bigeasyfreeman/skills/ci-cd-pipeline
skills/ci-cd-pipeline/SKILL.md
# Skill: CI/CD Pipeline Generation > Generates or updates GitHub Actions workflows and Argo CD configurations from Build Brief infrastructure tasks. Ensures new features have proper build, test, and deploy pipelines before coding begins. --- ## Trigger Activated after work-item artifacts are created. Consumes Section 8 (Infra tasks) and Section 6 (SLOs) from the brief. ## Input Contract ```json { "build_brief_id": "string", "repo_url": "string", "branch_strategy": "trunk | gitflow |
development
Updated Apr 22, 2026
$ install --global
skillsauthnpx skillsauth add bigeasyfreeman/adlc skills/ci-cd-pipelineInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 1:18 PM152.9s1 file scanned
SKILL.md
Skill: CI/CD Pipeline Generation
Generates or updates GitHub Actions workflows and Argo CD configurations from Build Brief infrastructure tasks. Ensures new features have proper build, test, and deploy pipelines before coding begins.
Trigger
Activated after work-item artifacts are created. Consumes Section 8 (Infra tasks) and Section 6 (SLOs) from the brief.
Input Contract
{
"build_brief_id": "string",
"repo_url": "string",
"branch_strategy": "trunk | gitflow | feature_branch",
"infra_tasks": [
{
"task_id": "string",
"task_description": "string",
"acceptance_criteria": ["string"],
"service_name": "string",
"deployment_target": "kubernetes | lambda | ecs | static"
}
],
"slo_targets": {
"availability": "string",
"latency_p99": "string",
"error_rate": "string"
},
"environments": ["dev", "staging", "production"],
"existing_pipelines": "auto-detect | path/to/workflows"
}
Output Contract
{
"github_actions": [
{
"file_path": ".github/workflows/feature-name-ci.yml",
"content": "string (YAML)",
"type": "ci | cd | scheduled | manual"
}
],
"argo_configs": [
{
"file_path": "argo/applications/feature-name.yml",
"content": "string (YAML)",
"type": "application | rollout | analysis_template"
}
],
"summary": "string"
}
Behavior
1. Detect Existing Pipeline Patterns
Before generating anything, analyze the repo:
# Find existing GHA workflows
find .github/workflows -name "*.yml" -o -name "*.yaml" 2>/dev/null
# Find Argo configs
find . -path "*/argo/*" -name "*.yml" -o -path "*/argocd/*" -name "*.yaml" 2>/dev/null
# Find Dockerfile and build configs
find . -name "Dockerfile*" -o -name "docker-compose*" -o -name "Makefile"
# Find Helm charts
find . -path "*/charts/*" -o -path "*/helm/*" -name "*.yaml"
# Find existing test commands
grep -r "test" package.json Makefile pyproject.toml build.sbt 2>/dev/null | head -10
2. Generate GitHub Actions Workflows
CI Workflow (always generated)
Must include:
- Trigger on PR to target branch
- Checkout + dependency install
- Lint (using repo's existing linter config)
- Type check (if applicable)
- Unit tests
- Integration tests (if test fixtures were generated by QA skill)
- Build artifact
- Security scan (if
snyk,trivy, or similar found in repo)
CD Workflow (if deployment target specified)
Must include:
- Trigger on merge to main/release branch
- Build + push container image (if Dockerfile exists)
- Environment-specific deployment steps
- Smoke test post-deploy
- Rollback trigger (manual or automatic based on SLO targets)
Workflow rules:
- Reuse existing workflow patterns from the repo (don't invent new conventions)
- Use existing secret names found in other workflows
- Match existing runner labels (
runs-on) - Follow existing naming conventions for workflow files
- Include
concurrencygroups to prevent duplicate runs
3. Generate Argo CD Configs
Application manifest (if Argo detected in repo)
- Reference existing Argo project and destination cluster
- Match existing sync policy patterns
- Include health checks aligned with SLO targets
- Configure automated sync for non-production, manual for production
Argo Rollout (if progressive delivery needed)
- Canary or blue-green based on existing patterns in repo
- Analysis template that checks SLO metrics
- Automatic rollback if error budget burns during rollout
- Match existing rollout configurations
4. Generate Rollback Configuration
Based on Section 4 (Risk) of the brief:
- If rollback is feature flag: generate flag toggle in deploy pipeline
- If rollback is revert: generate revert workflow
- If rollback is migration: generate migration rollback step
- If rollback is non-trivial: generate manual rollback runbook trigger
