ci-cd_skill
- Python
77
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill ahmedasmar/devops-claude-skills --skill ci-cd- SKILL.md16.6 KB
Overview
This skill provides hands-on CI/CD pipeline design, optimization, DevSecOps scanning, and troubleshooting across GitHub Actions, GitLab CI, and similar platforms. It helps you create reproducible workflows, speed up builds, secure supply chains, and resolve common pipeline failures. Use it to implement caching, matrix builds, deployments, OIDC-based auth, and multi-environment strategies.
How this skill works
The skill analyzes existing pipeline configurations and generates or improves YAML workflows, adding fast-feedback stages, caching, parallelization, and artifact reuse. It recommends and injects security scanning stages (SAST, SCA, DAST, container scans) and security gates, and provides diagnostic scripts to surface optimization and failure patterns. It also produces concrete fixes for platform-specific errors and reproducible local debugging steps.
When to use it
- Creating a new CI/CD workflow for Node, Python, Go, Docker images, or other stacks
- Debugging failing or flaky pipelines and reproducing failures locally
- Optimizing slow builds and test suites with caching and parallelization
- Implementing DevSecOps scans (SAST, SCA, DAST, container scanning)
- Setting up deployments (direct, blue-green, canary, rolling) and multi-environment flows
- Securing pipelines with OIDC, secrets management, permission hardening, and pinning actions
Best practices
- Fail fast: run lint/format checks before expensive jobs
- Cache dependencies and Docker layers; build once and reuse artifacts
- Parallelize independent jobs and use matrix/sharding for tests
- Pin third-party actions to commit SHAs and grant minimal permissions
- Add security scans early and a security gate to fail on critical issues
- Use path filters and concurrency cancellation to reduce unnecessary runs
Example use cases
- Create a GitHub Actions Python CI that runs lint, unit tests, CodeQL, pip-audit, builds artifacts, and deploys to staging
- Optimize an existing pipeline by adding actions/cache, removing unnecessary needs, and sharding slow test suites
- Add OIDC-based AWS credentials to GitHub Actions to avoid long-lived secrets and enable least-privilege access
- Assemble a security stage with Trivy, Semgrep, and SCA tools, then implement a security-gate job to enforce thresholds
- Troubleshoot intermittent test failures by enabling debug logs, reproducing the job with act, and applying retries or timing fixes
FAQ
Add dependency caching (platform cache actions or GitLab cache), prefer reproducible installs (npm ci, pip wheel caches), and persist Docker layer caches for image builds.
When should I run DAST versus SAST?
Run SAST on every commit for fast code analysis; run DAST on scheduled runs or main branch deployments because it requires a running app and takes longer.