Loading...
Loading...
Found 28 Skills
GitHub Actions CI/CD. Covers workflows, jobs, and deployment. Use for automating builds, tests, and deployments. USE WHEN: user mentions "github actions", "workflow", "ci/cd", ".github/workflows", "actions/checkout", "github workflow", asks about "automate tests", "deploy on push", "build pipeline", "ci pipeline", "continuous integration", "github automation" DO NOT USE FOR: GitLab CI/CD - different syntax and features, Jenkins pipelines - different tool, Container orchestration - use `docker` or `kubernetes` skills, Local builds - workflows run on GitHub runners
This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.
Systematic GitHub Actions workflow authoring skill for AI coding agents. Analyzes repositories to determine project type, language ecosystem, and deployment targets, then generates production-grade CI/CD workflows with proper security hardening, caching, and optimization. Handles greenfield projects (no workflows exist), brownfield updates (modify, optimize, secure existing workflows), and workflow audits with workflow-specific guidance for each. Use when the user requests GitHub Actions workflows: CI pipelines, CD deployments, release automation, scheduled jobs, or any .github/workflows YAML authoring. Also use when existing workflows need auditing, optimizing, securing, or restructuring. Triggers on phrases like "set up CI", "add CI/CD", "GitHub Actions workflow", "release automation", "deploy on tag", "publish to npm/PyPI", "schedule a job", "cron workflow", "matrix build", "workflow.yml", "actions/checkout", "permissions", "harden this pipeline", "pin actions to SHA", "OIDC", "least privilege", "supply-chain", "audit my workflows", "speed up CI", or "cache dependencies". Triggers when creating or editing files under `.github/workflows/`, `action.yml`/`action.yaml` (composite or Docker actions), or `.github/dependabot.yml`. Triggers when the user mentions migrating from GitLab CI, CircleCI, Travis, Jenkins, Drone, or Buildkite to GitHub Actions. Do NOT use for non-GitHub CI systems (GitLab CI, CircleCI, Jenkins) unless the user is migrating TO GitHub Actions. Do NOT use for general bash scripting, Makefiles, or local-only build configuration.
CI/CD 流水线配置