nanvix/ci-cd-pipeline
.github/skills/ci-cd-pipeline/SKILL.md
Guide for Nanvix CI and GitHub Actions workflow behavior, including local pipeline execution and matrix coverage. Use this when asked about CI checks, workflow failures, or release flow.
$ install --global
skillsauthnpx skillsauth add nanvix/nanvix ci-cd-pipelineInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 12:10 PM10.2s1 file scanned
SKILL.md
- name:
- ci-cd-pipeline
- description:
- Guide for Nanvix CI and GitHub Actions workflow behavior, including local pipeline execution and matrix coverage. Use this when asked about CI checks, workflow failures, or release flow.
CI/CD Pipeline
Use this skill when the user asks about the continuous integration and deployment pipeline, GitHub Actions workflows, or automated quality checks.
Running the Full Pipeline Locally
./scripts/pipeline.sh
The pipeline runs all quality checks and tests across the supported configuration matrix.
Pipeline Steps
The pipeline runs these steps in order:
- Spell Check — Checks spelling in source code.
- Format Check — Verifies code formatting.
- Lint Check — Runs Clippy and other linters.
- Verify — Runs Verus formal verification on annotated crates.
- Build — Compiles all targets.
- Test — Runs unit and system integration tests.
Configuration Matrix
Machine-Independent Steps
spellcheckandformatrun once (not per-machine).
Machine-Dependent Steps
scripts/pipeline.sh executes machine-dependent
steps for microvm and hyperlight.
| Machine | Build Types | Deployment Types |
|---------------|----------------|-------------------------------|
| microvm | debug, release | standalone, single, multi, l2 |
| hyperlight | debug, release | single, multi, l2 |
Build Parameter Mapping
| Deployment Type | DEPLOYMENT_MODE |
|-----------------|-------------------|
| standalone | standalone |
| single-process | single-process |
| multi-process | multi-process |
| l2 | l2 |
Individual Quality Checks
# Spell check.
./z build -- spellcheck
# Format check.
./z build -- format-check
# Lint check.
./z build -- lint-check
# Formal verification.
./z build -- verify
# Unit tests.
./z build -- run-unit-tests
GitHub Actions Workflows
Workflows are defined in .github/workflows/. They follow the same quality gates as the local
pipeline, but matrix coverage is split across multiple jobs (including dedicated L2 jobs) and run on
pull requests and pushes to dev.
Matrix coverage in GitHub Actions:
checks: format + spellcheck (single run).lint,verify,ci-build:microvmandhyperlightwithstandalone,single-process, andmulti-process.ci-test: same matrix, excludinghyperlight + standalone.ci-l2: separate L2 jobs formicrovmandhyperlight.
Note: The
ci-windowsworkflow validates Windows host builds (nanvixd, UserVM, source checks) and runs a smoke test using nanvixd in standalone interactive mode on WHP-enabled runners.
Release Process
# Create a release archive.
./z build -- release
# The archive name follows this pattern:
# nanvix-<ver>-<target>-<machine>-<deploy>-<mode>-<log>-<memory>mb.tar.bz2
Minor releases can be created with:
./scripts/create-minor-release.sh
Pipeline Output
The pipeline tracks and reports:
- Pass/fail/skip counts per step.
- Total elapsed time.
- Detailed error output for failed steps.
Related Skills
nanvix/user-app-development
development
VerifiedTrustedCommunity
Guide for developing, building, and running Nanvix user-space applications across supported runtimes and languages. Use this when asked about guest app implementation or execution.
221SKILL.mdUpdated Apr 7, 2026
nanvix/troubleshooting
development
VerifiedTrustedCommunity
Guide for diagnosing Nanvix build, runtime, and test failures, including cleanup and debugging workflows. Use this when asked to investigate errors or unstable behavior.
221SKILL.mdUpdated Apr 7, 2026
nanvix/test
testing
VerifiedTrustedCommunity
Guide for running Nanvix tests with z. Use this when asked to run unit tests, integration tests, or the full test suite.
221SKILL.mdUpdated Apr 7, 2026
nanvix/test-development
development
VerifiedTrustedCommunity
Guide for writing, running, and debugging Nanvix unit, integration, and system tests in Rust and C/C++. Use this when asked about test implementation or failures.
221SKILL.mdUpdated Apr 7, 2026