AgentSkillsCN

ci-cd

GitHub Actions、CI/CD 管道以及部署自动化。在处理工作流或部署配置时加载此技能。

SKILL.md
--- frontmatter
name: ci-cd
description: GitHub Actions, CI/CD pipelines, and deployment automation. Load when working with workflows or deployment configuration.

CI/CD

GitHub Actions Patterns

yaml
# Pattern 1: Basic workflow
name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install -r requirements.txt
      - run: pytest

# Pattern 2: Docker build and push
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/build-push-action@v5
        with:
          push: true
          tags: ghcr.io/${{ github.repository }}:latest

# Pattern 3: Matrix testing
  test:
    strategy:
      matrix:
        python-version: ['3.10', '3.11', '3.12']
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}

Workflow Files

FilePurpose
.github/workflows/ci.ymlContinuous Integration
.github/workflows/cd.ymlContinuous Deployment
.github/workflows/release.ymlRelease automation

Secrets Management

SecretUsage
GITHUB_TOKENAuto-provided, repo access
DOCKER_USERNAMEContainer registry auth
DOCKER_PASSWORDContainer registry auth
DEPLOY_KEYSSH key for deployment

Rules

RuleRequirement
SecretsNever hardcode, use GitHub Secrets
CachingUse actions/cache for dependencies
MatrixTest multiple versions when possible
ArtifactsUpload build artifacts for debugging
TimeoutsSet job timeouts to prevent hanging

Gotchas

CategoryPatternSolution
PermissionsWorkflow can't pushAdd contents: write permission
SecretsNot available in forksUse environment protection rules
CacheStale dependenciesInclude lockfile hash in cache key
DockerBuild failsCheck Dockerfile context path