ci-cd-pipelines
Installation
SKILL.md
CI/CD Pipelines
GitHub Actions Workflows
Core Concepts
- Workflows: YAML files defining automation processes
- Events: Triggers for workflow execution (push, pull_request, schedule)
- Jobs: Collections of steps that run on the same runner
- Steps: Individual tasks within a job
- Actions: Reusable components for common tasks
Best Practices
-
Workflow Organization
- Use separate workflows for different concerns (CI, CD, release)
- Use workflow templates for consistency
- Use composite actions for reusable steps
- Use reusable workflows for shared pipeline logic
- Use matrix strategy for testing across multiple configurations
-
Job Optimization
- Use caching for dependencies and build artifacts
- Use parallel jobs for faster execution
- Use job dependencies for sequential execution
- Use artifacts for passing data between jobs
- Use self-hosted runners for custom environments
-
Security
- Use secrets for sensitive data
- Use environments for deployment protection
- Use required reviews for critical deployments
- Use OIDC for cloud provider authentication
- Use branch protection rules
GitHub Actions Examples
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
steps:
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci
- run: npm test
- run: npm run build
deploy:
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3
- name: Deploy to production
run: |
# Deployment commands
GitLab CI/CD Pipelines
Core Concepts
- Pipelines: Series of jobs executed in stages
- Stages: Logical grouping of jobs
- Jobs: Individual tasks that execute scripts
- Runners: Agents that execute jobs
- Artifacts: Files passed between jobs
Best Practices
-
Pipeline Configuration
- Use
.gitlab-ci.ymlfor pipeline definition - Use stages for logical job grouping
- Use only/except rules for job execution control
- Use rules for more complex conditions
- Use needs for job dependencies
- Use
-
Job Optimization
- Use artifacts for passing data between jobs
- Use cache for dependency caching
- Use parallel jobs for faster execution
- Use retry for transient failures
- Use timeout for job duration limits
-
Security
- Use CI/CD variables for sensitive data
- Use protected variables for protected branches
- Use masked variables for hiding values
- Use environments for deployment control
- Use approval rules for critical deployments
GitLab CI/CD Examples
stages:
- test
- build
- deploy
test:
stage: test
image: node:18
script:
- npm ci
- npm test
parallel:
matrix:
- NODE_VERSION: [14, 16, 18]
cache:
paths:
- node_modules/
build:
stage: build
image: node:18
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
deploy:
stage: deploy
image: node:18
script:
- npm install -g serverless
- serverless deploy
only:
- main
when: manual
Jenkins Pipelines
Core Concepts
- Pipelines: Groovy scripts defining automation
- Stages: Logical grouping of steps
- Steps: Individual operations
- Agents: Nodes where pipeline runs
- Credentials: Secure storage for secrets
Best Practices
-
Pipeline Design
- Use Declarative Pipeline syntax
- Use shared libraries for reusable code
- Use pipeline stages for logical organization
- Use when conditions for conditional execution
- Use post sections for cleanup and notifications
-
Agent Management
- Use labels for agent selection
- Use Docker agents for consistent environments
- Use Kubernetes agents for dynamic scaling
- Use agent none for lightweight pipelines
- Use stash/unstash for passing data
-
Security
- Use credentials binding for secrets
- Use credential scopes for access control
- Use approval steps for manual gates
- Use input steps for user interaction
- Use role-based strategy for permissions
Jenkins Pipeline Examples
pipeline {
agent any
stages {
stage('Test') {
parallel {
stage('Node 14') {
agent { docker { image 'node:14' } }
steps {
sh 'npm ci'
sh 'npm test'
}
}
stage('Node 16') {
agent { docker { image 'node:16' } }
steps {
sh 'npm ci'
sh 'npm test'
}
}
}
}
stage('Build') {
agent { docker { image 'node:18' } }
steps {
sh 'npm ci'
sh 'npm run build'
archiveArtifacts artifacts: 'dist/**'
}
}
stage('Deploy') {
when {
branch 'main'
}
steps {
input message: 'Deploy to production?', ok: 'Deploy'
sh 'npm install -g serverless'
sh 'serverless deploy'
}
}
}
post {
always {
cleanWs()
}
success {
emailext subject: 'Build Success',
body: 'The build completed successfully.',
to: 'team@example.com'
}
failure {
emailext subject: 'Build Failed',
body: 'The build failed.',
to: 'team@example.com'
}
}
}
Azure DevOps Pipelines
Core Concepts
- Pipelines: YAML or GUI-defined automation
- Stages: Major divisions in a pipeline
- Jobs: Units of work within a stage
- Tasks: Pre-built units of work
- Agents: Machines that run jobs
Best Practices
-
Pipeline Configuration
- Use YAML pipelines for version control
- Use templates for reusable pipeline logic
- Use parameters for pipeline customization
- Use variables for configuration values
- Use stages for environment separation
-
Job Optimization
- Use parallel jobs for faster execution
- Use artifacts for passing data between jobs
- Use caching for dependency caching
- Use matrix strategy for multiple configurations
- Use demands for agent selection
-
Security
- Use secret variables for sensitive data
- Use variable groups for organization
- Use key vault for secret management
