- Home
- Skills
- Physics91
- Claude Vibe
- Ci Cd Reviewer
ci-cd-reviewer_skill
- TypeScript
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill physics91/claude-vibe --skill ci-cd-reviewer- SKILL.md8.4 KB
Overview
This skill reviews CI/CD pipelines to surface structure, security, caching, and deployment issues. It targets common pipeline files (GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure) and provides prioritized recommendations. The goal is concrete, actionable fixes to speed builds, reduce risk, and improve deployment safety. It excludes deep Kubernetes or Terraform reviews which are handled by dedicated skills.
How this skill works
The reviewer scans repository pipeline definitions and detects platform, triggers, jobs, and environments. It applies rules for structure (parallelization, job dependencies), security (secrets, permissions, pinned actions), caching (dependency and Docker layer caches), and deployment patterns (staging, rollbacks, verifications). Results are returned as a short report with severity levels and recommended fixes.
When to use it
- You want a fast audit of GitHub Actions, GitLab CI, or Jenkins pipelines
- Optimizing build time and caching across CI jobs
- Validating secrets handling, permissions, and third-party action pinning
- Checking deployment safety: staging, rollbacks, and health checks
- Before merging heavy pipeline changes or onboarding CI for a repo
Best practices
- Parallelize independent jobs and use needs to express dependencies
- Explicitly set permissions and avoid plaintext secrets; prefer OIDC where possible
- Pin third-party actions to commit SHAs or immutable tags
- Add dependency caching (lockfile hashes) and Docker layer cache
- Use separate staging environment and manual approvals for production
- Include post-deploy verification and rollback steps in deployment jobs
Example use cases
- Audit a repo with .github/workflows/*.yml to identify sequential jobs and missing caches
- Review a GitLab CI file for reusable templates, caching, and artifact retention
- Detect unpinned third-party actions and missing permissions that expose secrets
- Recommend a canary or blue-green promotion flow with verification and rollback
- Suggest converting duplicated steps into composite actions or shared templates
FAQ
It detects .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile, azure-pipelines.yml, and .circleci/config.yml.
Does it modify pipeline files automatically?
No. It produces a prioritized report with concrete suggestions; changes should be applied and tested by maintainers.