Back to Details

ci-cd-pipeline-builder

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

CI/CD Pipeline Builder

CI/CD 流水线构建工具

Tier: POWERFUL
Category: Engineering
Domain: DevOps / Automation
层级: POWERFUL
分类: 工程类
领域: DevOps / 自动化

Overview

概述

Use this skill to generate pragmatic CI/CD pipelines from detected project stack signals, not guesswork. It focuses on fast baseline generation, repeatable checks, and environment-aware deployment stages.
使用此技能可根据检测到的项目栈信号生成务实的CI/CD流水线,而非凭空猜测。它专注于快速生成基线、可重复检查以及感知环境的部署阶段。

Core Capabilities

核心能力

  • Detect language/runtime/tooling from repository files
  • Recommend CI stages (
    lint
    , 
    test
    , 
    build
    , 
    deploy
    )
  • Generate GitHub Actions or GitLab CI starter pipelines
  • Include caching and matrix strategy based on detected stack
  • Emit machine-readable detection output for automation
  • Keep pipeline logic aligned with project lockfiles and build commands
  • 从仓库文件中检测语言/运行时/工具链
  • 推荐CI阶段(
    lint
    test
    build
    deploy
  • 生成GitHub Actions或GitLab CI初始流水线
  • 根据检测到的栈配置缓存和矩阵策略
  • 输出机器可读的检测结果用于自动化流程
  • 保持流水线逻辑与项目锁文件及构建命令一致

When to Use

使用场景

  • Bootstrapping CI for a new repository
  • Replacing brittle copied pipeline files
  • Migrating between GitHub Actions and GitLab CI
  • Auditing whether pipeline steps match actual stack
  • Creating a reproducible baseline before custom hardening
  • 为新仓库快速搭建CI流程
  • 替换脆弱的复制粘贴式流水线文件
  • 在GitHub Actions与GitLab CI之间迁移流水线
  • 审计流水线步骤是否与实际技术栈匹配
  • 在自定义强化前创建可复现的基线

Key Workflows

关键工作流程

1. Detect Stack

1. 检测技术栈

bash
python3 scripts/stack_detector.py --repo . --format text
python3 scripts/stack_detector.py --repo . --format json > detected-stack.json
Supports input via stdin or 
--input
file for offline analysis payloads.
bash
python3 scripts/stack_detector.py --repo . --format text
python3 scripts/stack_detector.py --repo . --format json > detected-stack.json
支持通过标准输入或
--input
文件传入离线分析数据。

2. Generate Pipeline From Detection

2. 根据检测结果生成流水线

bash
python3 scripts/pipeline_generator.py \
  --input detected-stack.json \
  --platform github \
  --output .github/workflows/ci.yml \
  --format text
Or end-to-end from repo directly:
bash
python3 scripts/pipeline_generator.py --repo . --platform gitlab --output .gitlab-ci.yml
bash
python3 scripts/pipeline_generator.py \
  --input detected-stack.json \
  --platform github \
  --output .github/workflows/ci.yml \
  --format text
或直接从仓库端到端生成:
bash
python3 scripts/pipeline_generator.py --repo . --platform gitlab --output .gitlab-ci.yml

3. Validate Before Merge

3. 合并前验证

  1. Confirm commands exist in project (
    test
    , 
    lint
    , 
    build
    ).
  2. Run generated pipeline locally where possible.
  3. Ensure required secrets/env vars are documented.
  4. Keep deploy jobs gated by protected branches/environments.
  1. 确认项目中存在对应命令(
    test
    lint
    build
    )。
  2. 尽可能在本地运行生成的流水线。
  3. 确保所需密钥/环境变量已记录。
  4. 部署作业需受保护分支/环境限制。

4. Add Deployment Stages Safely

4. 安全添加部署阶段

  • Start with CI-only (
    lint/test/build
    ).
  • Add staging deploy with explicit environment context.
  • Add production deploy with manual gate/approval.
  • Keep rollout/rollback commands explicit and auditable.
  • 先从仅CI阶段开始(
    lint/test/build
    )。
  • 添加带有明确环境上下文的预发布部署。
  • 添加需手动确认/审批的生产环境部署。
  • 回滚/发布命令需明确且可审计。

Script Interfaces

脚本接口

  • python3 scripts/stack_detector.py --help
    • Detects stack signals from repository files
    • Reads optional JSON input from stdin/
      --input
  • python3 scripts/pipeline_generator.py --help
    • Generates GitHub/GitLab YAML from detection payload
    • Writes to stdout or 
      --output
  • python3 scripts/stack_detector.py --help
    • 从仓库文件中检测技术栈信号
    • 支持从标准输入/
      --input
      读取可选JSON输入
  • python3 scripts/pipeline_generator.py --help
    • 根据检测数据生成GitHub/GitLab YAML文件
    • 可输出到标准输出或指定
      --output
      路径

