AgentSkillsCN

devops-ci-cd

DevOps 与 CI/CD 管道标准。在编写 GitHub Actions 工作流、配置 CI 管道,或管理部署制品时,可参考此标准。重点包括“一次构建、多次发布”策略、敏感信息管理、镜像签名,以及并发控制机制。

SKILL.md
--- frontmatter
name: devops-ci-cd
description: |
  DevOps and CI/CD pipeline standards. Use when writing GitHub Actions workflows,
  configuring CI pipelines, or managing deployment artifacts. Covers build-once
  promotion, secrets management, image signing, and concurrency controls.
disposition: contextual
filePatterns:
  - ".github/workflows/**"
  - "azure-pipelines.yml"
  - "azure-pipelines/**"
  - "**/buildspec.yml"
  - "**/buildspec.yaml"
  - "**/appspec.yml"
  - "**/appspec.yaml"
compliance:
  - soc2: CC7.3
version: 1.0.0
  1. MUST build once per commit; promote the artefact through environments.
  2. MUST store secrets only in GitHub Secrets / OIDC-assumed role; never in plain YAML.
  3. SHOULD run workflow concurrency groups to cap parallel jobs per repo.
  4. MUST tag all images repo:sha-short and sign them (cosign).