Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

ag0os/rails-devops-patterns

Name: rails-devops-patterns
Author: ag0os

skills/rails-devops-patterns/SKILL.md

npx skillsauth add ag0os/rails-dev-plugin rails-devops-patterns

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Rails DevOps Patterns

Analyze and recommend best practices for Rails deployment, containerization, CI/CD, monitoring, security, and production optimization.

Follow standard Docker, CI/CD, and Puma conventions. Focus on the opinionated Rails-specific patterns below.

See patterns.md for full configuration examples.

Quick Reference

| Area | Key Files | Tool/Service | |------|-----------|-------------| | Docker | Dockerfile, docker-compose.yml | Docker, BuildKit | | CI/CD | .github/workflows/ci.yml | GitHub Actions | | Server | config/puma.rb | Puma | | Security | config/initializers/rack_attack.rb | Rack::Attack | | Monitoring | config/environments/production.rb | Lograge, structured JSON | | Deploy | bin/deploy, config/deploy/ | Kamal, Capistrano |

Core Principles

Immutable deploys: Build once, deploy the same artifact everywhere
Non-root containers: Always run as a non-root USER in production
Health checks at /up: Load balancers and orchestrators need them
Structured JSON logging: Machine-parseable logs to STDOUT
Defense in depth: SSL + rate limiting + CSP headers + statement timeouts

Production Dockerfile (Alpine, Non-Root)

The key non-obvious elements: SECRET_KEY_BASE=precompile_placeholder for asset compilation, non-root user, and HEALTHCHECK directive.

# syntax=docker/dockerfile:1
FROM ruby:3.2-alpine AS base
RUN apk add --no-cache postgresql-dev tzdata gcompat
WORKDIR /app
ENV RAILS_ENV=production \
    BUNDLE_DEPLOYMENT=true \
    BUNDLE_WITHOUT="development:test"

FROM base AS build
RUN apk add --no-cache build-base git
COPY Gemfile Gemfile.lock ./
RUN bundle install --jobs 4 --retry 3
# Only install Node deps if package.json exists (skip for importmap apps)
COPY package.json* yarn.lock* ./
RUN if [ -f package.json ]; then apk add --no-cache nodejs yarn && yarn install --production --frozen-lockfile; fi
COPY . .
RUN SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile

FROM base AS runtime
COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build /app /app
RUN addgroup -S rails && adduser -S rails -G rails && \
    chown -R rails:rails /app
USER rails
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/up || exit 1
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

Health Check Endpoint

# config/routes.rb — minimal for load balancers
get "/up", to: proc { [200, {}, ["OK"]] }
# Detailed check (database, redis, migrations) — see patterns.md
get "/health", to: "health#show"

Structured JSON Logging

# config/environments/production.rb
config.logger = ActiveSupport::TaggedLogging.new(
  Logger.new(STDOUT).tap do |logger|
    logger.formatter = proc do |severity, time, _progname, msg|
      {
        severity: severity,
        time: time.iso8601(3),
        msg: msg,
        host: Socket.gethostname,
        pid: Process.pid,
        tid: Thread.current.object_id
      }.to_json + "\n"
    end
  end
)
config.log_tags = [:request_id]
config.log_level = ENV.fetch("LOG_LEVEL", "info").to_sym

SSL with Health Check Exclusion

# config/environments/production.rb
config.force_ssl = true
config.ssl_options = {
  hsts: { subdomains: true, preload: true, expires: 1.year },
  redirect: { exclude: ->(request) { request.path.start_with?("/health", "/up") } }
}

Production Environment Variables

RAILS_ENV=production
RAILS_LOG_TO_STDOUT=true
RAILS_SERVE_STATIC_FILES=true
SECRET_KEY_BASE=<generated>
DATABASE_URL=postgres://user:pass@host:5432/dbname
REDIS_URL=redis://host:6379/0
RAILS_MAX_THREADS=5
WEB_CONCURRENCY=2

Database Production Config

Key non-default settings: statement_timeout and lock_timeout prevent runaway queries.

production:
  adapter: postgresql
  url: <%= ENV["DATABASE_URL"] %>
  pool: <%= ENV.fetch("RAILS_MAX_THREADS", 5) %>
  variables:
    statement_timeout: "30s"
    lock_timeout: "10s"
  prepared_statements: true

