Globales Ranking · von 601 Skills
ci-cd-architecture AI Agent Skill
Quellcode ansehen: oakoss/agent-skills
MediumInstallation
npx skills add oakoss/agent-skills --skill ci-cd-architecture 48
Installationen
CI/CD & Deployment
Overview
Covers CI/CD pipeline design, deployment platform selection, and production infrastructure. Focuses on GitHub Actions with hardened security (OIDC, permission scoping, action pinning), Bun-first build optimization, and deployment patterns from MVP to enterprise scale.
When to use: Setting up GitHub Actions workflows, choosing deployment targets, configuring OIDC for cloud providers, optimizing CI performance, planning multi-environment pipelines.
When NOT to use: Application-level architecture decisions (use framework-specific skills), Kubernetes cluster management (use dedicated IaC tools), cloud provider console configuration.
Quick Reference
| Need | Solution |
|---|---|
| MVP deploy (< 1K users) | Vercel, Netlify, Railway, Cloudflare Pages |
| Growing product (1K-100K) | AWS Amplify, Cloud Run, Fly.io, Render |
| Enterprise (100K+) | AWS ECS/EKS, GKE, DigitalOcean App Platform |
| Static site | Vercel, Netlify, Cloudflare Pages |
| Full-stack + DB | Railway, Render, AWS Amplify |
| Global low latency | Cloudflare Workers, Vercel Edge, Fly.io |
| Compliance (HIPAA, SOC 2) | AWS, GCP, Azure |
| Cloud auth from CI | OIDC roles (never long-lived keys) |
| Action pinning | Pin to commit SHA, not tag |
| Bun CI caching | ~/.bun/install/cache keyed on lockfile |
| Pipeline security | StepSecurity Harden-Runner for egress control |
| Container builds | Multi-stage Dockerfile: builder + runtime stage |
| Docker layer caching | --cache-from + actions/cache for buildx |
| Multi-platform builds | docker buildx targeting linux/amd64,linux/arm64 |
| Image scanning | Trivy or Snyk in pipeline before push |
| Registry push | GHCR (ghcr.io), ECR, Docker Hub |
| Pipeline stages | build → test → security scan → deploy |
| DORA: deploy frequency | Track deployments per day/week per service |
| DORA: lead time | Commit-to-production time; target < 1 hour |
| DORA: change failure rate | % of deploys causing incidents; target < 5% |
| DORA: MTTR | Mean time to restore; target < 1 hour |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
| Storing long-lived AWS/GCP/Azure keys as GitHub secrets | Use OIDC roles with id-token: write permission for zero-trust cloud auth |
| Pinning GitHub Actions to tags instead of commit SHAs | Pin third-party actions to full commit SHA to prevent supply chain attacks |
Leaving permissions as default (broad) on workflows |
Explicitly scope permissions at the job level; default to contents: read |
| Running full CI on every branch push | Use on.pull_request filters and path-based triggers to avoid wasted compute |
| Over-engineering infrastructure before product-market fit | Start with managed platforms (Vercel, Railway); scale to AWS/GKE only when needed |
| Using outdated action versions (v3 or older) | Use current major versions: checkout@v6, cache@v5, configure-aws-credentials@v5 |
Caching only bun.lockb without considering bun.lock |
Bun 1.2+ uses text-based bun.lock; hash whichever lockfile format the project uses |
| Skipping preview deployments for PRs | Every PR should get a preview URL for testing before merge |
Relationship to Other Skills
If the
github-actionsskill is available, delegate detailed workflow authoring, matrix strategies, and composite actions to it. This skill covers CI/CD architecture and platform selection;github-actionscovers workflow syntax depth.
If thedeployment-strategyskill is available, delegate deployment pattern selection (blue-green, canary, rolling) to it. This skill covers platform selection and CI pipeline mechanics.
Delegation
- Audit existing CI workflow security and permissions: Use
Exploreagent to scan workflow YAML files for broad permissions, unpinned actions, and exposed secrets - Set up multi-environment deployment pipelines: Use
Taskagent to create dev/staging/prod workflows with environment protection rules - Plan migration from managed platform to containerized infrastructure: Use
Planagent to evaluate current deployment, define migration steps, and select target architecture
References
- GitHub Actions workflows, OIDC, matrix builds, and security hardening
- Deployment patterns: Jamstack, serverless, traditional, microservices
- Platform selection framework, database needs, and cost optimization
- Monitoring, observability tiers, and deployment checklists
- Container builds: multi-stage Dockerfiles, layer caching, buildx, image scanning, and registry push
Installationen
Sicherheitsprüfung
Quellcode ansehen
oakoss/agent-skills
Mehr aus dieser Quelle
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
So verwenden Sie diesen Skill
Install ci-cd-architecture by running npx skills add oakoss/agent-skills --skill ci-cd-architecture in your project directory. Führen Sie den obigen Installationsbefehl in Ihrem Projektverzeichnis aus. Die Skill-Datei wird von GitHub heruntergeladen und in Ihrem Projekt platziert.
Keine Konfiguration erforderlich. Ihr KI-Agent (Claude Code, Cursor, Windsurf usw.) erkennt installierte Skills automatisch und nutzt sie als Kontext bei der Code-Generierung.
Der Skill verbessert das Verständnis Ihres Agenten für ci-cd-architecture, und hilft ihm, etablierte Muster zu befolgen, häufige Fehler zu vermeiden und produktionsreifen Code zu erzeugen.
Was Sie erhalten
Skills sind Klartext-Anweisungsdateien — kein ausführbarer Code. Sie kodieren Expertenwissen über Frameworks, Sprachen oder Tools, das Ihr KI-Agent liest, um seine Ausgabe zu verbessern. Das bedeutet null Laufzeit-Overhead, keine Abhängigkeitskonflikte und volle Transparenz: Sie können jede Anweisung vor der Installation lesen und prüfen.
Kompatibilität
Dieser Skill funktioniert mit jedem KI-Coding-Agenten, der das skills.sh-Format unterstützt, einschließlich Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider und anderen Tools, die projektbezogene Kontextdateien lesen. Skills sind auf Transportebene framework-agnostisch — der Inhalt bestimmt, für welche Sprache oder welches Framework er gilt.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
