thermiteau/mav-bp-cicd-azure
skills/mav-bp-cicd-azure/SKILL.md
Monitoring Azure DevOps pipelines after pushing. Covers checking pipeline status, diagnosing build/release failures, and respecting pipeline boundaries. Used as a dependency from workflow skills.
$ install --global
skillsauthnpx skillsauth add thermiteau/maverick mav-bp-cicd-azureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 2:27 AM163.0s1 file scanned
SKILL.md
- name:
- mav-bp-cicd-azure
- description:
- Monitoring Azure DevOps pipelines after pushing. Covers checking pipeline status, diagnosing build/release failures, and respecting pipeline boundaries. Used as a dependency from workflow skills.
CI Awareness — Azure DevOps
After pushing, monitor Azure DevOps pipelines and do not declare work complete until CI passes. This skill implements the platform-specific behaviours defined in the mav-bp-cicd skill.
Prerequisites
- Azure CLI (
az) installed and authenticated with the DevOps extension - Or direct API access via
curlwith an Azure DevOps personal access token
# Install Azure DevOps extension if needed
az extension add --name azure-devops
# Configure defaults
az devops configure --defaults organization=https://dev.azure.com/<org> project=<project>
Check CI Status
# List recent pipeline runs for the current branch
BRANCH=$(git branch --show-current)
az pipelines runs list --branch "refs/heads/$BRANCH" --top 1
# Show details of a specific run
az pipelines runs show --id <run-id>
# View build logs
az pipelines runs logs show --id <run-id>
# List pipeline runs with a specific status
az pipelines runs list --branch "refs/heads/$BRANCH" --status failed --top 5
Without Azure CLI
# Using Azure DevOps REST API directly
ORG="<org>"
PROJECT="<project>"
BRANCH=$(git branch --show-current)
# List builds for branch
curl -u ":$AZURE_DEVOPS_PAT" \
"https://dev.azure.com/$ORG/$PROJECT/_apis/build/builds?branchName=refs/heads/$BRANCH&\$top=1&api-version=7.0"
# Get build timeline (stages/jobs/tasks)
curl -u ":$AZURE_DEVOPS_PAT" \
"https://dev.azure.com/$ORG/$PROJECT/_apis/build/builds/<build-id>/timeline?api-version=7.0"
# Get build logs
curl -u ":$AZURE_DEVOPS_PAT" \
"https://dev.azure.com/$ORG/$PROJECT/_apis/build/builds/<build-id>/logs?api-version=7.0"
Process After Push
digraph ci {
"Push to remote" [shape=box];
"Check pipeline status" [shape=box];
"Pipeline passes?" [shape=diamond];
"Work complete" [shape=box];
"Read failed stage logs" [shape=box];
"Fix locally" [shape=box];
"Commit and push fix" [shape=box];
"Push to remote" -> "Check pipeline status";
"Check pipeline status" -> "Pipeline passes?";
"Pipeline passes?" -> "Work complete" [label="yes"];
"Pipeline passes?" -> "Read failed stage logs" [label="no"];
"Read failed stage logs" -> "Fix locally";
"Fix locally" -> "Commit and push fix";
"Commit and push fix" -> "Check pipeline status";
}
- After pushing, run
az pipelines runs listto check pipeline status - If pipeline passes — work is complete
- If pipeline fails:
- Identify the failed stage/job with
az pipelines runs show --id <run-id> - Read the logs with
az pipelines runs logs show --id <run-id> - Fix the issue locally
- Run local verification again (see mav-local-verification skill)
- Commit the fix and push
- Monitor the pipeline again
- Identify the failed stage/job with
- Do not declare work complete until the pipeline passes
Common CI Failures Not Caught Locally
| CI failure | Why it wasn't caught locally | Fix |
| --- | --- | --- |
| Agent pool mismatch | Pipeline requires specific agent | Check pool specification in pipeline YAML |
| Missing pipeline variable | Variable defined in pipeline settings | Check Pipeline > Variables in Azure DevOps UI |
| Service connection issue | Azure resource access differs | Check service connections and permissions |
| NuGet/npm feed auth | Private feed requires pipeline auth | Check feed permissions and pipeline identity |
| Template resolution | Extends templates not available locally | Check template repository references |
Azure DevOps Concepts
| Concept | Description | | ------- | ----------- | | Pipeline | CI/CD definition, either YAML or classic editor | | Stage | Major phase (Build, Test, Deploy) — stages run sequentially by default | | Job | Collection of steps that run on an agent — jobs within a stage can run in parallel | | Step/Task | Individual action (script, built-in task) | | Agent pool | Collection of machines that run pipeline jobs (Microsoft-hosted or self-hosted) | | Variable group | Shared set of variables linked to one or more pipelines | | Service connection | Authenticated link to external services (Azure, Docker Hub, etc.) | | Environment | Deployment target with approval gates and checks | | Artifact | Published output (build artifact, pipeline artifact) available to downstream stages |
Boundaries
Never Do Without Explicit Instruction
- Modify
azure-pipelines.ymlor pipeline template files - Add, remove, or change pipeline stages, jobs, or tasks
- Modify deployment configurations or environments
- Change pipeline variables or variable groups
- Disable or skip pipeline checks or approvals
- Trigger release pipelines or deployment stages
- Modify service connections or agent pool configurations
Always Do
- Monitor pipeline status after pushing
- Fix CI failures before declaring work complete
- Report CI failures clearly if you cannot fix them
Related Skills
thermiteau/skills/do-test
development
VerifiedTrustedCommunity
--- name: do-test description: Write or update tests for a code change. Operates in two modes: `unit` (module-scoped, fast, deterministic) and `integration` (crosses module / service / database boundaries). Intended to be invoked once per testable change from inside a do-issue-* or do-epic phase. Mode is required. argument-hint: mode: unit or integration user-invocable: true disable-model-invocation: false --- **Depends on:** mav-bp-unit-testing, mav-bp-integration-testing, mav-local-verificati
9SKILL.mdUpdated May 21, 2026
thermiteau/do-code
development
VerifiedTrustedCommunity
Implement a focused code change. Use this skill as the wrapper for any implementation work so the Maverick workflow report captures what was done and so the agent applies the project's coding standards before editing. Intended to be invoked once per task from inside a do-issue-* or do-epic phase, not standalone.
9SKILL.mdUpdated May 21, 2026
thermiteau/mav-stacked-prs
testing
VerifiedTrustedCommunity
How to stack a PR on top of an unmerged sibling branch, and how to retarget it to the repo's default branch once the sibling merges. Prevents orphan-merge incidents when a dependent story is ready before its parent.
9SKILL.mdUpdated Apr 28, 2026
thermiteau/mav-multi-instance-coordination
development
VerifiedTrustedCommunity
Claim, lease, heartbeat, and release protocols for when multiple Claude Code instances may act on the same issue or epic concurrently. GitHub labels and marker comments are the coordination surface; local state is a cache.
9SKILL.mdUpdated Apr 28, 2026