jacobpevans/orchestrate-infra
infra-orchestration/skills/orchestrate-infra/SKILL.md
Master orchestrator for cross-repo infrastructure with dependency graph dispatch
$ install --global
skillsauthnpx skillsauth add jacobpevans/claude-code-plugins orchestrate-infraInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 26, 2026, 7:45 AM20.0s1 file scanned
SKILL.md
- name:
- orchestrate-infra
- description:
- Master orchestrator for cross-repo infrastructure with dependency graph dispatch
Infrastructure Orchestrator
Master orchestrator for cross-repo infrastructure operations. Manages the dependency graph between Terraform and Ansible repositories and dispatches Task subagents for each phase.
Dependency Graph
terraform-proxmox
-> ansible-proxmox (host configuration)
-> ansible-proxmox-apps (application configuration)
-> ansible-splunk (Splunk Enterprise)
Terraform provisions infrastructure first. Ansible configures it in dependency order.
Supported Operations
plan-all
Run terragrunt plan in terraform-proxmox, then ansible-playbook --check across all Ansible repos in dependency order.
validate-all
Run terragrunt validate in terraform-proxmox, then ansible-playbook --syntax-check across all Ansible repos.
sync-inventory
Export Terraform outputs as Ansible inventory and distribute to all Ansible repos. See /infra-sync-inventory for details.
e2e-test
Full pipeline validation: validate, plan, export inventory, syntax-check, check, diff. See /infra-e2e-test for details.
Execution Pattern
- Resolve repo paths: locate each target repo locally
- Dispatch Terraform phase: Launch subagent for terraform-proxmox operations
- Await completion: Terraform must complete before Ansible phases
- Dispatch Ansible phases: Launch parallel subagents for independent Ansible repos (invoke
superpowers:dispatching-parallel-agents) - Collect results: Aggregate success/failure from all subagents
- Report: Summary with per-repo status
Secret Injection
All repos use Doppler for runtime secrets: doppler run -- <command>. Never hardcode credentials.
Error Handling
If any phase fails, report the failure and stop dependent phases. Independent repos continue in parallel.
Related Skills
- sync-inventory (infra-orchestration) — Export Terraform inventory and distribute to Ansible repositories
- test-e2e (infra-orchestration) — End-to-end infrastructure pipeline validation across Terraform and Ansible repos
- infrastructure-standards (infra-standards) — Use when working on infrastructure repos (terraform, ansible, kubernetes, proxmox, nix devShells)
Related Skills
jacobpevans/self-hosted-runners
documentation
VerifiedTrustedCommunity
Use when editing GitHub Actions workflow files (.github/workflows/*.yml) in JacobPEvans repos. Documents when to target self-hosted RunsOn runners vs GitHub-hosted runners, the v3 label catalog used across the org, the required github.run_id segment, and the GitHub App allowlist prereq.
2SKILL.mdUpdated May 16, 2026
jacobpevans/refresh-repo
testing
VerifiedTrustedCommunity
Check PR merge readiness, sync local repo, cleanup stale worktrees; optional cross-repo sweep and stale-branch prune modes
2SKILL.mdUpdated Apr 28, 2026
jacobpevans/rebase-pr
tools
VerifiedTrustedCommunity
Local rebase-merge workflow for pull requests with signed commits
2SKILL.mdUpdated Apr 28, 2026
jacobpevans/gh-cli-patterns
tools
VerifiedTrustedCommunity
Canonical reference for all gh CLI command shapes used by skills in this plugin. Defines the placeholder convention, allowed --json fields, GraphQL fallback rules, -f/-F/--raw-field flag semantics, the PR-readiness gate, code-scanning alert query, review-thread fetch/count/resolve mutations, and heredoc bodies. Prevents Unknown JSON field errors and divergent query shapes.
2SKILL.mdUpdated Apr 28, 2026