thesaifalitai/devops-cicd
skills/devops-cicd/SKILL.md
Expert DevOps, CI/CD, Docker, and cloud infrastructure skill. ALWAYS trigger for ANY task involving Docker, Docker Compose, Kubernetes, AWS (Lambda, EC2, S3, ECS, RDS, CloudFront), Nginx config, GitHub Actions, CI/CD pipelines, deployment automation, environment variables, secrets management, SSL/TLS, load balancing, auto-scaling, monitoring (CloudWatch, Datadog), logging (ELK stack), Firebase hosting, Vercel/Netlify deployment, CDN setup, database migrations in production, blue-green deployments, or infrastructure as code (Terraform/CDK). Also triggers for: "deploy my app", "set up Docker", "containerize", "production setup", "CI/CD pipeline", "GitHub Actions workflow", "AWS setup", "scale my app".
$ install --global
skillsauthnpx skillsauth add thesaifalitai/claude-setup devops-cicdInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 9:37 PM17.7s1 file scanned
SKILL.md
- name:
- devops-cicd
- description:
- >
- Also triggers for:
- deploy my app", "set up Docker", "containerize", "production setup",
DevOps & CI/CD Expert
You are a senior DevOps engineer specializing in containerization, cloud infrastructure, GitHub Actions CI/CD, and production deployments. You build reliable, scalable pipelines.
Docker Patterns
# Dockerfile (multi-stage Node.js)
FROM node:20-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
COPY --from=builder /app/dist ./dist
COPY --from=deps /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json
USER nextjs
EXPOSE 3000
CMD ["node", "dist/main.js"]
# docker-compose.yml (development)
version: '3.9'
services:
api:
build: { context: ., target: builder }
command: npm run start:dev
volumes:
- .:/app
- /app/node_modules
ports: ['3000:3000']
environment:
- DATABASE_URL=postgresql://postgres:secret@db:5432/myapp
- REDIS_URL=redis://cache:6379
depends_on:
db: { condition: service_healthy }
cache: { condition: service_started }
db:
image: postgres:16-alpine
environment:
POSTGRES_DB: myapp
POSTGRES_USER: postgres
POSTGRES_PASSWORD: secret
volumes: ['pgdata:/var/lib/postgresql/data']
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U postgres']
interval: 5s
timeout: 5s
retries: 5
cache:
image: redis:7-alpine
command: redis-server --appendonly yes
volumes: ['redisdata:/data']
volumes:
pgdata:
redisdata:
GitHub Actions Workflows
# .github/workflows/deploy.yml
name: Build, Test & Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_PASSWORD: test
POSTGRES_DB: testdb
ports: ['5432:5432']
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 20, cache: npm }
- run: npm ci
- run: npm run lint
- run: npm run test:ci
env:
DATABASE_URL: postgresql://postgres:test@localhost:5432/testdb
build-and-push:
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
needs: build-and-push
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy to EC2
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.EC2_HOST }}
username: ubuntu
key: ${{ secrets.EC2_KEY }}
script: |
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
docker stop api || true
docker rm api || true
docker run -d --name api \
--restart unless-stopped \
-p 3000:3000 \
--env-file /etc/myapp/.env \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
Nginx Configuration
# /etc/nginx/sites-available/myapp
server {
listen 80;
server_name myapp.com www.myapp.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name myapp.com www.myapp.com;
ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
# Security headers
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Gzip
gzip on;
gzip_types text/plain application/json application/javascript text/css;
# API
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 90;
}
# Next.js
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
}
}
AWS Lambda (Serverless)
// handler.ts
import { APIGatewayProxyHandler } from 'aws-lambda';
import serverlessExpress from '@vendia/serverless-express';
import { app } from './app';
const serverlessApp = serverlessExpress({ app });
export const handler: APIGatewayProxyHandler = async (event, context) => {
context.callbackWaitsForEmptyEventLoop = false;
return serverlessApp(event, context);
};
# serverless.yml
service: my-api
frameworkVersion: '3'
provider:
name: aws
runtime: nodejs20.x
region: us-east-1
memorySize: 512
timeout: 30
environment:
DATABASE_URL: ${ssm:/myapp/DATABASE_URL}
JWT_SECRET: ${ssm:/myapp/JWT_SECRET}
functions:
api:
handler: dist/handler.handler
events:
- httpApi: 'ANY /{proxy+}'
plugins:
- serverless-plugin-optimize
- serverless-offline
Environment Management
# .env.example (commit this, NOT .env)
NODE_ENV=development
PORT=3000
DATABASE_URL=postgresql://user:password@localhost:5432/mydb
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-jwt-secret-change-in-production
JWT_EXPIRES_IN=15m
AWS_REGION=us-east-1
AWS_S3_BUCKET=my-bucket
# Production: use AWS SSM, Doppler, or GitHub Secrets
aws ssm put-parameter --name /myapp/JWT_SECRET --value "secret" --type SecureString
# Load from SSM in startup
aws ssm get-parameters-by-path --path /myapp --with-decryption
Zero-Downtime Deployment
#!/bin/bash
# deploy.sh - Blue/Green with Docker
set -e
IMAGE="ghcr.io/myorg/myapp:${1:-latest}"
CURRENT=$(docker ps --filter name=app-blue -q)
if [ -n "$CURRENT" ]; then
NEW_NAME="app-green"
OLD_NAME="app-blue"
else
NEW_NAME="app-blue"
OLD_NAME="app-green"
fi
echo "Starting $NEW_NAME..."
docker pull $IMAGE
docker run -d --name $NEW_NAME --restart unless-stopped \
-p 3001:3000 --env-file /etc/.env $IMAGE
# Health check
sleep 10
if curl -sf http://localhost:3001/health; then
echo "✅ Health check passed. Switching traffic..."
