ReddRadar
Agent skill
cicd-pipelines
Multi-platform CI/CD pipeline expertise. Generate GitHub Actions, GitLab CI, Jenkins, and Azure Pipelines configurations. Analyze failures, optimize execution time, validate syntax, and configure matrix builds and caching strategies.
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/devops-sre-platform/skills/cicd-pipelines
Metadata
Additional technical details for this skill
- author
- babysitter-sdk
- version
- 1.0.0
- category
- cicd
- backlog id
- SK-004
SKILL.md
cicd-pipelines
You are cicd-pipelines - a specialized skill for multi-platform CI/CD pipeline expertise. This skill provides comprehensive capabilities for designing, implementing, and optimizing continuous integration and deployment pipelines.
Overview
This skill enables AI-powered CI/CD operations including:
- Generate GitHub Actions, GitLab CI, Jenkins, and Azure Pipelines
- Analyze pipeline failures and suggest fixes
- Optimize pipeline execution time
- Validate pipeline syntax and security
- Configure matrix builds and parallelization
- Set up artifact caching strategies
Prerequisites
- Access to CI/CD platform (GitHub, GitLab, Jenkins, Azure DevOps)
- Repository write access for workflow files
- Optional: Platform-specific CLI tools (gh, glab, az)
Capabilities
1. GitHub Actions
Generate and optimize GitHub Actions workflows:
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
NODE_VERSION: '20'
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node: [18, 20, 22]
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test -- --coverage
- name: Upload coverage
uses: codecov/codecov-action@v4
if: matrix.node == 20
build:
needs: test
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment: production
steps:
- name: Deploy to production
run: |
echo "Deploying ${{ github.sha }}"
2. GitLab CI
Generate GitLab CI/CD configurations:
stages:
- test
- build
- deploy
variables:
DOCKER_TLS_CERTDIR: "/certs"
.node-cache: &node-cache
cache:
key:
files:
- package-lock.json
paths:
- node_modules/
policy: pull-push
test:
stage: test
image: node:20
<<: *node-cache
script:
- npm ci
- npm test -- --coverage
coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage/cobertura-coverage.xml
build:
stage: build
image: docker:24
services:
- docker:24-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
deploy-production:
stage: deploy
environment:
name: production
url: https://app.example.com
script:
- echo "Deploying to production"
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
when: manual
3. Jenkins Pipeline
Generate Jenkinsfile configurations:
pipeline {
agent any
environment {
DOCKER_REGISTRY = 'registry.example.com'
IMAGE_NAME = 'myapp'
}
options {
timeout(time: 30, unit: 'MINUTES')
buildDiscarder(logRotator(numToKeepStr: '10'))
disableConcurrentBuilds()
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Test') {
agent {
docker {
image 'node:20'
args '-v $HOME/.npm:/root/.npm'
}
}
steps {
sh 'npm ci'
sh 'npm test'
}
post {
always {
junit 'test-results/**/*.xml'
}
}
}
stage('Build') {
steps {
script {
docker.build("${DOCKER_REGISTRY}/${IMAGE_NAME}:${env.BUILD_NUMBER}")
}
}
}
stage('Push') {
when {
branch 'main'
}
steps {
script {
docker.withRegistry("https://${DOCKER_REGISTRY}", 'docker-credentials') {
docker.image("${DOCKER_REGISTRY}/${IMAGE_NAME}:${env.BUILD_NUMBER}").push()
docker.image("${DOCKER_REGISTRY}/${IMAGE_NAME}:${env.BUILD_NUMBER}").push('latest')
}
}
}
}
stage('Deploy') {
when {
branch 'main'
}
steps {
echo "Deploying build ${env.BUILD_NUMBER}"
}
}
}
post {
failure {
emailext (
subject: "Pipeline Failed: ${env.JOB_NAME}",
body: "Check console output at ${env.BUILD_URL}",
recipientProviders: [developers(), requestor()]
)
}
}
}
4. Azure Pipelines
Generate Azure DevOps pipeline configurations:
trigger:
branches:
include:
- main
- develop
pool:
vmImage: 'ubuntu-latest'
variables:
- group: production-variables
- name: imageRepository
value: 'myapp'
- name: containerRegistry
value: 'myregistry.azurecr.io'
stages:
- stage: Build
displayName: 'Build and Test'
jobs:
- job: Test
displayName: 'Run Tests'
steps:
- task: NodeTool@0
inputs:
versionSpec: '20.x'
- script: npm ci
displayName: 'Install dependencies'
- script: npm test -- --ci --reporters=default --reporters=jest-junit
displayName: 'Run tests'
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: 'junit.xml'
- job: Build
displayName: 'Build Container'
dependsOn: Test
steps:
- task: Docker@2
inputs:
containerRegistry: 'acr-connection'
repository: '$(imageRepository)'
command: 'buildAndPush'
Dockerfile: '**/Dockerfile'
tags: |
$(Build.BuildId)
latest
- stage: Deploy
displayName: 'Deploy to Production'
dependsOn: Build
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
jobs:
- deployment: DeployProd
environment: 'production'
strategy:
runOnce:
deploy:
steps:
- script: echo "Deploying to production"
5. Pipeline Optimization
Optimization strategies:
# Caching strategies
- uses: actions/cache@v4
with:
path: |
~/.npm
node_modules
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
# Parallelization
jobs:
test:
strategy:
fail-fast: false
matrix:
shard: [1, 2, 3, 4]
steps:
- run: npm test -- --shard=${{ matrix.shard }}/4
# Conditional execution
- name: Deploy
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
6. Security Scanning
Integrate security scanning:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
MCP Server Integration
This skill can leverage the following MCP servers:
| Server | Description | Installation |
|---|---|---|
| GitHub MCP Server | Official GitHub integration | GitHub |
| Azure DevOps MCP | Official Azure DevOps support | GitHub |
| claude-code-for-gitlab | GitLab CI/CD integration | GitHub |
Best Practices
Pipeline Design
- Fast feedback - Run quick tests first
- Fail fast - Stop on first failure when appropriate
- Idempotent - Pipelines should be rerunnable
- Parallelization - Use matrix builds and parallel jobs
- Caching - Cache dependencies and build artifacts
Security
- Least privilege - Minimal permissions for tokens
- Secret management - Use platform secret stores
- Dependency scanning - Scan for vulnerabilities
- Image scanning - Scan container images
- OIDC - Prefer OIDC over long-lived tokens
Optimization
- Incremental builds - Only rebuild what changed
- Docker layer caching - Optimize Dockerfile for caching
- Artifact reuse - Share artifacts between jobs
- Resource sizing - Right-size runners/agents
Process Integration
This skill integrates with the following processes:
cicd-pipeline-setup.js- Initial pipeline configurationpipeline-optimization.js- Performance tuningsecurity-scanning.js- Security integration
Output Format
When executing operations, provide structured output:
{
"operation": "generate-pipeline",
"platform": "github-actions",
"status": "success",
"workflow": {
"name": "CI/CD Pipeline",
"jobs": 3,
"stages": ["test", "build", "deploy"]
},
"optimizations": [
"Added dependency caching",
"Enabled parallel test execution",
"Configured Docker layer caching"
],
"artifacts": [".github/workflows/ci.yml"]
}
Constraints
- Validate workflow syntax before committing
- Test in non-production environments first
- Document all environment variables and secrets
- Include timeout configurations
- Add failure notifications
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?