cicd-setup

GitHub

用于自动化配置CI/CD流水线,支持GitHub Actions和GitLab CI。通过扫描仓库自动检测技术栈,生成包含缓存、测试、构建及部署阶段的YAML配置。强调先建立稳定基础再优化,确保凭据安全,并提供完整的设置指南与验证清单。

skills/cicd-setup/SKILL.md shawnpang/startup-founder-skills

触发场景

set up CI automate deployment add tests to pipeline fix my build

安装

npx skills add shawnpang/startup-founder-skills --skill cicd-setup -g -y
更多选项

不安装直接使用

npx skills use shawnpang/startup-founder-skills@cicd-setup

指定 Agent (Claude Code)

npx skills add shawnpang/startup-founder-skills --skill cicd-setup -a claude-code -g -y

安装 repo 全部 skill

npx skills add shawnpang/startup-founder-skills --all -g -y

预览 repo 内 skill

npx skills add shawnpang/startup-founder-skills --list

SKILL.md

Frontmatter
{
    "name": "cicd-setup",
    "reads": [
        "startup-context"
    ],
    "related": [
        "code-review",
        "security-review"
    ],
    "description": "When the user needs to set up or improve CI\/CD pipelines — GitHub Actions, GitLab CI, deployment automation, or says \"set up CI\", \"automate deployment\", \"add tests to pipeline\", \"fix my build\"."
}

CI/CD Setup

When to Use

  • Setting up CI for a new project from scratch
  • Replacing unreliable copied pipeline configurations that do not match the actual stack
  • Transitioning between GitHub Actions and GitLab CI platforms
  • Reviewing whether pipeline stages align with actual project tooling
  • Optimizing slow builds (caching, parallelism, conditional steps)
  • Establishing a stable CI foundation before adding specialized hardening

Context Required

From startup-context: tech stack, deployment target, team size. Also detect or ask:

  • Language and framework (auto-detect from repo files before asking)
  • Deployment target (Vercel, AWS, GCP, Fly.io, etc.)
  • CI/CD platform (default: GitHub Actions; also supports GitLab CI)
  • Environments (dev, staging, production) and existing test coverage
  • Secrets and credentials needed for build or deploy

Workflow

  1. Detect stack from repo signals — Scan for lockfiles (package-lock.json, yarn.lock, poetry.lock, go.sum, Cargo.lock), language manifests (package.json, pyproject.toml, go.mod), and script definitions (test, lint, build commands). Lockfiles indicate package manager choice. Absent scripts trigger conservative defaults. Never assume Node for a Python project.
  2. Choose pipeline stages — Start with a dependable baseline: checkout, runtime setup, dependency install with caching, then sequential lint, test, build. Only add complexity after the baseline works.
  3. Generate pipeline config — Write CI config for the detected platform. Output machine-readable YAML with correct caching strategy for the detected package manager. Verify all referenced commands actually exist in the project.
  4. Configure secrets — List required secrets and how to add them. Use platform-managed secret stores. Recommend OIDC for cloud auth over long-lived keys. Never hardcode credentials in YAML.
  5. Add deployment stages safely — Begin CI-only (lint/test/build). Add staging deployment with explicit environment info. Add production deployment with manual approval. Maintain transparency in rollout and rollback procedures.
  6. Validate before merge — Confirm generated YAML is syntactically valid, all commands exist in the project, caching aligns with the package manager, and branch protections match organizational requirements.
  7. Deliver config and instructions — Full config file plus setup steps.

Output Format

# CI/CD Pipeline: [Project Name]
## Stack Detection Results — detected language, runtime, tools, and build commands
## Pipeline Overview — Mermaid flowchart showing stages
## Pipeline Configuration — Full YAML config file
## Secrets Required — table: name, where to get, how to add
## Setup Instructions — step-by-step to activate
## Validation Checklist — commands verified, caching confirmed, branch rules set
## Optimization Notes — caching strategy, estimated build time

Frameworks & Best Practices

Detection-First Pipeline Generation

Always detect before generating. The detector relies on concrete file signals:

  • Lockfiles indicate package manager choice (npm, yarn, pip, cargo, go modules)
  • Language manifests identify runtime families
  • Script definitions in package.json/pyproject.toml inform lint/test/build commands
  • Absent scripts trigger conservative default commands rather than assumptions

Caching Strategies by Ecosystem

Ecosystem Cache Path Cache Key
Node.js ~/.npm or node_modules hashFiles('**/package-lock.json')
Python ~/.cache/pip hashFiles('**/requirements*.txt')
Go ~/go/pkg/mod hashFiles('**/go.sum')
Rust ~/.cargo/registry, target/ hashFiles('**/Cargo.lock')
Ruby vendor/bundle hashFiles('**/Gemfile.lock')

