Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

vibeeval/ci-pipeline-patterns

Name: ci-pipeline-patterns
Author: vibeeval

skills/ci-pipeline-patterns/SKILL.md

npx skillsauth add vibeeval/vibecosystem ci-pipeline-patterns

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

CI Pipeline Patterns

GitHub Actions Workflow Template

name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  lint-and-type:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }
      - run: npm ci
      - run: npm run lint
      - run: npm run type-check

  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        shard: [1, 2, 3, 4]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }
      - run: npm ci
      - run: npm test -- --shard=${{ matrix.shard }}/4

  build:
    needs: [lint-and-type, test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }
      - run: npm ci
      - run: npm run build
      - uses: actions/upload-artifact@v4
        with: { name: build, path: dist/ }

Caching Strategies

# npm cache
- uses: actions/cache@v4
  with:
    path: ~/.npm
    key: npm-${{ hashFiles('**/package-lock.json') }}

# Docker layer cache
- uses: docker/build-push-action@v5
  with:
    cache-from: type=gha
    cache-to: type=gha,mode=max

# Turborepo remote cache
- run: npx turbo build --cache-dir=.turbo

Monorepo CI (Affected Only)

# Nx affected
- run: npx nx affected --target=test --base=origin/main

# Turborepo
- run: npx turbo run test --filter=...[origin/main]

# Manual path filter
- uses: dorny/paths-filter@v3
  id: changes
  with:
    filters: |
      api: ['packages/api/**']
      web: ['packages/web/**']

Pipeline Security

# Secret scanning
- uses: trufflesecurity/trufflehog@main
  with: { extra_args: --only-verified }

# Dependency audit
- run: npm audit --audit-level=high

# SAST
- uses: github/codeql-action/analyze@v3

Checklist

[ ] Concurrency: cancel-in-progress aktif
[ ] Cache: npm/pip/go module cache
[ ] Paralel: test shard veya matrix
[ ] Security: secret scan + dependency audit
[ ] Artifact: build output upload
[ ] Branch protection: require status checks
[ ] Monorepo: affected-only strategy
[ ] Timeout: job timeout belirlenmiş

Anti-Patterns

Cache key'de sabit string (hash kullan)
Her push'ta tüm testler (affected-only)
Secret'ı log'a yazdırma (mask)
Single job tüm adımlar (paralelize et)
Manual deploy (CD otomatik olmalı)

vibeeval/ci-pipeline-patterns

skills/ci-pipeline-patterns/SKILL.md

GitHub Actions workflow templates, matrix builds, caching, and monorepo CI strategies

465 stars

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add vibeeval/vibecosystem ci-pipeline-patterns

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 1:48 AM10.9s1 file scanned

SKILL.md

name:: ci-pipeline-patterns
description:: GitHub Actions workflow templates, matrix builds, caching, and monorepo CI strategies

CI Pipeline Patterns

GitHub Actions Workflow Template

name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  lint-and-type:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }
      - run: npm ci
      - run: npm run lint
      - run: npm run type-check

  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        shard: [1, 2, 3, 4]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }
      - run: npm ci
      - run: npm test -- --shard=${{ matrix.shard }}/4

  build:
    needs: [lint-and-type, test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }
      - run: npm ci
      - run: npm run build
      - uses: actions/upload-artifact@v4
        with: { name: build, path: dist/ }

Caching Strategies

# npm cache
- uses: actions/cache@v4
  with:
    path: ~/.npm
    key: npm-${{ hashFiles('**/package-lock.json') }}

# Docker layer cache
- uses: docker/build-push-action@v5
  with:
    cache-from: type=gha
    cache-to: type=gha,mode=max

# Turborepo remote cache
- run: npx turbo build --cache-dir=.turbo

Monorepo CI (Affected Only)

# Nx affected
- run: npx nx affected --target=test --base=origin/main

# Turborepo
- run: npx turbo run test --filter=...[origin/main]

# Manual path filter
- uses: dorny/paths-filter@v3
  id: changes
  with:
    filters: |
      api: ['packages/api/**']
      web: ['packages/web/**']

Pipeline Security

# Secret scanning
- uses: trufflesecurity/trufflehog@main
  with: { extra_args: --only-verified }

# Dependency audit
- run: npm audit --audit-level=high

# SAST
- uses: github/codeql-action/analyze@v3

Checklist

[ ] Concurrency: cancel-in-progress aktif
[ ] Cache: npm/pip/go module cache
[ ] Paralel: test shard veya matrix
[ ] Security: secret scan + dependency audit
[ ] Artifact: build output upload
[ ] Branch protection: require status checks
[ ] Monorepo: affected-only strategy
[ ] Timeout: job timeout belirlenmiş

Anti-Patterns

Cache key'de sabit string (hash kullan)
Her push'ta tüm testler (affected-only)
Secret'ı log'a yazdırma (mask)
Single job tüm adımlar (paralelize et)
Manual deploy (CD otomatik olmalı)

Related Skills

vibeeval/workflow-router

development

VerifiedTrustedCommunity

Goal-based workflow orchestration - routes tasks to specialist agents based on user goals

500SKILL.mdUpdated Jun 11, 2026

vibeeval/workflow-router

vibeeval/wiring

tools

VerifiedTrustedCommunity

Wiring Verification

500SKILL.mdUpdated Jun 11, 2026

vibeeval/websocket-patterns

development

VerifiedTrustedCommunity

Connection management, room patterns, reconnection strategies, message buffering, and binary protocol design.

500SKILL.mdUpdated Jun 11, 2026

vibeeval/websocket-patterns

vibeeval/vp-engineering

testing

VerifiedTrustedCommunity

VP Engineering perspective - org design (team topologies), process improvement, cross-team dependencies, engineering culture, OKRs, incident management maturity, platform strategy, DX optimization, release management at scale

500SKILL.mdUpdated Jun 11, 2026

vibeeval/vp-engineering

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/vibeeval/vibecosystem.git

# Copy into Claude Code skills folder (global)
cp -r vibecosystem/skills/ci-pipeline-patterns ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

vibeeval/vibecosystem

465 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT