cicd-setup

GitHub

用于从零搭建或优化CI/CD流水线,支持GitHub Actions和GitLab CI。通过检测技术栈自动生成YAML配置,涵盖缓存策略、测试构建及部署流程,确保安全性与稳定性。

skills/cicd-setup/SKILL.md shawnpang/startup-founder-skills

Trigger Scenarios

set up CI automate deployment add tests to pipeline fix my build

Install

npx skills add shawnpang/startup-founder-skills --skill cicd-setup -g -y
More Options

Use without installing

npx skills use shawnpang/startup-founder-skills@cicd-setup

指定 Agent (Claude Code)

npx skills add shawnpang/startup-founder-skills --skill cicd-setup -a claude-code -g -y

安装 repo 全部 skill

npx skills add shawnpang/startup-founder-skills --all -g -y

预览 repo 内 skill

npx skills add shawnpang/startup-founder-skills --list

SKILL.md

Frontmatter
{
    "name": "cicd-setup",
    "reads": [
        "startup-context"
    ],
    "related": [
        "code-review",
        "security-review"
    ],
    "description": "When the user needs to set up or improve CI\/CD pipelines — GitHub Actions, GitLab CI, deployment automation, or says \"set up CI\", \"automate deployment\", \"add tests to pipeline\", \"fix my build\"."
}

CI/CD Setup

When to Use

  • Setting up CI for a new project from scratch
  • Replacing unreliable copied pipeline configurations that do not match the actual stack
  • Transitioning between GitHub Actions and GitLab CI platforms
  • Reviewing whether pipeline stages align with actual project tooling
  • Optimizing slow builds (caching, parallelism, conditional steps)
  • Establishing a stable CI foundation before adding specialized hardening

Context Required

From startup-context: tech stack, deployment target, team size. Also detect or ask:

  • Language and framework (auto-detect from repo files before asking)
  • Deployment target (Vercel, AWS, GCP, Fly.io, etc.)
  • CI/CD platform (default: GitHub Actions; also supports GitLab CI)
  • Environments (dev, staging, production) and existing test coverage
  • Secrets and credentials needed for build or deploy

Workflow

  1. Detect stack from repo signals — Scan for lockfiles (package-lock.json, yarn.lock, poetry.lock, go.sum, Cargo.lock), language manifests (package.json, pyproject.toml, go.mod), and script definitions (test, lint, build commands). Lockfiles indicate package manager choice. Absent scripts trigger conservative defaults. Never assume Node for a Python project.
  2. Choose pipeline stages — Start with a dependable baseline: checkout, runtime setup, dependency install with caching, then sequential lint, test, build. Only add complexity after the baseline works.
  3. Generate pipeline config — Write CI config for the detected platform. Output machine-readable YAML with correct caching strategy for the detected package manager. Verify all referenced commands actually exist in the project.
  4. Configure secrets — List required secrets and how to add them. Use platform-managed secret stores. Recommend OIDC for cloud auth over long-lived keys. Never hardcode credentials in YAML.
  5. Add deployment stages safely — Begin CI-only (lint/test/build). Add staging deployment with explicit environment info. Add production deployment with manual approval. Maintain transparency in rollout and rollback procedures.
  6. Validate before merge — Confirm generated YAML is syntactically valid, all commands exist in the project, caching aligns with the package manager, and branch protections match organizational requirements.
  7. Deliver config and instructions — Full config file plus setup steps.

Output Format

# CI/CD Pipeline: [Project Name]
## Stack Detection Results — detected language, runtime, tools, and build commands
## Pipeline Overview — Mermaid flowchart showing stages
## Pipeline Configuration — Full YAML config file
## Secrets Required — table: name, where to get, how to add
## Setup Instructions — step-by-step to activate
## Validation Checklist — commands verified, caching confirmed, branch rules set
## Optimization Notes — caching strategy, estimated build time

Frameworks & Best Practices

Detection-First Pipeline Generation

Always detect before generating. The detector relies on concrete file signals:

  • Lockfiles indicate package manager choice (npm, yarn, pip, cargo, go modules)
  • Language manifests identify runtime families
  • Script definitions in package.json/pyproject.toml inform lint/test/build commands
  • Absent scripts trigger conservative default commands rather than assumptions

Caching Strategies by Ecosystem

Ecosystem Cache Path Cache Key
Node.js ~/.npm or node_modules hashFiles('**/package-lock.json')
Python ~/.cache/pip hashFiles('**/requirements*.txt')
Go ~/go/pkg/mod hashFiles('**/go.sum')
Rust ~/.cargo/registry, target/ hashFiles('**/Cargo.lock')
Ruby vendor/bundle hashFiles('**/Gemfile.lock')

