agentskills.codes
CI

cicd-pipeline

>

Install

mkdir -p .claude/skills/cicd-pipeline && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14625" && unzip -o skill.zip -d .claude/skills/cicd-pipeline && rm skill.zip

Installs to .claude/skills/cicd-pipeline

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

Guide for designing and implementing CI/CD pipelines using GitHub Actions. Use this skill when creating workflow files, configuring build and test automation, or setting up deployment pipelines with GitHub Actions.
214 chars✓ has a “when” trigger

About this skill

CI/CD Pipeline Design with GitHub Actions

Overview

This skill provides templates, patterns, and best practices for designing CI/CD pipelines using GitHub Actions. It covers continuous integration (build, lint, test), continuous deployment (staging and production), and workflow organization.

When to Use This Skill

  • Creating new GitHub Actions CI workflows for build and test automation
  • Designing deployment pipelines with environment promotion (staging to production)
  • Configuring workflow concurrency, caching, and artifact management
  • Setting up environment protection rules and manual approvals
  • Structuring reusable workflows and composite actions
  • Implementing health checks and rollback strategies

Workflow File Structure

.github/
└── workflows/
    ├── ci.yml          # Continuous integration (build, lint, test)
    ├── quality.yml     # Code quality checks (static analysis, coverage)
    ├── deploy.yml      # Deployment pipeline (staging → production)
    └── security.yml    # Security scanning (dependency audit, SAST)

CI Workflow Template

name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  build-and-test:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4
      - name: Setup runtime
        # Use the appropriate setup action for your language
      - name: Cache dependencies
        uses: actions/cache@v4
        with:
          path: # language-specific cache path
          key: ${{ runner.os }}-deps-${{ hashFiles('**/lockfile') }}
      - name: Install dependencies
        run: # install command
      - name: Lint
        run: # lint command
      - name: Build
        run: # build command
      - name: Test
        run: # test command
      - name: Upload coverage
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: coverage-report
          path: coverage/

Deploy Workflow Template

name: Deploy
on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Target environment'
        required: true
        type: choice
        options: [staging, production]

permissions:
  id-token: write
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
    timeout-minutes: 30
    steps:
      - uses: actions/checkout@v4
      - name: Azure Login (OIDC)
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
      - name: Deploy Infrastructure
        uses: azure/arm-deploy@v2
        with:
          resourceGroupName: ${{ vars.AZURE_RG }}
          template: ./infra/main.bicep
          parameters: ./infra/parameters/${{ inputs.environment }}.bicepparam
      - name: Deploy Application
        run: # deploy command
      - name: Health Check
        run: |
          for i in {1..10}; do
            if curl -sf "${{ vars.APP_URL }}/health"; then
              echo "Health check passed"
              exit 0
            fi
            sleep 10
          done
          echo "Health check failed"
          exit 1

Best Practices

  1. Pin action versions to full SHA for security (e.g., actions/checkout@<sha>)
  2. Use concurrency groups to cancel redundant runs
  3. Set permissions at the job or workflow level with least privilege
  4. Cache dependencies to speed up builds
  5. Set timeouts on all jobs to prevent runaway costs
  6. Use environments with protection rules for deployment targets
  7. Use reusable workflows (workflow_call) for shared CI logic
  8. Upload artifacts for test results, coverage, and build outputs
  9. Use if: always() on cleanup and reporting steps
  10. Separate CI and CD into distinct workflows for clarity

Examples

Reusable Workflow (workflow_call)

# .github/workflows/reusable-build.yml
name: Reusable Build
on:
  workflow_call:
    inputs:
      node-version:
        description: 'Node.js version'
        required: false
        type: string
        default: '20'

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ inputs.node-version }}
          cache: 'npm'
      - run: npm ci
      - run: npm run lint
      - run: npm run build
      - run: npm test

Calling a Reusable Workflow

# .github/workflows/ci.yml
name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    uses: ./.github/workflows/reusable-build.yml
    with:
      node-version: '20'

Search skills

Search the agent skills registry