montimage/devops-pipeline
skills/devops-pipeline/SKILL.md
Implement pre-commit hooks and GitHub Actions for quality assurance. Use when asked to "setup CI/CD", "add pre-commit hooks", "create GitHub Actions", "setup quality gates", "automate testing", "add linting to CI", "setup code quality checks", "configure CI pipeline", "add automated checks", or any DevOps automation for code quality. Detects project type and configures appropriate tools. Trigger this skill whenever the user mentions CI, CD, pre-commit, GitHub Actions, linting automation, or quality gates — even if they don't use those exact terms.
$ install --global
skillsauthnpx skillsauth add montimage/skills devops-pipelineInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 13, 2026, 7:04 AM137.2s4 files scanned
SKILL.md
- name:
- devops-pipeline
- effort:
- medium
- description:
- Implement pre-commit hooks and GitHub Actions for quality assurance. Use when asked to "setup CI/CD", "add pre-commit hooks", "create GitHub Actions", "setup quality gates", "automate testing", "add linting to CI", "setup code quality checks", "configure CI pipeline", "add automated checks", or any DevOps automation for code quality. Detects project type and configures appropriate tools. Trigger this skill whenever the user mentions CI, CD, pre-commit, GitHub Actions, linting automation, or quality gates — even if they don't use those exact terms.
- version:
- 1.2.0
- creator:
- Montimage
DevOps Pipeline
Implement comprehensive DevOps quality gates adapted to project type.
Repo Sync Before Edits (mandatory)
Before making any changes, sync with the remote to avoid conflicts:
branch="$(git rev-parse --abbrev-ref HEAD)"
git fetch origin
git pull --rebase origin "$branch"
If the working tree is dirty, stash first, sync, then pop. If origin is missing or conflicts occur, stop and ask the user before continuing.
Workflow
0. Create Feature Branch
Before making any changes:
- Check the current branch — if already on a feature branch for this task, skip
- Check the repo for branch naming conventions (e.g.,
feat/,feature/, etc.) - Create and switch to a new branch following the repo's convention, or fallback to:
feat/devops-pipeline
1. Analyze Project
Detect project characteristics.
Use sub-agents for parallel discovery. Launch multiple Agent tool calls concurrently to keep the main context clean:
- Agent 1 — Stack detection: Scan for
package.json,pyproject.toml,Cargo.toml,go.mod,pom.xml,build.gradle,*.csprojand identify the primary language(s), frameworks (React, Next.js, Django, FastAPI, etc.), and build tools (npm, yarn, pnpm, pip, poetry, cargo, go, maven, gradle). Return a structured summary. - Agent 2 — Existing tooling inventory: Check for existing linter/formatter configs (
.eslintrc*,.prettierrc*,tsconfig.json,mypy.ini,setup.cfg,ruff.toml) and existing CI configs (.pre-commit-config.yaml,.github/workflows/*.yml). Return a checklist of what is present vs missing. - Agent 3 — Repository conventions: Inspect the repo for branch naming conventions, commit message style, and any existing contribution guidelines. Return the conventions found.
Collect the results from all three agents before proceeding.
2. Configure Pre-commit Hooks and GitHub Actions
Use sub-agents for parallel file creation. The pre-commit config and GitHub Actions workflow are independent of each other. Dispatch them concurrently using the Agent tool, then collect results:
-
Agent A — Pre-commit hooks: Install the pre-commit framework (
pip install pre-commitorbrew install pre-commit). Create.pre-commit-config.yamlbased on the detected stack from Step 1. Use references/precommit-configs.md for language-specific configurations. Install hooks withpre-commit install. Return the path of the created config file and a summary of hooks configured. -
Agent B — GitHub Actions workflow: Create
.github/workflows/ci.ymlmirroring the pre-commit checks. Use references/github-actions.md for workflow templates. Follow these key principles:- Mirror pre-commit checks for consistency
- Use caching for dependencies
- Run on push and pull_request
- Add matrix testing for multiple versions if needed
Return the path of the created workflow file and a summary of jobs configured.
Each agent should return the path(s) of files it created or updated.
3. Verify Pipeline
# Test pre-commit locally
pre-commit run --all-files
# Commit and push to trigger CI
git add .pre-commit-config.yaml .github/workflows/ci.yml
git commit -m "ci: add pre-commit hooks and GitHub Actions"
git push
Check GitHub Actions tab for workflow status.
Tool Selection by Language
| Language | Formatter | Linter | Security | Types | |----------|-----------|--------|----------|-------| | JS/TS | Prettier | ESLint | npm audit | TypeScript | | Python | Black/Ruff | Ruff | Bandit | mypy | | Go | gofmt | golangci-lint | gosec | built-in | | Rust | rustfmt | Clippy | cargo-audit | built-in | | Java | google-java-format | Checkstyle | SpotBugs | - |
Resources
- references/precommit-configs.md - Pre-commit configurations by language
- references/github-actions.md - GitHub Actions workflow templates
Related Skills
montimage/test-coverage
development
VerifiedTrustedCommunity
Expand unit test coverage by targeting untested branches and edge cases. Use when users ask to "increase test coverage", "add more tests", "expand unit tests", "cover edge cases", "improve test coverage", "find untested code", "what's not tested", "run coverage report", "write missing tests", or want to identify and fill gaps in existing test suites. Adapts to project's testing framework. Trigger this skill whenever the user mentions test gaps, untested code, coverage percentages, or wants to harden their test suite.
4SKILL.mdUpdated May 13, 2026
montimage/supply-chain-audit
development
VerifiedTrustedCommunity
Audit npm/pip/Docker/GitHub Actions for supply chain risks; apply cooldown, lockfile, ignore-scripts, SHA pinning, scanning after approval. Use for 'supply chain audit', 'harden dependencies'. Skip for runtime vulns, secret scanning, code review.
4SKILL.mdUpdated May 13, 2026
montimage/skill-auditor
development
VerifiedTrustedCommunity
Analyze agent skills for security risks, malicious patterns, and potential dangers before installation. Use when asked to "audit a skill", "check if a skill is safe", "analyze skill security", "review skill risk", "should I install this skill", "is this skill safe", "scan this skill", or when evaluating any skill directory for trust and safety. Also triggers when the user pastes a skill install command like "npx skills add https://github.com/org/repo --skill name". Produces a comprehensive security report with a clear install/reject verdict. Trigger this skill proactively whenever the user is about to install a third-party skill or mentions concerns about skill safety.
4SKILL.mdUpdated May 13, 2026
montimage/oss-ready
development
VerifiedTrustedCommunity
Add OSS-standard files (README, CONTRIBUTING, LICENSE, CODE_OF_CONDUCT, SECURITY, GitHub templates) and run an 8-section readiness audit. Use for 'make this open source', 'OSS readiness', 'public release'. Skip for marketing pages or closed code.
4SKILL.mdUpdated May 13, 2026