Pipeline Architecture Principles

  • Lint first — fail early before expensive test runs
  • Sequential baseline — checkout, install, lint, test, build, then artifact publish
  • Cache aggressively — cuts 30-60% off build times
  • Pin action versions — use SHA hashes, not tags, for supply chain security
  • Set timeouts (timeout-minutes: 15) and concurrency to cancel redundant runs
  • One enhancement at a time — do not add matrix builds, security scanning, and deployment in one PR

Environment Strategy

Environment Trigger Approval Purpose
CI Every push/PR None Run lint + tests
Staging Merge to main None (auto) Integration testing, QA
Production Git tag or manual Required Live users

Common Pitfalls

  1. Applying Node-specific pipelines to Python or Go repos (detect first)
  2. Enabling deployment before establishing reliable test coverage
  3. Overlooking dependency caching configuration
  4. Running full matrix builds on minor branch updates (use path filters)
  5. Omitting branch protections on production deployments
  6. Embedding credentials directly in pipeline YAML

Scaling & Platform Notes

  • Split long-running jobs when execution exceeds 10 minutes
  • Implement test matrices only when genuine compatibility concerns exist
  • GitHub Actions for GitHub ecosystem; GitLab CI for self-hosted SCM+CI
  • Maintain a single canonical pipeline source per repository

Related Skills

  • code-review — chain to review the CI config itself before committing
  • security-review — chain to add or audit security scanning stages (trivy, semgrep, npm audit)

Examples

Example prompt: "Set up CI/CD for my Next.js app deployed on Vercel."

Good output snippet:

name: CI
on:
  push: { branches: [main] }
  pull_request: { branches: [main] }
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
jobs:
  lint:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: 'npm' }
      - run: npm ci
      - run: npm run lint && npx tsc --noEmit
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: 'npm' }
      - run: npm ci && npm test -- --coverage

Example prompt: "My Python CI takes 8 minutes, how do I speed it up?"

Good output snippet:

Stack detection shows: Python 3.11, pytest, pip. Three fixes to cut to ~3 minutes:
(1) Add pip caching keyed on hashFiles('requirements*.txt'),
(2) split unit/integration tests into parallel jobs,
(3) add path filters to skip CI on docs-only changes.

版本历史

  • 4ad31b4 当前 2026-07-05 10:47

同 Skill 集合

skills/accelerator-application/SKILL.md
skills/architecture-design/SKILL.md
skills/board-update/SKILL.md
skills/churn-analysis/SKILL.md
skills/code-review/SKILL.md
skills/cold-outreach/SKILL.md
skills/community-discovery/SKILL.md
skills/competitive-analysis/SKILL.md
skills/competitor-monitoring/SKILL.md
skills/content-strategy/SKILL.md
skills/contract-review/SKILL.md
skills/daily-product-digest/SKILL.md
skills/data-room/SKILL.md
skills/earned-media-outreach/SKILL.md
skills/email-marketing/SKILL.md
skills/employer-brand/SKILL.md
skills/event-hosting/SKILL.md
skills/feedback-synthesis/SKILL.md
skills/founder-thought-leadership/SKILL.md
skills/fundraising-email/SKILL.md
skills/interview-kit/SKILL.md
skills/investor-research/SKILL.md
skills/job-description/SKILL.md
skills/landing-page/SKILL.md
skills/launch-strategy/SKILL.md
skills/lead-scoring/SKILL.md
skills/market-research/SKILL.md
skills/mvp-scoping/SKILL.md
skills/onboarding-flow/SKILL.md
skills/partnership-outreach/SKILL.md
skills/pitch-deck/SKILL.md
skills/prd-writing/SKILL.md
skills/privacy-policy/SKILL.md
skills/process-docs/SKILL.md
skills/proposal-generation/SKILL.md
skills/review-mining/SKILL.md
skills/roadmap-planning/SKILL.md
skills/sales-script/SKILL.md
skills/security-review/SKILL.md
skills/sentiment-monitoring/SKILL.md
skills/seo-technical/SKILL.md
skills/soc2-prep/SKILL.md
skills/social-content/SKILL.md
skills/sourcing-outreach/SKILL.md
skills/startup-context/SKILL.md
skills/support-docs/SKILL.md
skills/tech-stack-eval/SKILL.md
skills/terms-of-service/SKILL.md
skills/user-research-synthesis/SKILL.md

元信息

文件数
0
版本
4ad31b4
Hash
2f82ce4a
收录时间
2026-07-05 10:47

首页 - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-14 15:00
浙ICP备14020137号-1 $访客地图$