- Home
- Skills
- Yuniorglez
- Gemini Elite Core
- Github Actions Pro
github-actions-pro_skill
- Python
7
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill yuniorglez/gemini-elite-core --skill github-actions-pro- SKILL.md5.4 KB
Overview
This skill is a Senior DevOps & CI/CD architect agent focused on hardened GitHub Actions workflows, Zero-Trust OIDC cloud integration, and Bun-optimized pipelines. It provides prescriptive patterns, audit checks, and automated boilerplate to convert fragile CI into secure, high-performance pipelines. Use it to enforce 2026-grade security posture and speed-centric CI for JavaScript/TypeScript projects using Bun.
How this skill works
The skill inspects workflow YAML, flags insecure permissions, long-lived secrets, and unpinned actions, then emits hardened workflow templates and remediation steps. It maps environments (staging, production), recommends OIDC role configurations, and produces Bun-first CI patterns with cache keys and matrix strategies. It can run verification steps (dry-run, act-like checks) and generate scripts to verify SHA pinning and workflow consistency.
When to use it
- Migrating CI to Zero-Trust OIDC and removing long-lived cloud keys.
- Optimizing CI for Bun-based projects to cut test/build latency.
- Hardening existing GitHub Actions by scoping permissions and pinning actions.
- Designing multi-job orchestration and ephemeral self-hosted runners.
- Creating reproducible workflows for monorepos or multi-platform matrices.
Best practices
- Always set id-token: write at the workflow level and use OIDC roles instead of secrets.
- Define explicit job-level permissions; default to contents: read and add only necessary write perms.
- Pin third-party actions to commit SHAs and verify pins with automated checks.
- Cache Bun artifacts with actions/cache@v4 and use bun.lockb for cache keys.
- Use ephemeral, JIT self-hosted runners and enforce egress restrictions to known domains.
Example use cases
- Generate a hardened deploy workflow that configures AWS via OIDC and deploys with bun run deploy.
- Audit an existing .github/workflows directory for broad permissions, secret usage, and unpinned actions.
- Create a matrix test job across multiple Node LTS versions using bun test for sub-second runs.
- Produce a self-hosted runner policy that spins up ephemeral runners and enforces egress control.
- Run automated verification (dry-run or act) before merging large workflow changes to prevent regressions.
FAQ
No. It flags long-lived secrets and recommends OIDC role-based replacements; manual or automated migration steps are provided but require privileged execution.
Can it generate workflows for monorepos?
Yes. It includes patterns and generators for monorepo CI (filtering, selective builds, and Turborepo-friendly steps).