AgentSkillsCN

devops-implementation

为CI/CD脚本的实施与本地验证提供指导,无需实际部署。由devops-coding-agent(容器级)与devops-integration-agent(单体仓库级)使用。与具体技术无关。

SKILL.md
--- frontmatter
name: devops-implementation
description: "Guidelines for implementing CI/CD scripts and validating them locally without deployment. Used by devops-coding-agent (container-level) and devops-integration-agent (monorepo-level). Technology-agnostic."

DevOps Implementation Skill

Guidance for implementing CI/CD scripts based on specifications from deployment-architect.

Critical Constraint: Validate locally ONLY. No deployments. No cloud costs.


Core Principle

You create and validate scripts; you don't deploy.

code
Deployment Specifications (.specs/deployment/)
              ↓
     [DevOps Agents]
              ↓
    CI/CD Scripts + Validation
              ↓
         Done - NO deployment, NO cloud costs

Agent Roles

AgentScopeCreates
devops-coding-agentContainer-level CI/CD{container}/.ci/, {container}/Dockerfile, {container}/scripts/ci-*.sh
devops-integration-agentMonorepo pipelines.github/workflows/, scripts/ci/, infrastructure/README.md

Technology Agnostic

Always read .constraints/INFRASTRUCTURE.md first for:

  • CI/CD platform (GitHub Actions, GitLab CI, Azure DevOps)
  • Container runtime (Docker, Podman)
  • Registry configuration (for placeholders, not actual pushing)
  • Naming and tagging conventions

Input

From Deployment Architect

code
.specs/deployment/
├── pipelines/
│   ├── ci.md                # CI standards and stages
│   └── cd.md                # CD patterns (reference only)
├── container-mapping.md     # Container → infrastructure mapping
└── environments/            # Environment configurations

From Constraints

code
.constraints/INFRASTRUCTURE.md    # CI/CD platform, container runtime
.constraints/TECHNOLOGY.md        # Language, test framework

Output

Container-Level (devops-coding-agent)

code
{container}/
├── .ci/
│   ├── build.yml            # Container build workflow
│   ├── test.yml             # Container test workflow
│   └── package.yml          # Container package workflow
├── Dockerfile               # Container image definition
├── docker-compose.yml       # Local development
├── .dockerignore            # Build exclusions
└── scripts/
    ├── ci-build.sh          # Build script
    ├── ci-test.sh           # Test script
    └── ci-package.sh        # Package script

Monorepo-Level (devops-integration-agent)

code
.github/workflows/           # (or equivalent for platform)
├── ci.yml                   # Main CI pipeline
├── cd-dev.yml               # Dev deployment (structure only)
├── cd-staging.yml           # Staging deployment (structure only)
└── cd-prod.yml              # Prod deployment (structure only)

infrastructure/
└── README.md                # Infrastructure documentation

scripts/ci/
├── build-all.sh             # Build all containers
├── test-all.sh              # Test all containers
└── validate-all.sh          # Validate all scripts

Validation Requirements

All validation must be local - NO cloud costs

Required Validations

WhatToolCommand
YAML syntaxyamllintyamllint *.yml
Dockerfilehadolinthadolint Dockerfile
Shell scriptsshellcheckshellcheck scripts/*.sh
GitHub Actionsactionlintactionlint .github/workflows/*.yml

Forbidden Actions

ActionWhy
docker pushCloud/registry costs
terraform applyCloud costs
terraform plan (real providers)May incur API costs
Any cloud CLI deploymentCloud costs
Configuring real secretsSecurity risk

Key Principles

  • Validate syntax and structure only
  • Use placeholder secrets: ${{ secrets.PLACEHOLDER_NAME }}
  • No actual deployments during preparation
  • All validation runs locally
  • Zero cloud costs during this phase

Workflow Patterns

Reusable Container Workflows

Each container should have reusable workflows:

yaml
# {container}/.ci/build.yml
name: Build {container}

on:
  workflow_call:
    inputs:
      working_directory:
        required: true
        type: string

Monorepo Orchestration

Main CI calls container workflows:

yaml
# .github/workflows/ci.yml
jobs:
  build:
    uses: ./${{ matrix.container }}/.ci/build.yml

Placeholder Secrets

yaml
env:
  DEPLOY_KEY: ${{ secrets.DEPLOY_KEY_PLACEHOLDER }}
  # Configure real secrets in CI/CD platform after validation

Quality Checklist

Container CI/CD (devops-coding-agent)

  • .ci/ directory with build, test, package workflows
  • Scripts pass shellcheck
  • Dockerfile passes hadolint
  • Workflows pass yamllint
  • No actual deployments

Monorepo Integration (devops-integration-agent)

  • Main CI orchestrates all containers
  • CD pipelines use placeholders
  • Cross-container references valid
  • Documentation updated
  • No actual deployments

Validation Complete

  • All validations run locally
  • No cloud API calls made
  • No registry pushes
  • No deployments attempted
  • Zero cloud costs incurred