Common Pitfalls

常见陷阱

  1. Copying a Node pipeline into Python/Go repos
  2. Enabling deploy jobs before stable tests
  3. Forgetting dependency cache keys
  4. Running expensive matrix builds for every trivial branch
  5. Missing branch protections around prod deploy jobs
  6. Hardcoding secrets in YAML instead of CI secret stores
  1. 将Node流水线直接复制到Python/Go仓库
  2. 在测试稳定前启用部署作业
  3. 忘记配置依赖缓存键
  4. 对每个小分支都运行耗时的矩阵构建
  5. 生产部署作业缺少分支保护
  6. 在YAML中硬编码密钥而非使用CI密钥存储

Best Practices

最佳实践

  1. Detect stack first, then generate pipeline.
  2. Keep generated baseline under version control.
  3. Add one optimization at a time (cache, matrix, split jobs).
  4. Require green CI before deployment jobs.
  5. Use protected environments for production credentials.
  6. Regenerate pipeline when stack changes significantly.
  1. 先检测技术栈,再生成流水线。
  2. 将生成的基线纳入版本控制。
  3. 逐步添加优化项(缓存、矩阵、拆分作业)。
  4. 部署作业需依赖CI流程执行成功。
  5. 为生产环境凭证使用受保护环境。
  6. 当技术栈发生重大变化时重新生成流水线。

References

参考资料

  • references/github-actions-templates.md
  • references/gitlab-ci-templates.md
  • references/deployment-gates.md
  • README.md
  • references/github-actions-templates.md
  • references/gitlab-ci-templates.md
  • references/deployment-gates.md
  • README.md

Detection Heuristics

检测规则

The stack detector prioritizes deterministic file signals over heuristics:
  • Lockfiles determine package manager preference
  • Language manifests determine runtime families
  • Script commands (if present) drive lint/test/build commands
  • Missing scripts trigger conservative placeholder commands
技术栈检测器优先使用确定性文件信号而非启发式规则:
  • 锁文件决定包管理器优先级
  • 语言清单文件决定运行时类型
  • 脚本命令(若存在)决定lint/test/build命令
  • 缺失脚本时生成保守的占位命令

Generation Strategy

生成策略

Start with a minimal, reliable pipeline:
  1. Checkout and setup runtime
  2. Install dependencies with cache strategy
  3. Run lint, test, build in separate steps
  4. Publish artifacts only after passing checks
Then layer advanced behavior (matrix builds, security scans, deploy gates).
从最小化的可靠流水线开始:
  1. 拉取代码并配置运行时
  2. 带缓存策略安装依赖
  3. 分步骤运行lint、test、build
  4. 仅在检查通过后发布制品
之后再添加高级功能(矩阵构建、安全扫描、部署闸门)。

Platform Decision Notes

平台选择说明

  • GitHub Actions for tight GitHub ecosystem integration
  • GitLab CI for integrated SCM + CI in self-hosted environments
  • Keep one canonical pipeline source per repo to reduce drift
  • GitHub Actions:适合与GitHub生态深度集成
  • GitLab CI:适合自托管环境下的一体化SCM + CI
  • 每个仓库保留一个标准流水线源以减少差异

Validation Checklist

验证清单

  1. Generated YAML parses successfully.
  2. All referenced commands exist in the repo.
  3. Cache strategy matches package manager.
  4. Required secrets are documented, not embedded.
  5. Branch/protected-environment rules match org policy.
  1. 生成的YAML可成功解析。
  2. 所有引用的命令在仓库中存在。
  3. 缓存策略与包管理器匹配。
  4. 所需密钥已记录,未嵌入文件。
  5. 分支/受保护环境规则符合组织策略。

Scaling Guidance

扩展指南

  • Split long jobs by stage when runtime exceeds 10 minutes.
  • Introduce test matrix only when compatibility truly requires it.
  • Separate deploy jobs from CI jobs to keep feedback fast.
  • Track pipeline duration and flakiness as first-class metrics.
  • 当作业运行时间超过10分钟时,按阶段拆分长作业。
  • 仅在确实需要兼容性验证时引入测试矩阵。
  • 将部署作业与CI作业分离以保持快速反馈。
  • 将流水线时长和不稳定率作为核心指标跟踪。