陌讯skills聚合平台

ci-cd

📁 tartinerlabs/skills 📅 13 days ago
4
总安装量
4
周安装量
#49643
全站排名
安装命令
npx skills add https://github.com/tartinerlabs/skills --skill ci-cd

Agent 安装分布

github-copilot 4

Skill 文档

Language Conventions

Infer language style from the project:

  • Analyse existing workflows, commit messages, and documentation to detect the project’s language variant (US English, UK English, etc.)
  • Match the spelling conventions found in the project (e.g., “optimize” vs “optimise”, “customize” vs “customise”)
  • Maintain consistency with the project’s established language style throughout workflow files and comments

Mode Detection

Determine the mode based on context:

  • Create mode: No .github/workflows/ directory exists, or user explicitly asks to create/add a workflow
  • Audit mode: .github/workflows/*.yml files exist, or user explicitly asks to audit/review/fix workflows

Create Mode

1. Detect Project Type

Scan for project indicators:

  • package.json → Node.js/JS/TS
  • go.mod → Go
  • requirements.txt / pyproject.toml / setup.py → Python
  • Cargo.toml → Rust
  • Gemfile → Ruby

2. Detect Package Manager (JS/TS projects)

  • pnpm-lock.yaml → pnpm
  • bun.lock / bun.lockb → bun
  • yarn.lock → yarn
  • package-lock.json → npm

3. Generate Workflow

Apply all rules from the rules/ directory when generating workflows. Read each rule file for detailed requirements and examples.

4. Workflow Template

Adapt this CI template to the detected project type and package manager (replace <pm> with the detected package manager):

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

permissions:
  contents: read

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  ci:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'
          cache: '<pm>'
      - run: <pm> install --frozen-lockfile
      - run: <pm> check
      - run: <pm> test
      - run: <pm> build

Audit Mode

1. Scan Workflows

Read all files in .github/workflows/*.yml and audit against every rule in the rules/ directory.

2. Report Format

## GitHub Actions Audit Results

### HIGH Severity
- `.github/workflows/ci.yml:15` - `codecov/codecov-action@v4` → pin to commit SHA

### MEDIUM Severity
- `.github/workflows/ci.yml` - Missing concurrency group → add concurrency block

### Summary
- High: X
- Medium: Y
- Low: Z
- Files scanned: N

3. Auto-Fix

After reporting, apply fixes using the Edit tool. Look up commit SHAs for pinning using gh api.

Rules

Read individual rule files for detailed checks and examples:

Rule Severity File
Action pinning HIGH rules/action-pinning.md
Permissions HIGH rules/permissions.md
Concurrency MEDIUM rules/concurrency.md
Node version MEDIUM rules/node-version.md
Caching MEDIUM rules/caching.md
Triggers LOW rules/triggers.md
Matrix strategy LOW rules/matrix.md

Assumptions

  • GitHub CLI (gh) is available for looking up action commit SHAs
  • The project is hosted on GitHub
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。