Global Rank · of 601 Skills
ci-cd-architecture AI Agent Skill
View Source: oakoss/agent-skills
MediumInstallation
npx skills add oakoss/agent-skills --skill ci-cd-architecture 48
Installs
CI/CD & Deployment
Overview
Covers CI/CD pipeline design, deployment platform selection, and production infrastructure. Focuses on GitHub Actions with hardened security (OIDC, permission scoping, action pinning), Bun-first build optimization, and deployment patterns from MVP to enterprise scale.
When to use: Setting up GitHub Actions workflows, choosing deployment targets, configuring OIDC for cloud providers, optimizing CI performance, planning multi-environment pipelines.
When NOT to use: Application-level architecture decisions (use framework-specific skills), Kubernetes cluster management (use dedicated IaC tools), cloud provider console configuration.
Quick Reference
| Need | Solution |
|---|---|
| MVP deploy (< 1K users) | Vercel, Netlify, Railway, Cloudflare Pages |
| Growing product (1K-100K) | AWS Amplify, Cloud Run, Fly.io, Render |
| Enterprise (100K+) | AWS ECS/EKS, GKE, DigitalOcean App Platform |
| Static site | Vercel, Netlify, Cloudflare Pages |
| Full-stack + DB | Railway, Render, AWS Amplify |
| Global low latency | Cloudflare Workers, Vercel Edge, Fly.io |
| Compliance (HIPAA, SOC 2) | AWS, GCP, Azure |
| Cloud auth from CI | OIDC roles (never long-lived keys) |
| Action pinning | Pin to commit SHA, not tag |
| Bun CI caching | ~/.bun/install/cache keyed on lockfile |
| Pipeline security | StepSecurity Harden-Runner for egress control |
| Container builds | Multi-stage Dockerfile: builder + runtime stage |
| Docker layer caching | --cache-from + actions/cache for buildx |
| Multi-platform builds | docker buildx targeting linux/amd64,linux/arm64 |
| Image scanning | Trivy or Snyk in pipeline before push |
| Registry push | GHCR (ghcr.io), ECR, Docker Hub |
| Pipeline stages | build → test → security scan → deploy |
| DORA: deploy frequency | Track deployments per day/week per service |
| DORA: lead time | Commit-to-production time; target < 1 hour |
| DORA: change failure rate | % of deploys causing incidents; target < 5% |
| DORA: MTTR | Mean time to restore; target < 1 hour |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
| Storing long-lived AWS/GCP/Azure keys as GitHub secrets | Use OIDC roles with id-token: write permission for zero-trust cloud auth |
| Pinning GitHub Actions to tags instead of commit SHAs | Pin third-party actions to full commit SHA to prevent supply chain attacks |
Leaving permissions as default (broad) on workflows |
Explicitly scope permissions at the job level; default to contents: read |
| Running full CI on every branch push | Use on.pull_request filters and path-based triggers to avoid wasted compute |
| Over-engineering infrastructure before product-market fit | Start with managed platforms (Vercel, Railway); scale to AWS/GKE only when needed |
| Using outdated action versions (v3 or older) | Use current major versions: checkout@v6, cache@v5, configure-aws-credentials@v5 |
Caching only bun.lockb without considering bun.lock |
Bun 1.2+ uses text-based bun.lock; hash whichever lockfile format the project uses |
| Skipping preview deployments for PRs | Every PR should get a preview URL for testing before merge |
Relationship to Other Skills
If the
github-actionsskill is available, delegate detailed workflow authoring, matrix strategies, and composite actions to it. This skill covers CI/CD architecture and platform selection;github-actionscovers workflow syntax depth.
If thedeployment-strategyskill is available, delegate deployment pattern selection (blue-green, canary, rolling) to it. This skill covers platform selection and CI pipeline mechanics.
Delegation
- Audit existing CI workflow security and permissions: Use
Exploreagent to scan workflow YAML files for broad permissions, unpinned actions, and exposed secrets - Set up multi-environment deployment pipelines: Use
Taskagent to create dev/staging/prod workflows with environment protection rules - Plan migration from managed platform to containerized infrastructure: Use
Planagent to evaluate current deployment, define migration steps, and select target architecture
References
- GitHub Actions workflows, OIDC, matrix builds, and security hardening
- Deployment patterns: Jamstack, serverless, traditional, microservices
- Platform selection framework, database needs, and cost optimization
- Monitoring, observability tiers, and deployment checklists
- Container builds: multi-stage Dockerfiles, layer caching, buildx, image scanning, and registry push
Installs
Security Audit
View Source
oakoss/agent-skills
More from this source
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
How to use this skill
Install ci-cd-architecture by running npx skills add oakoss/agent-skills --skill ci-cd-architecture in your project directory. Run the install command above in your project directory. The skill file will be downloaded from GitHub and placed in your project.
No configuration needed. Your AI agent (Claude Code, Cursor, Windsurf, etc.) automatically detects installed skills and uses them as context when generating code.
The skill enhances your agent's understanding of ci-cd-architecture, helping it follow established patterns, avoid common mistakes, and produce production-ready output.
What you get
Skills are plain-text instruction files — not executable code. They encode expert knowledge about frameworks, languages, or tools that your AI agent reads to improve its output. This means zero runtime overhead, no dependency conflicts, and full transparency: you can read and review every instruction before installing.
Compatibility
This skill works with any AI coding agent that supports the skills.sh format, including Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider, and other tools that read project-level context files. Skills are framework-agnostic at the transport level — the content inside determines which language or framework it applies to.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
