- •MUST build once per commit; promote the artefact through environments.
- •MUST store secrets only in GitHub Secrets / OIDC-assumed role; never in plain YAML.
- •SHOULD run workflow concurrency groups to cap parallel jobs per repo.
- •MUST tag all images
repo:sha-shortand sign them (cosign).
devops-ci-cd
DevOps 与 CI/CD 管道标准。在编写 GitHub Actions 工作流、配置 CI 管道,或管理部署制品时,可参考此标准。重点包括“一次构建、多次发布”策略、敏感信息管理、镜像签名,以及并发控制机制。
SKILL.md
--- frontmattername: devops-ci-cd description: | DevOps and CI/CD pipeline standards. Use when writing GitHub Actions workflows, configuring CI pipelines, or managing deployment artifacts. Covers build-once promotion, secrets management, image signing, and concurrency controls. disposition: contextual filePatterns: - ".github/workflows/**" - "azure-pipelines.yml" - "azure-pipelines/**" - "**/buildspec.yml" - "**/buildspec.yaml" - "**/appspec.yml" - "**/appspec.yaml" compliance: - soc2: CC7.3 version: 1.0.0