Pipeline Architecture Principles

  • Lint first — fail early before expensive test runs
  • Sequential baseline — checkout, install, lint, test, build, then artifact publish
  • Cache aggressively — cuts 30-60% off build times
  • Pin action versions — use SHA hashes, not tags, for supply chain security
  • Set timeouts (timeout-minutes: 15) and concurrency to cancel redundant runs
  • One enhancement at a time — do not add matrix builds, security scanning, and deployment in one PR

Environment Strategy

Environment Trigger Approval Purpose
CI Every push/PR None Run lint + tests
Staging Merge to main None (auto) Integration testing, QA
Production Git tag or manual Required Live users

Common Pitfalls

  1. Applying Node-specific pipelines to Python or Go repos (detect first)
  2. Enabling deployment before establishing reliable test coverage
  3. Overlooking dependency caching configuration
  4. Running full matrix builds on minor branch updates (use path filters)
  5. Omitting branch protections on production deployments
  6. Embedding credentials directly in pipeline YAML

Scaling & Platform Notes

  • Split long-running jobs when execution exceeds 10 minutes
  • Implement test matrices only when genuine compatibility concerns exist
  • GitHub Actions for GitHub ecosystem; GitLab CI for self-hosted SCM+CI
  • Maintain a single canonical pipeline source per repository

Related Skills

  • code-review — chain to review the CI config itself before committing
  • security-review — chain to add or audit security scanning stages (trivy, semgrep, npm audit)

Examples

Example prompt: "Set up CI/CD for my Next.js app deployed on Vercel."

Good output snippet:

name: CI
on:
  push: { branches: [main] }
  pull_request: { branches: [main] }
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
jobs:
  lint:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: 'npm' }
      - run: npm ci
      - run: npm run lint && npx tsc --noEmit
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: 'npm' }
      - run: npm ci && npm test -- --coverage

Example prompt: "My Python CI takes 8 minutes, how do I speed it up?"

Good output snippet:

Stack detection shows: Python 3.11, pytest, pip. Three fixes to cut to ~3 minutes:
(1) Add pip caching keyed on hashFiles('requirements*.txt'),
(2) split unit/integration tests into parallel jobs,
(3) add path filters to skip CI on docs-only changes.

Version History

  • 4ad31b4 Current 2026-07-05 10:47

Same Skill Collection

skills/accelerator-application/SKILL.md
skills/architecture-design/SKILL.md
skills/board-update/SKILL.md
skills/churn-analysis/SKILL.md
skills/code-review/SKILL.md
skills/cold-outreach/SKILL.md
skills/community-discovery/SKILL.md
skills/competitive-analysis/SKILL.md
skills/competitor-monitoring/SKILL.md
skills/content-strategy/SKILL.md
skills/contract-review/SKILL.md
skills/daily-product-digest/SKILL.md
skills/data-room/SKILL.md
skills/earned-media-outreach/SKILL.md
skills/email-marketing/SKILL.md
skills/employer-brand/SKILL.md
skills/event-hosting/SKILL.md
skills/feedback-synthesis/SKILL.md
skills/founder-thought-leadership/SKILL.md
skills/fundraising-email/SKILL.md
skills/interview-kit/SKILL.md
skills/investor-research/SKILL.md
skills/job-description/SKILL.md
skills/landing-page/SKILL.md
skills/launch-strategy/SKILL.md
skills/lead-scoring/SKILL.md
skills/market-research/SKILL.md
skills/mvp-scoping/SKILL.md
skills/onboarding-flow/SKILL.md
skills/partnership-outreach/SKILL.md
skills/pitch-deck/SKILL.md
skills/prd-writing/SKILL.md
skills/privacy-policy/SKILL.md
skills/process-docs/SKILL.md
skills/proposal-generation/SKILL.md
skills/review-mining/SKILL.md
skills/roadmap-planning/SKILL.md
skills/sales-script/SKILL.md
skills/security-review/SKILL.md
skills/sentiment-monitoring/SKILL.md
skills/seo-technical/SKILL.md
skills/soc2-prep/SKILL.md
skills/social-content/SKILL.md
skills/sourcing-outreach/SKILL.md
skills/startup-context/SKILL.md
skills/support-docs/SKILL.md
skills/tech-stack-eval/SKILL.md
skills/terms-of-service/SKILL.md
skills/user-research-synthesis/SKILL.md

Metadata

Files
0
Version
4ad31b4
Hash
2f82ce4a
Indexed
2026-07-05 10:47

Главная - Вики-сайт
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-09 15:54
浙ICP备14020137号-1 $Гость$