Zero-Downtime Deployment

Use pumactl phased-restart for rolling restarts (workers restart one at a time)
Run db:migrate before restarting app servers
Ensure migrations are backward-compatible (add column, then backfill, then add constraint)
Health check endpoint lets load balancer drain connections

Anti-Patterns

| Bad | Good | Why | |-----|------|-----| | Secrets in ENV files committed to git | rails credentials:edit | Security | | latest Docker tag in production | Pinned image versions | Reproducibility | | No health check endpoint | GET /up returning 200 | Load balancer needs it | | Running as root in container | adduser + USER rails | Security | | Logging to files in containers | Log to STDOUT as JSON | Container best practice | | No statement_timeout | statement_timeout: '30s' | Prevent runaway queries |

Output Format

When reporting on DevOps configuration, use:

## DevOps Analysis: [area]

**Current State:**
- summary of what exists

**Issues:**
- [severity] description

**Recommendations:**
1. actionable recommendation with file path

ag0os/rails-devops-patterns

skills/rails-devops-patterns/SKILL.md

Analyzes Rails deployment, infrastructure, and production configuration for best practices. Use when setting up Docker, writing CI/CD pipelines, configuring Puma, adding monitoring or logging, hardening security (SSL, Rack::Attack, headers), optimizing database config, or reviewing production environment files. NOT for application business logic, model design, or test writing.

4 stars

development

Updated Mar 31, 2026

$ install --global

skillsauth

npx skillsauth add ag0os/rails-dev-plugin rails-devops-patterns

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 1, 2026, 10:13 AM58.0s2 files scanned

SKILL.md

name:: rails-devops-patterns
description:: Analyzes Rails deployment, infrastructure, and production configuration for best practices. Use when setting up Docker, writing CI/CD pipelines, configuring Puma, adding monitoring or logging, hardening security (SSL, Rack::Attack, headers), optimizing database config, or reviewing production environment files. NOT for application business logic, model design, or test writing.
allowed-tools:: Read, Grep, Glob

Rails DevOps Patterns

Analyze and recommend best practices for Rails deployment, containerization, CI/CD, monitoring, security, and production optimization.

Follow standard Docker, CI/CD, and Puma conventions. Focus on the opinionated Rails-specific patterns below.

See patterns.md for full configuration examples.

Quick Reference

Core Principles

Immutable deploys: Build once, deploy the same artifact everywhere
Non-root containers: Always run as a non-root USER in production
Health checks at /up: Load balancers and orchestrators need them
Structured JSON logging: Machine-parseable logs to STDOUT
Defense in depth: SSL + rate limiting + CSP headers + statement timeouts

Production Dockerfile (Alpine, Non-Root)

The key non-obvious elements: SECRET_KEY_BASE=precompile_placeholder for asset compilation, non-root user, and HEALTHCHECK directive.

# syntax=docker/dockerfile:1
FROM ruby:3.2-alpine AS base
RUN apk add --no-cache postgresql-dev tzdata gcompat
WORKDIR /app
ENV RAILS_ENV=production \
    BUNDLE_DEPLOYMENT=true \
    BUNDLE_WITHOUT="development:test"

FROM base AS build
RUN apk add --no-cache build-base git
COPY Gemfile Gemfile.lock ./
RUN bundle install --jobs 4 --retry 3
# Only install Node deps if package.json exists (skip for importmap apps)
COPY package.json* yarn.lock* ./
RUN if [ -f package.json ]; then apk add --no-cache nodejs yarn && yarn install --production --frozen-lockfile; fi
COPY . .
RUN SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile

FROM base AS runtime
COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build /app /app
RUN addgroup -S rails && adduser -S rails -G rails && \
    chown -R rails:rails /app
USER rails
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/up || exit 1
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

Health Check Endpoint

# config/routes.rb — minimal for load balancers
get "/up", to: proc { [200, {}, ["OK"]] }
# Detailed check (database, redis, migrations) — see patterns.md
get "/health", to: "health#show"

