ci-cd_skill

This skill helps you design, optimize, and secure CI/CD pipelines across platforms with DevSecOps scanning and troubleshooting guidance.
  • Python

77

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill ahmedasmar/devops-claude-skills --skill ci-cd

  • SKILL.md16.6 KB

Overview

This skill provides hands-on CI/CD pipeline design, optimization, DevSecOps scanning, and troubleshooting across GitHub Actions, GitLab CI, and similar platforms. It helps you create reproducible workflows, speed up builds, secure supply chains, and resolve common pipeline failures. Use it to implement caching, matrix builds, deployments, OIDC-based auth, and multi-environment strategies.

How this skill works

The skill analyzes existing pipeline configurations and generates or improves YAML workflows, adding fast-feedback stages, caching, parallelization, and artifact reuse. It recommends and injects security scanning stages (SAST, SCA, DAST, container scans) and security gates, and provides diagnostic scripts to surface optimization and failure patterns. It also produces concrete fixes for platform-specific errors and reproducible local debugging steps.

When to use it

  • Creating a new CI/CD workflow for Node, Python, Go, Docker images, or other stacks
  • Debugging failing or flaky pipelines and reproducing failures locally
  • Optimizing slow builds and test suites with caching and parallelization
  • Implementing DevSecOps scans (SAST, SCA, DAST, container scanning)
  • Setting up deployments (direct, blue-green, canary, rolling) and multi-environment flows
  • Securing pipelines with OIDC, secrets management, permission hardening, and pinning actions

Best practices

  • Fail fast: run lint/format checks before expensive jobs
  • Cache dependencies and Docker layers; build once and reuse artifacts
  • Parallelize independent jobs and use matrix/sharding for tests
  • Pin third-party actions to commit SHAs and grant minimal permissions
  • Add security scans early and a security gate to fail on critical issues
  • Use path filters and concurrency cancellation to reduce unnecessary runs

Example use cases

  • Create a GitHub Actions Python CI that runs lint, unit tests, CodeQL, pip-audit, builds artifacts, and deploys to staging
  • Optimize an existing pipeline by adding actions/cache, removing unnecessary needs, and sharding slow test suites
  • Add OIDC-based AWS credentials to GitHub Actions to avoid long-lived secrets and enable least-privilege access
  • Assemble a security stage with Trivy, Semgrep, and SCA tools, then implement a security-gate job to enforce thresholds
  • Troubleshoot intermittent test failures by enabling debug logs, reproducing the job with act, and applying retries or timing fixes

FAQ

Add dependency caching (platform cache actions or GitLab cache), prefer reproducible installs (npm ci, pip wheel caches), and persist Docker layer caches for image builds.

When should I run DAST versus SAST?

Run SAST on every commit for fast code analysis; run DAST on scheduled runs or main branch deployments because it requires a running app and takes longer.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational