release-pipelines ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

adaptive-enforcement-lab/claude-skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT