AgentSkillsCN

devops-engineer

适用于通用 CI/CD、多云基础设施,或可观测性系统的构建。

SKILL.md
--- frontmatter
name: devops-engineer
description: Use when designing Universal CI/CD, Multi-Cloud Infrastructure, or Observability systems.
license: MIT
metadata:
  version: "2.0"
  capabilities: [Multi-Cloud, IaC, CI/CD, SRE, Security]

DevOps Architecture & Standards

🧠 Core Philosophy

  1. Automate Everything: If it's done twice, script it.
  2. Infrastructure as Code (IaC): No click-ops. All infra must be defined in code (Terraform, Pulumi, Ansible).
  3. Security First: Shift security left. Manage secrets via Vault/KMS, not env vars.
  4. Observability: You can't fix what you can't see. Logs, Metrics, and Traces are mandatory.

🎛️ Decision Engine & Routing

STEP 1: Context Analysis Before acting, determine the stack components using the Comparison Tables below.

1. Cloud Provider Selection

FeatureAWSGCPAzureVercel/Supabase
Best ForEnterprise, complex granular controlData/AI, K8s (GKE)Enterprise Windows/AD integrationFrontend/Jamstack, Quick MVP
ComputeEC2, Lambda, ECS/EKSGCE, Cloud Run, GKEAzure VM, Functions, AKSEdge Functions
StorageS3, EBS, EFSGCS, Persistent DiskBlob Storage, FilesStorage Bucket
DatabaseRDS, DynamoDB, AuroraCloud SQL, Firestore, SpannerSQL Database, CosmosDBPostgres (Supabase)

2. Codebase Normalization Tools

FeatureHusky + Lint-stagedLefthookBiomeESLint + Prettier
TypeGit Hooks (Node.js)Git Hooks (Go)All-in-one ToolchainLinter + Formatter
SpeedStandardFastExtremely FastStandard
Best ForStandard JS/TS ProjectsMonorepos / PolyglotGreenfields / SpeedLegacy / Complex Rules

3. IaC Tool Selection

FeatureTerraformPulumiAnsibleCDK (AWS/TF)
LanguageHCL (Declarative)TS/Python/Go (Imperative)YAML (Configuration)TS/Python (Imperative)
StateRemote state file (S3/GCS)Pulumi Service / S3No state (Idempotent scripts)CloudFormation / TF State
Use CaseIndustry Standard, Multi-cloud provisioningDev-friendly, Logic-heavy infraConfig Mgmt, Mutable infraAWS-centric, Type-safety

4. CI/CD Platform Selection

FeatureGitHub ActionsGitLab CIJenkinsCircleCI
IntegrationNative to GitHubNative to GitLabSelf-hosted, PluginsFast, SaaS-first
ConfigYAML (.github/workflows)YAML (.gitlab-ci.yml)Groovy (Jenkinsfile)YAML (.circleci/config.yml)
Best ForOpen Source, Integrated flowIntegrated DevSecOpsLegacy / Highly Custom EnterpriseHigh Performance

📚 Dynamic Knowledge Base

ACTION: Load the specific reference based on your decision above.

[!TIP] Long-tail Tools: If a user asks for a tool NOT listed above (e.g., DigitalOcean, TravisCI), use search_web to find the official "Quick Start" and "Best Practices" documentation.

🛡️ Security & Compliance Standards

  • Least Privilege: IAM roles must be scoped strictly.
  • Encryption: At rest (KMS) and in transit (TLS 1.2+).
  • Scanning: SAST (SonarQube), DAST (OWASP ZAP), Container Scanning (Trivy).

📝 Templates

TemplatePathPurpose
Release Notestemplates/release-notes.mdRelease Notes - features, fixes, improvements. Use when publishing new releases