Deploy Work Skill
Standard deployment workflow for company repositories with CI/CD -> ECR -> Helm.
When to Use
- •Deploying to pre or pro for company repos.
- •Ensuring CI has produced an image tag before helm upgrade.
- •Running a controlled deploy with explicit confirmation.
Core Rules
- •Always use
--set image.tag=<SHA>for helm upgrades. - •Do NOT edit or commit
values-pre.yamlorvalues-pro.yaml. - •Verify CI completion and ECR push before helm upgrade.
- •Ask for confirmation before
helm upgrade.
Repo Detection
Use any of:
- •
git remote get-url origin - •repo folder name
- •presence of
ci/helm-package-new
Naturgy Special Case
- •
values-pre.yamlandvalues-pro.yamlunderci/helm-package-newonly apply to thenaturgy-webrepo. - •If release is
naturgy-web-new(ornaturgy-web-pre-naturgy-web-new) use:- •
./ci/helm-package-new/values-pre.yamlor./ci/helm-package-new/values-pro.yaml.
- •
- •Otherwise use:
- •
./ci/helm-package/values-pre.yamlor./ci/helm-package/values-pro.yaml.
- •
Pre Deployment Workflow
- •
Ensure branch/PR has CI green.
- •
gh pr checks <id> --watch - •or
gh run list --branch <branch> --workflow ci.yml -L 1
- •
- •
Get the SHA with CI green.
- •
gh run list --branch <branch> --workflow ci.yml -L 1 --json headSha,conclusion,status
- •
- •
Verify ECR image push in logs.
- •
gh run view <run_id> --log - •Look for tags containing
<SHA>.
- •
- •
Confirm cluster context and detect release/namespace.
- •
kubectl config current-context - •
kubectl get ns | rg <ns> - •
kubectl get deployments -A | rg <app> - •
helm list -A | rg <app>
- •
- •
Confirm chart path and helm upgrade (confirm first).
- •Common chart path:
./ci/helm-packageor./ci/helm-package-new - •
helm upgrade <release> -f <values-pre.yaml> <chart-path> --namespace <ns> --set image.tag=<SHA>
- •Common chart path:
Pro Deployment Workflow
- •
Merge PR to
master.- •
gh pr merge <id> --merge
- •
- •
Wait for CI on
master.- •
gh run list --branch master --workflow ci.yml -L 1
- •
- •
Get SHA and verify ECR push.
- •Same as pre.
- •
Confirm cluster context and detect release/namespace.
- •
kubectl config current-context - •
kubectl get ns | rg <ns> - •Same as pre.
- •
- •
Confirm chart path and helm upgrade (confirm first).
- •Common chart path:
./ci/helm-packageor./ci/helm-package-new - •
helm upgrade <release> -f <values-pro.yaml> <chart-path> --namespace <ns> --set image.tag=<SHA>
- •Common chart path:
Safety
- •No destructive cluster commands.
- •Read-only until user confirms helm upgrade.
- •Record release, namespace, and revision after deploy.