binhtranquoc/devops-cicd
cli/templates/skills/devops-cicd/SKILL.md
CI/CD pipeline best practices for GitHub Actions and GitLab CI. Use when setting up or modifying CI/CD pipelines.
development
Updated Apr 21, 2026
$ install --global
skillsauthnpx skillsauth add binhtranquoc/agent-kit-skill devops-cicdInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 3:29 AM54.9s1 file scanned
SKILL.md
- name:
- devops-cicd
- description:
- CI/CD pipeline best practices for GitHub Actions and GitLab CI. Use when setting up or modifying CI/CD pipelines.
DevOps CI/CD Standards
This skill provides CI/CD pipeline best practices.
When to Use
- Use this skill when creating GitHub Actions workflows
- Use this skill when setting up GitLab CI pipelines
- Use this skill when optimizing build/deploy processes
Instructions
1. Pipeline Stages
The pipeline must follow this strict order:
- Lint & Static Analysis: Fail fast if code style violates rules.
- Test: Run Unit Tests. (Block merge if failed).
- Build: Verify the application builds successfully.
- Deploy (CD): Only on
mainordevelopbranches.
2. GitHub Actions Example
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
env:
NODE_VERSION: '20'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run ESLint
run: npm run lint
- name: Run TypeScript check
run: npm run type-check
test:
name: Test
runs-on: ubuntu-latest
needs: lint
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm run test:ci
- name: Upload coverage
uses: codecov/codecov-action@v3
if: always()
build:
name: Build
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build
path: dist/
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main'
environment: production
steps:
- uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build
path: dist/
- name: Deploy to production
run: |
# Deploy commands here
echo "Deploying to production..."
3. Optimization
Caching
CACHE dependencies to speed up runs.
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm' # Automatically caches node_modules
Parallelism
Run unrelated jobs in parallel.
jobs:
lint-frontend:
runs-on: ubuntu-latest
# ...
lint-backend:
runs-on: ubuntu-latest
# ...
test:
needs: [lint-frontend, lint-backend] # Runs after both complete
# ...
4. Secrets Management
Rules
- NEVER print secrets/tokens in logs.
- Use the CI platform's Secret masking features.
- Least Privilege: CI tokens should only have required permissions.
# Good - Using secrets
- name: Deploy
env:
API_KEY: ${{ secrets.API_KEY }}
run: ./deploy.sh
# Bad - Printing secrets
- name: Debug
run: echo ${{ secrets.API_KEY }} # NEVER DO THIS
5. Branch Protection
# Only deploy from protected branches
deploy:
if: github.ref == 'refs/heads/main'
# Or use environment protection
deploy:
environment: production # Requires approval if configured
6. GitLab CI Example
# .gitlab-ci.yml
stages:
- lint
- test
- build
- deploy
variables:
NODE_VERSION: "20"
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
lint:
stage: lint
image: node:${NODE_VERSION}-alpine
script:
- npm ci
- npm run lint
- npm run type-check
test:
stage: test
image: node:${NODE_VERSION}-alpine
script:
- npm ci
- npm run test:ci
coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'
build:
stage: build
image: node:${NODE_VERSION}-alpine
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 week
deploy:
stage: deploy
image: node:${NODE_VERSION}-alpine
script:
- echo "Deploying..."
environment:
name: production
only:
- main
when: manual
7. Best Practices Checklist
- [ ] Lint runs before tests
- [ ] Tests run before build
- [ ] Build artifacts are cached/uploaded
- [ ] Secrets are never logged
- [ ] Dependencies are cached
- [ ] Deploy only from protected branches
- [ ] Environment approvals for production
Related Skills
binhtranquoc/role-reviewer
development
VerifiedTrustedCommunity
Activate Code Reviewer mode for code review and quality assurance. Use when reviewing code for bugs, security issues, or optimization opportunities.
SKILL.mdUpdated Apr 21, 2026
binhtranquoc/role-implementer
development
VerifiedTrustedCommunity
Default Implementer mode for writing production code. Use for general coding tasks following project conventions.
SKILL.mdUpdated Apr 21, 2026
binhtranquoc/role-debugger
development
VerifiedTrustedCommunity
Activate Debugger mode for systematic bug fixing. Use when debugging errors, investigating issues, or fixing bugs.
SKILL.mdUpdated Apr 21, 2026
binhtranquoc/role-architect
testing
VerifiedTrustedCommunity
Activate Architect mode for system design and architecture decisions. Use when planning features, designing systems, or making architectural choices.
SKILL.mdUpdated Apr 21, 2026