AgentSkillsCN

ci-cd

在编辑 .github/workflows/*.yml 文件、部署脚本,或管理 GitHub Actions 管道时加载。提供用于构建、测试与部署自动化的流程模式。

SKILL.md
--- frontmatter
name: ci-cd
description: Load when editing .github/workflows/*.yml files, deploy scripts, or managing GitHub Actions pipelines. Provides workflow patterns for build, test, and deploy automation.

CI/CD

Merged Skills

  • github-actions: Workflow syntax, jobs, steps, actions
  • deployment: Build, push, deploy automation

⚠️ Critical Gotchas

CategoryPatternSolution
Secret leakSecrets printed in logsUse ::add-mask:: for dynamic secrets
Silent failureWorkflow fails without errorAdd explicit permissions: block
Cache staleOld dependencies usedUpdate cache key when deps change
No path filterEvery push triggers workflowAdd paths: to filter relevant changes
Missing checkoutFiles not availableAdd actions/checkout@v4 as first step
Wrong contextSecrets not available in PRUse pull_request_target carefully

Rules

RulePattern
Path filtersUse paths: to skip irrelevant runs
Minimal permissionsExplicit permissions: block, least privilege
Never hardcodeUse ${{ secrets.* }} for credentials
Cache dependenciesactions/cache for node_modules, pip cache
Fail fastSet fail-fast: true in matrix builds

Avoid

❌ Bad✅ Good
No paths filterpaths: ['src/**', '.github/workflows/*.yml']
No permissions blockpermissions: { contents: read }
Hardcoded credentials${{ secrets.TOKEN }}
No cachingactions/cache@v4 for deps
Echo secrets::add-mask::$SECRET

Patterns

yaml
# Pattern 1: Standard workflow with best practices
name: CI
on:
  push:
    branches: [main]
    paths: ['src/**', '.github/workflows/*.yml']
  pull_request:
    branches: [main]

permissions:
  contents: read
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Cache dependencies
        uses: actions/cache@v4
        with:
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
      
      - name: Build
        run: npm ci && npm run build

# Pattern 2: Docker multi-arch build
  docker:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: docker/setup-buildx-action@v3
      - uses: docker/build-push-action@v5
        with:
          platforms: linux/amd64,linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max

# Pattern 3: Matrix testing
  test:
    strategy:
      fail-fast: true
      matrix:
        node: [18, 20]
    steps:
      - run: npm test

Commands

TaskCommand
Validate workflowact -n (dry run with act)
Test locallyact push (requires act installed)
Check syntaxyamllint .github/workflows/
View runsgh run list
View logsgh run view {run-id} --log