# Update nginx upstream
sed -i "s/$OLD_NAME/$NEW_NAME/" /etc/nginx/conf.d/upstream.conf
nginx -s reload
sleep 5
docker stop $OLD_NAME 2>/dev/null || true
docker rm $OLD_NAME 2>/dev/null || true
echo "✅ Deployment complete"
else
echo "❌ Health check failed. Rolling back..."
docker stop $NEW_NAME && docker rm $NEW_NAME
exit 1
fi
Monitoring Setup
// health endpoint
@Get('/health')
healthCheck() {
return {
status: 'ok',
timestamp: new Date().toISOString(),
uptime: process.uptime(),
version: process.env.npm_package_version,
};
}
// Structured logging (Winston)
const logger = winston.createLogger({
level: process.env.LOG_LEVEL ?? 'info',
format: winston.format.combine(
winston.format.timestamp(),
winston.format.errors({ stack: true }),
process.env.NODE_ENV === 'production'
? winston.format.json()
: winston.format.colorize({ all: true })
),
transports: [new winston.transports.Console()],
});
Production Checklist
- [ ] Environment variables in secrets manager (not
.envfiles in server) - [ ] SSL certificate via Let's Encrypt (auto-renew with certbot)
- [ ] Docker images in private registry
- [ ] Health check endpoint (
/health) - [ ] Readiness/liveness probes (Kubernetes)
- [ ] Centralized logging (CloudWatch, Papertrail, or ELK)
- [ ] Error monitoring (Sentry)
- [ ] Uptime monitoring (BetterUptime, Checkly)
- [ ] Database connection pooling (PgBouncer)
- [ ] Rate limiting at Nginx/API level
- [ ] Automated DB backups
- [ ] Rollback strategy tested
Related Skills
thesaifalitai/vue-expert
development
VerifiedTrustedCommunity
Use when building Vue 3 applications with Composition API, Nuxt 3, or Quasar. Invoke for Pinia, TypeScript, PWA, Capacitor mobile apps, Vite configuration.
5SKILL.mdUpdated Apr 16, 2026
thesaifalitai/upwork-freelancer
tools
VerifiedTrustedCommunity
Expert Upwork freelancer skill for writing winning proposals, client communication, and project management. ALWAYS trigger for ANY task involving Upwork job proposals, bid writing, client messages, project scoping, milestone planning, contract setup, client onboarding, status updates, project handoffs, portfolio descriptions, rate negotiation, handling difficult clients, raising rates, dispute resolution, or review requests. Also triggers for: "write a proposal", "reply to client", "Upwork bid", "freelance proposal", "client message", "project quote", "scope of work", "follow up with client", "client is ghosting", "request review", "upwork job".
5SKILL.mdUpdated Apr 16, 2026
thesaifalitai/uiux-design
development
VerifiedTrustedCommunity
UI component code implementation specialist. Trigger when WRITING or FIXING UI code — Tailwind CSS utilities, shadcn/ui components, Radix UI primitives, CVA component variants, Framer Motion animations, CSS variables for dark mode, WCAG accessibility code (ARIA labels, focus management, keyboard navigation), responsive layouts, skeleton loaders, empty states, Storybook stories, Figma-to-code. Also triggers for: fix this component, add dark mode, make this accessible, write a Button component, style this form, add animations, fix layout shift. For design PLANNING (choosing colors, styles, font pairings for a new project) use ui-ux-pro-max instead.
5SKILL.mdUpdated Apr 16, 2026
thesaifalitai/ui-ux-pro-max
development
VerifiedTrustedCommunity
Design PLANNING and DISCOVERY specialist — use before writing any code. Invoke when CHOOSING a design direction: pick a visual style (glassmorphism, brutalism, minimalism, claymorphism, neumorphism, bento grid, skeuomorphism), generate a color palette, select font pairings, plan a design system, choose chart styles, or define the look-and-feel for a new project. Triggers: 'what style should I use', 'suggest a color palette', 'recommend fonts for my app', 'design system for a SaaS', 'what UI style fits a fintech app', 'generate a design brief', 'choose between dark/light theme', 'plan the visual identity'. Covers 50 styles, 97 palettes, 57 font pairings across React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui stacks. For WRITING or FIXING actual UI code (components, Tailwind classes, animations) use uiux-design instead.
5SKILL.mdUpdated Apr 16, 2026