CI
cicd-pipeline
>
Install
mkdir -p .claude/skills/cicd-pipeline && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14625" && unzip -o skill.zip -d .claude/skills/cicd-pipeline && rm skill.zipInstalls to .claude/skills/cicd-pipeline
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Guide for designing and implementing CI/CD pipelines using GitHub Actions. Use this skill when creating workflow files, configuring build and test automation, or setting up deployment pipelines with GitHub Actions.214 chars✓ has a “when” trigger
About this skill
CI/CD Pipeline Design with GitHub Actions
Overview
This skill provides templates, patterns, and best practices for designing CI/CD pipelines using GitHub Actions. It covers continuous integration (build, lint, test), continuous deployment (staging and production), and workflow organization.
When to Use This Skill
- Creating new GitHub Actions CI workflows for build and test automation
- Designing deployment pipelines with environment promotion (staging to production)
- Configuring workflow concurrency, caching, and artifact management
- Setting up environment protection rules and manual approvals
- Structuring reusable workflows and composite actions
- Implementing health checks and rollback strategies
Workflow File Structure
.github/
└── workflows/
├── ci.yml # Continuous integration (build, lint, test)
├── quality.yml # Code quality checks (static analysis, coverage)
├── deploy.yml # Deployment pipeline (staging → production)
└── security.yml # Security scanning (dependency audit, SAST)
CI Workflow Template
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build-and-test:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Setup runtime
# Use the appropriate setup action for your language
- name: Cache dependencies
uses: actions/cache@v4
with:
path: # language-specific cache path
key: ${{ runner.os }}-deps-${{ hashFiles('**/lockfile') }}
- name: Install dependencies
run: # install command
- name: Lint
run: # lint command
- name: Build
run: # build command
- name: Test
run: # test command
- name: Upload coverage
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: coverage/
Deploy Workflow Template
name: Deploy
on:
workflow_dispatch:
inputs:
environment:
description: 'Target environment'
required: true
type: choice
options: [staging, production]
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Azure Login (OIDC)
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Infrastructure
uses: azure/arm-deploy@v2
with:
resourceGroupName: ${{ vars.AZURE_RG }}
template: ./infra/main.bicep
parameters: ./infra/parameters/${{ inputs.environment }}.bicepparam
- name: Deploy Application
run: # deploy command
- name: Health Check
run: |
for i in {1..10}; do
if curl -sf "${{ vars.APP_URL }}/health"; then
echo "Health check passed"
exit 0
fi
sleep 10
done
echo "Health check failed"
exit 1
Best Practices
- Pin action versions to full SHA for security (e.g.,
actions/checkout@<sha>) - Use
concurrencygroups to cancel redundant runs - Set
permissionsat the job or workflow level with least privilege - Cache dependencies to speed up builds
- Set timeouts on all jobs to prevent runaway costs
- Use environments with protection rules for deployment targets
- Use reusable workflows (
workflow_call) for shared CI logic - Upload artifacts for test results, coverage, and build outputs
- Use
if: always()on cleanup and reporting steps - Separate CI and CD into distinct workflows for clarity
Examples
Reusable Workflow (workflow_call)
# .github/workflows/reusable-build.yml
name: Reusable Build
on:
workflow_call:
inputs:
node-version:
description: 'Node.js version'
required: false
type: string
default: '20'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: 'npm'
- run: npm ci
- run: npm run lint
- run: npm run build
- run: npm test
Calling a Reusable Workflow
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build:
uses: ./.github/workflows/reusable-build.yml
with:
node-version: '20'