mikeparcewski/gitlab-ci
skills/platform/gitlab-ci/SKILL.md
Write secure, optimized GitLab CI/CD pipelines. Use when: "create CI/CD pipeline", "GitLab CI config", "fix pipeline", ".gitlab-ci.yml", "configure runners", "pipeline optimization"
$ install --global
skillsauthnpx skillsauth add mikeparcewski/wicked-garden gitlab-ciInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 5:51 AM251.0s3 files scanned
SKILL.md
- name:
- gitlab-ci
- description:
- |
- Use when:
- create CI/CD pipeline", "GitLab CI config", "fix pipeline",
- portability:
- portable
- phase_relevance:
- ["build", "review", "operate"]
- archetype_relevance:
- ["*"]
GitLab CI/CD Pipeline Writing
Write production-ready GitLab CI/CD pipelines with security and optimization built in.
When to Use
- Creating new CI/CD pipelines
- Optimizing slow or expensive pipelines
- Setting up multi-environment deployments
- Debugging pipeline failures
Core Structure
# .gitlab-ci.yml
stages: [build, test, deploy]
build:
stage: build
script: [npm ci, npm run build]
artifacts: { paths: [dist/] }
See refs/templates.md for full Node.js, Python, and other stack-specific templates.
GitLab vs GitHub Actions
| Concept | GitHub Actions | GitLab CI |
|---------|---------------|-----------|
| Config | .github/workflows/*.yml | .gitlab-ci.yml |
| Grouping | jobs: | stages: |
| Triggers | on: | rules: |
| Secrets | ${{ secrets.X }} | $VARIABLE |
| Artifacts | actions/upload-artifact | Built-in |
| Caching | actions/cache | Built-in |
Security
Protected Variables
deploy:
script:
- deploy --token $DEPLOY_TOKEN
# Set DEPLOY_TOKEN as protected in GitLab UI
Restrict Execution
deploy:
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual # Require approval
- when: never
Performance
Caching
default:
cache:
key:
files:
- package-lock.json
paths:
- node_modules/
DAG (Parallel Dependencies)
deploy:
needs:
- build-frontend
- build-backend
# Starts when both complete, skips waiting for whole stage
Path Filtering
build:
rules:
- changes:
- src/**/*
- package.json
Parallel Jobs
test:
parallel: 4
script:
- npm test -- --shard=$CI_NODE_INDEX/$CI_NODE_TOTAL
Common Patterns
Include Templates
include:
- local: .gitlab/ci/build.yml
- template: Security/SAST.gitlab-ci.yml
Services
test:
services:
- postgres:15
variables:
DATABASE_URL: postgresql://postgres@postgres/test
Multi-Environment
YAML anchor (&deploy) lets you share a deploy job and override environment: + rules: per target (staging on develop, production on main, both when: manual for approval gates).
References
refs/templates.md- Copy-paste templates for Node.js, Python, Docker, K8srefs/troubleshooting.md- Common errors and fixes
Related Skills
mikeparcewski/skills/engineering/large-scale-migration
development
VerifiedTrustedCommunity
--- name: large-scale-migration description: How to execute a LARGE MECHANICAL change across any codebase with LEVERAGE instead of an agent-grind or hand-edits — a cross-cutting migration, refactor, rename, dialect/framework/DB port, library adoption, or bulk transform. The map→transform→gate pattern: a deterministic transform driven by a source-of-truth map, proven by a differential-equivalence gate. Use when the work is "migrate all X to Y", "rename Z everywhere", "port to a new DB/dialect/fra
8SKILL.mdUpdated Jun 3, 2026
mikeparcewski/wicked-garden:classify
testing
VerifiedTrustedCommunity
v11 LLM-based work-shape classifier. Replaces the regex archetype detector with the model's own reasoning. Reads the user's prompt, picks the right archetype(s) from the catalog, identifies signals (blast_radius, novelty, reversibility, etc.), and persists to SessionState so subsequent turns steer correctly. Use when: the prompt_submit hook emitted a `<wg classify-due />` directive, OR explicitly invoked at session start, OR when re-classifying after the user changes scope mid-session.
8SKILL.mdUpdated May 26, 2026
mikeparcewski/wicked-garden:archetype
tools
VerifiedTrustedCommunity
v11 work-shape archetype runner. When a prompt has been routed to one of the 9 archetypes (triage, explore, specify, decide, ship, review, incident, build, migrate), this skill is the entry point. It picks the right per-archetype playbook from refs/ and executes the phase shape declared in `.claude-plugin/archetypes.json`. Use when: a `<wg archetype="X">` or `<wg archetypes>` system-reminder tag appears, an explicit "let's run the X archetype" request, or when one of the per-archetype slash commands resolves to this skill.
8SKILL.mdUpdated May 8, 2026
mikeparcewski/intent
development
VerifiedTrustedCommunity
Show or set the session intent variable. Intent gates how loud the framework is — simple-edit (silent), feature/research (synthesis directive), rigor (full crew context). Auto-detected on turn 1; this skill overrides explicitly. Sticky for the session. Use when: "set intent", "intent override", "/wicked-garden:intent", "make the framework quiet", "force rigor", "what's my intent".
8SKILL.mdUpdated May 6, 2026