- Use environment checks for deployment control
- Use approval gates for manual intervention
Azure DevOps Pipeline Examples
trigger:
- main
- develop
pool:
vmImage: 'ubuntu-latest'
stages:
- stage: Test
jobs:
- job: Test
strategy:
matrix:
Node_14:
node_version: 14.x
Node_16:
node_version: 16.x
Node_18:
node_version: 18.x
steps:
- task: UseNode@1
inputs:
versionSpec: $(node_version)
- script: |
npm ci
npm test
displayName: 'Install dependencies and run tests'
- stage: Build
dependsOn: Test
jobs:
- job: Build
steps:
- task: UseNode@1
inputs:
versionSpec: '18.x'
- script: |
npm ci
npm run build
displayName: 'Build application'
- publish: dist
artifact: dist
- stage: Deploy
dependsOn: Build
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
jobs:
- deployment: Deploy
environment: 'production'
strategy:
runOnce:
deploy:
steps:
- script: |
npm install -g serverless
serverless deploy
displayName: 'Deploy to production'
Build and Test Strategies
Build Strategies
- Incremental Builds: Build only changed components
- Parallel Builds: Build multiple components simultaneously
- Matrix Builds: Build across multiple configurations
- Cached Builds: Use cache for faster builds
- Docker Builds: Use Docker for consistent build environments
Test Strategies
- Unit Tests: Test individual components in isolation
- Integration Tests: Test component interactions
- End-to-End Tests: Test complete user flows
- Performance Tests: Test system performance
- Security Tests: Test for security vulnerabilities
Quality Gates
- Code Coverage: Minimum code coverage threshold
- Linting: Code style and quality checks
- Static Analysis: Security and vulnerability scanning
- Dependency Scanning: Check for vulnerable dependencies
- License Compliance: Check for license compliance
Deployment Patterns
Blue-Green Deployment
- Concept: Maintain two identical production environments
- Benefits: Zero downtime, instant rollback
- Implementation: Switch traffic between blue and green environments
- Best Practices: Use load balancers for traffic switching, test green environment before switching
Canary Deployment
- Concept: Gradually roll out changes to a subset of users
- Benefits: Reduced risk, gradual feedback
- Implementation: Route small percentage of traffic to new version
- Best Practices: Monitor metrics closely, have rollback plan ready
Rolling Deployment
- Concept: Replace instances one at a time
- Benefits: Gradual rollout, minimal downtime
- Implementation: Update instances in batches
- Best Practices: Use health checks, monitor for failures
Feature Flags
- Concept: Enable/disable features without deployment
- Benefits: Gradual rollout, instant rollback
- Implementation: Use feature flag management system
- Best Practices: Keep flags temporary, clean up old flags
Immutable Infrastructure
- Concept: Replace rather than modify infrastructure
- Benefits: Consistency, easier rollback, no configuration drift
- Implementation: Use infrastructure as code, replace instances on updates
- Best Practices: Version all infrastructure, use golden images
Pipeline Orchestration
Pipeline Dependencies
- Sequential Execution: Jobs run in sequence
- Parallel Execution: Jobs run simultaneously
- Conditional Execution: Jobs run based on conditions
- Artifact Passing: Pass data between jobs
- Environment Promotion: Promote through environments
Pipeline Triggers
- Push Triggers: Run on code push
- Pull Request Triggers: Run on pull requests
- Schedule Triggers: Run on schedule
- Manual Triggers: Run on demand
- Webhook Triggers: Run on webhook events
Pipeline Notifications
- Email Notifications: Send email on pipeline events
- Slack Notifications: Send Slack messages on pipeline events
- Microsoft Teams Notifications: Send Teams messages on pipeline events
- Custom Webhooks: Send custom webhook notifications
- Status Badges: Display pipeline status as badges
Pipeline Security
Secrets Management
- Secret Variables: Store secrets as pipeline variables
- Secret Stores: Use secret stores (Vault, AWS Secrets Manager)
- OIDC Authentication: Use OIDC for cloud provider authentication
- Key Vault: Use key vault for secret management
- Secret Rotation: Rotate secrets regularly
Access Control
- Branch Protection: Protect branches from direct pushes
- Pull Request Reviews: Require reviews for merges
- Environment Approvals: Require approvals for deployments
- Role-Based Access: Use RBAC for pipeline access
- Audit Logging: Enable audit logging for compliance
Supply Chain Security
- Dependency Scanning: Scan for vulnerable dependencies
- Container Scanning: Scan container images for vulnerabilities
- SBOM Generation: Generate software bill of materials
- Code Signing: Sign artifacts for integrity
- Policy Enforcement: Enforce policies with tools like OPA
Related skills
More from davincidreams/agent-team-plugins
blender
Blender interface, workflows, and 3D production pipeline
220rigging
Rigging fundamentals, skeleton setup, and animation controls
16animation
Animation principles, techniques, and best practices for 3D animation
13vroid
Vroid Studio, VRM format, and VTuber avatar creation
10technical-writing
Technical writing principles and best practices for creating clear, accurate documentation
9unreal
Unreal Engine patterns, Actor/Component model, Blueprints vs C++, and best practices
8