5. Wire SLO Checks into Pipeline
From Section 6 (SLOs):
- Add post-deploy verification step that checks baseline metrics
- If Argo: create AnalysisTemplate that queries metrics backend
- Add alerting webhook on deploy failure
- Include error budget check before allowing production deploy
MCP Server Contract
Tool: generate_pipeline
{
"name": "generate_pipeline",
"description": "Generate CI/CD pipeline configs from Build Brief infra tasks",
"inputSchema": {
"type": "object",
"properties": {
"build_brief_section": {
"type": "string",
"description": "Infra section (Section 8) + SLO section (Section 6) as markdown"
},
"repo_path": {
"type": "string",
"description": "Path to the repository root"
},
"output_directory": {
"type": "string",
"description": "Where to write generated pipeline files (default: repo root)"
},
"dry_run": {
"type": "boolean",
"default": true,
"description": "If true, output configs without writing files"
}
},
"required": ["build_brief_section", "repo_path"]
}
}
Tool: validate_pipeline
{
"name": "validate_pipeline",
"description": "Validate generated pipeline configs against repo conventions and syntax",
"inputSchema": {
"type": "object",
"properties": {
"pipeline_path": {
"type": "string",
"description": "Path to generated pipeline file"
},
"repo_path": {
"type": "string",
"description": "Path to repository root for context"
}
},
"required": ["pipeline_path", "repo_path"]
}
}
CLI Interface
# Generate pipelines from build brief
adlc-pipeline generate --brief ./build-brief.md --repo ./my-repo --dry-run
# Apply generated pipelines to repo
adlc-pipeline apply --brief ./build-brief.md --repo ./my-repo
# Validate existing pipeline against brief SLOs
adlc-pipeline validate --pipeline .github/workflows/ci.yml --repo ./my-repo
Quality Gates
- [ ] CI workflow triggers on correct branches
- [ ] All test steps match commands found in repo
- [ ] Existing secrets and runner labels are reused
- [ ] Rollback mechanism matches the brief's rollback plan
- [ ] SLO checks are wired into post-deploy verification
- [ ] Production deploys require manual approval (human gate)
- [ ] Workflow YAML passes
actionlintor equivalent - [ ] Argo configs pass
argocd app diff --localvalidation
Framework Hardening Addendum
- Contract versioning: Pipeline generation contracts include
contract_versionand compatibility checks. - Schema validation: Validate Build Brief infra tasks and rollback settings against contract schemas before generating configs.
- Idempotency: Pipeline/scaffold generation must use idempotency keys and dedupe by target file/path so retries are safe.
- Stop reasons: Emit structured reasons for terminal failures (e.g.,
missing_target_repo,invalid_rollout_strategy,permission_denied).
Related Skills
bigeasyfreeman/build-feature
development
VerifiedTrustedCommunity
Orchestration skill: chains the full ADLC Build Loop. PRD → Brief → Council → Scaffold → Codegen → LDD → TDD → Council → PR. Use when implementing a new feature end-to-end.
1SKILL.mdUpdated Apr 22, 2026
bigeasyfreeman/skills/helm-argocd-deployment
development
VerifiedTrustedCommunity
# Skill: Helm & ArgoCD Deployment > Validates Helm charts and generates ArgoCD Application manifests when the ADLC pipeline produces infrastructure or service code. Ensures every deployable artifact has correct chart structure, environment-specific values, and a GitOps-ready Application manifest before code review. --- ## Why This Exists Without deployment validation in the pipeline, common failures slip through to production: - **Helm charts fail `helm template`** because of missing values,
SKILL.mdUpdated May 5, 2026
bigeasyfreeman/verifier-semantic-judge
testing
VerifiedTrustedCommunity
Decide whether an intersecting verifier actually exercises the semantic change.
SKILL.mdUpdated Apr 23, 2026
bigeasyfreeman/skills/ux-flow-builder
development
VerifiedTrustedCommunity
# Skill: UX Flow Builder > Generates user flow diagrams (Mermaid) from PRD personas and screen specifications. Surfaces dead ends, missing screens, and disconnected flows before design or engineering starts. Helps PMs think in screens, not features. --- ## Trigger - Automatically during PRD Phase 4 (Personas & Flows) to visualize the user journey - On-demand when the PM says "show me the flow" or "map the user journey" - During PRD evaluation to verify screen connectivity --- ## Input ```
SKILL.mdUpdated Apr 23, 2026