agentskills.codes
DE

DevOps Engineer Skills

Consolidated skill set for the DevOps Engineer agent — Maven build, Docker, GitHub Actions, CI/CD orchestration, and release management

Install

mkdir -p .claude/skills/devops-engineer-skills && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15299" && unzip -o skill.zip -d .claude/skills/devops-engineer-skills && rm skill.zip

Installs to .claude/skills/devops-engineer-skills

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

Consolidated skill set for the DevOps Engineer agent — Maven build, Docker, GitHub Actions, CI/CD orchestration, and release management
135 charsno explicit “when” trigger

About this skill

DevOps Engineer — Skill Definition

1. Maven Build

No mvnw — always invoke mvn directly.
Set REPSY_ACCOUNT_USER + REPSY_ACCOUNT_PASSWORD before any Maven command.

mvn -DskipTests compile          # fast compile check
mvn test                         # full build: tests + PMD + JaCoCo
mvn -DskipTests package          # produce target/backbone-rest.jar
mvn test jacoco:report           # generate coverage report
mvn pmd:check pmd:cpd-check      # static analysis only
mvn deploy -s ci_settings.xml    # publish to Repsy

Repsy Private Repository

<!-- ci_settings.xml already configured; expose as env vars in CI -->
REPSY_ACCOUNT_USER=<user>
REPSY_ACCOUNT_PASSWORD=<password>

Maven annotation processing (MapStruct):

<plugin>
  <artifactId>maven-compiler-plugin</artifactId>
  <configuration>
    <source>21</source><target>21</target>
    <annotationProcessorPaths>
      <path>
        <groupId>org.mapstruct</groupId>
        <artifactId>mapstruct-processor</artifactId>
        <version>1.5.5.Final</version>
      </path>
    </annotationProcessorPaths>
  </configuration>
</plugin>

2. Docker Containerization

  • Base image: amazoncorretto:21-alpine3.20
  • Port exposed: 8082
  • JAR: target/backbone-rest.jar (must be built before Docker)
mvn -DskipTests package
docker build -t lamata/backbone-rest .
docker build -t lamata/backbone-rest:1.2.0 .
docker push lamata/backbone-rest

Certificate Import at Build Time

RUN keytool -importcert -alias wildcard-tst \
    -file /certs/wildcard.tst.crt \
    -keystore $JAVA_HOME/lib/security/cacerts \
    -storepass changeit -noprompt

Certs imported: prx-qa.crt, prx-qa.manager.crt, srmn.crt, prx-qa.config-server.crt

Runtime Environment Variables

docker run -p 8082:8082 \
  -e APP_PORT=8082 \
  -e APP_TOKEN_SECRET=<base64-secret> \
  -e SSL_KEYSTORE_LOCATION=/certs/keystore.jks \
  -e SSL_KEYSTORE_PASSWORD=<password> \
  -e SSL_KEYSTORE_TYPE=JKS \
  -e VAULT_TOKEN=<token> \
  -e VAULT_SERVER_URL=https://vault.prx.tst \
  -e AUTH_SERVER_URI=https://keycloak.prx.tst/realms/prx \
  -e AUTH_CERT_URI=/protocol/openid-connect/certs \
  -e SPRING_BOOT_PROFILE_ACTIVE=qa \
  lamata/backbone-rest

Image Hardening

RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser
HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
  CMD curl -f http://localhost:8082/actuator/health || exit 1

3. GitHub Actions

# .github/workflows/ci.yml
name: CI Pipeline
on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'corretto'
          cache: 'maven'

      - name: Build and Test
        run: mvn test -s ci_settings.xml
        env:
          REPSY_ACCOUNT_USER: ${{ secrets.REPSY_ACCOUNT_USER }}
          REPSY_ACCOUNT_PASSWORD: ${{ secrets.REPSY_ACCOUNT_PASSWORD }}

      - name: Package
        run: mvn -DskipTests package

      - name: Upload coverage report
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: jacoco-report
          path: target/site/jacoco/

Required GitHub Secrets

SecretPurpose
REPSY_ACCOUNT_USERMaven private dependency resolution
REPSY_ACCOUNT_PASSWORDMaven private dependency resolution
DOCKER_USERNAMEDocker Hub push
DOCKER_TOKENDocker Hub authentication

4. Quality Gates

GateToolFailure Condition
Static AnalysisPMD 3.23.0Any violation → build fails
Copy-Paste DetectionPMD CPDAny duplication → build fails
Unit TestsJUnit 5Any test failure → build fails
Coverage ReportJaCoCo 0.8.12Report failure (minimum = 0%)
SonarCloudsonarcloud.ioManual review only

5. Release Management

Release Checklist

- [ ] All tests pass (mvn test)
- [ ] No PMD violations
- [ ] JaCoCo report generated
- [ ] OpenAPI spec updated for any API changes
- [ ] CHANGELOG updated
- [ ] No critical/high CVEs in dependencies
- [ ] Docker image built and pushed
- [ ] Git tag created: v{MAJOR}.{MINOR}.{PATCH}

Tagging

git tag -a v1.2.0 -m "Release v1.2.0"
git push origin v1.2.0

Required Environment Variables

VariablePurpose
APP_PORTServer port (default 8082)
APP_TOKEN_SECRETJWT signing secret (Base64)
APP_TOKEN_EXPIRATIONJWT expiration in ms
SSL_KEYSTORE_LOCATIONKeystore classpath location
SSL_KEYSTORE_PASSWORDKeystore password
SSL_KEYSTORE_TYPEJKS
SSL_TRUSTSTORE_LOCATIONTruststore path
SSL_TRUSTSTORE_PASSWORDTruststore password
VAULT_TOKENHashiCorp Vault token
VAULT_SERVER_URLVault server URL
CNFS_URI / CNFS_PORTConfig Server
AUTH_SERVER_URIKeycloak issuer URI
AUTH_CERT_URIKeycloak JWK set URI suffix
AUTH_CLIENT_IDOAuth2 client ID
AUTH_CLIENT_SECRETOAuth2 client secret
SPRING_BOOT_PROFILE_ACTIVEActive Spring profile
REPSY_ACCOUNT_USERRepsy Maven repo user
REPSY_ACCOUNT_PASSWORDRepsy Maven repo password

Search skills

Search the agent skills registry