Structured JSON Logging

# config/environments/production.rb
config.logger = ActiveSupport::TaggedLogging.new(
  Logger.new(STDOUT).tap do |logger|
    logger.formatter = proc do |severity, time, _progname, msg|
      {
        severity: severity,
        time: time.iso8601(3),
        msg: msg,
        host: Socket.gethostname,
        pid: Process.pid,
        tid: Thread.current.object_id
      }.to_json + "\n"
    end
  end
)
config.log_tags = [:request_id]
config.log_level = ENV.fetch("LOG_LEVEL", "info").to_sym

SSL with Health Check Exclusion

# config/environments/production.rb
config.force_ssl = true
config.ssl_options = {
  hsts: { subdomains: true, preload: true, expires: 1.year },
  redirect: { exclude: ->(request) { request.path.start_with?("/health", "/up") } }
}

Production Environment Variables

RAILS_ENV=production
RAILS_LOG_TO_STDOUT=true
RAILS_SERVE_STATIC_FILES=true
SECRET_KEY_BASE=<generated>
DATABASE_URL=postgres://user:pass@host:5432/dbname
REDIS_URL=redis://host:6379/0
RAILS_MAX_THREADS=5
WEB_CONCURRENCY=2

Database Production Config

Key non-default settings: statement_timeout and lock_timeout prevent runaway queries.

production:
  adapter: postgresql
  url: <%= ENV["DATABASE_URL"] %>
  pool: <%= ENV.fetch("RAILS_MAX_THREADS", 5) %>
  variables:
    statement_timeout: "30s"
    lock_timeout: "10s"
  prepared_statements: true

Zero-Downtime Deployment

Use pumactl phased-restart for rolling restarts (workers restart one at a time)
Run db:migrate before restarting app servers
Ensure migrations are backward-compatible (add column, then backfill, then add constraint)
Health check endpoint lets load balancer drain connections

Anti-Patterns

Output Format

When reporting on DevOps configuration, use:

## DevOps Analysis: [area]

**Current State:**
- summary of what exists

**Issues:**
- [severity] description

**Recommendations:**
1. actionable recommendation with file path

Related Skills

ag0os/refactoring-guidance

development

VerifiedTrustedCommunity

WHAT: Language-agnostic corrective guidance for the refactoring phase. WHEN: Agent is restructuring code, fixing code smells, reducing complexity, or improving maintainability. NOT FOR: Writing new features, debugging runtime errors, performance tuning, or object design decisions.

4SKILL.mdUpdated May 22, 2026

ag0os/refactoring-guidance

ag0os/rails-views-patterns

tools

VerifiedTrustedCommunity

Analyzes Rails view templates, partials, layouts, helpers, and form patterns for best practices. Use when reviewing ERB templates, improving view performance with fragment caching, fixing form helpers, organizing partials, adding accessibility attributes, or evaluating collection rendering. NOT for Stimulus/Turbo logic (use hotwire-patterns), controller concerns, or API-only responses.

4SKILL.mdUpdated Mar 31, 2026

ag0os/rails-views-patterns

ag0os/rails-testing-patterns

testing

VerifiedTrustedCommunity

Analyzes Rails test suites and recommends testing best practices for RSpec and Minitest. Use when writing new tests, reviewing test coverage, fixing flaky tests, improving test performance, choosing between test types (unit, integration, system, request), or setting up factories and fixtures. NOT for production monitoring, deployment verification, or load/stress testing infrastructure.

4SKILL.mdUpdated Mar 31, 2026

ag0os/rails-testing-patterns

ag0os/rails-stack-profiles

development

VerifiedTrustedCommunity

Detects a Rails project's architecture axes — logic placement (native vs extracted) and delivery (html vs api) — so other skills load profile-appropriate guidance without inline conditionals. Use when planning architecture or when a recommendation depends on where business logic lives or whether the app renders HTML or serves JSON. NOT for test framework, job backend, cache store, or auth library choices — those are orthogonal facts detected by project-conventions.

4SKILL.mdUpdated Mar 31, 2026

ag0os/rails-stack-profiles

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/ag0os/rails-dev-plugin.git

# Copy into Claude Code skills folder (global)
cp -r rails-dev-plugin/skills/rails-devops-patterns ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

ag0os/rails-dev-plugin

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT