skill:devops-engineer - CI/CD Pipelines & Infrastructure Automation

Version: 1.0.0

Purpose

The devops-engineer skill designs and implements CI/CD pipelines, infrastructure automation, and DevOps practices. It creates efficient build, test, and deployment workflows, implements release strategies, and promotes DevOps culture.

Use this skill when:

Setting up CI/CD pipelines for a new project
Optimizing existing build and deployment workflows
Implementing infrastructure automation
Designing release strategies (blue/green, canary, rolling)
Troubleshooting pipeline failures
Migrating between CI/CD platforms

Produces:

Pipeline configuration files (GitHub Actions, Azure Pipelines, GitLab CI, etc.)
Infrastructure automation scripts
Deployment strategies and runbooks
Pipeline optimization recommendations
DevOps best practices documentation

File Structure

skills/devops-engineer/
├── SKILL.md (this file)
├── examples.md
└── templates/
    └── pipeline_template.md

Interface References

Context: Loaded via ContextProvider Interface
Memory: Accessed via MemoryStore Interface
Shared Patterns: Shared Loading Patterns
Schemas: Validated against context_metadata.schema.json and memory_entry.schema.json

Mandatory Workflow

IMPORTANT: Execute ALL steps in order. Do not skip any step.

Step 1: Initial Analysis

Gather project requirements:
- Source control platform (GitHub, GitLab, Azure DevOps, Bitbucket)
- Programming language(s) and build tools
- Testing framework(s)
- Deployment targets (cloud, on-premise, hybrid)
- Release frequency and strategy
- Team size and expertise
- Security and compliance requirements
Detect existing CI/CD configuration:
- Analyze .github/workflows/, .gitlab-ci.yml, azure-pipelines.yml, Jenkinsfile
- Review build scripts and deployment configurations
- Identify pain points and bottlenecks
Determine project name for memory lookup

Step 2: Load Memory

Follow Standard Memory Loading with skill="devops-engineer" and domain="azure" (or detected domain).

Load project-specific memory:

memoryStore.getSkillMemory("devops-engineer", "{project-name}")

Check for cross-skill insights:

memoryStore.getByProject("{project-name}")

Review memory for:

Previous pipeline configurations and lessons learned
Deployment strategies that worked/failed
Build optimization techniques
Security scanning integrations
Performance benchmarks (build times, deployment times)

Step 3: Load Context

Follow Standard Context Loading for the azure domain and other relevant domains. Stay within the file budget declared in frontmatter.

Use context indexes:

contextProvider.getDomainIndex("azure")
contextProvider.getDomainIndex("git")
contextProvider.getDomainIndex("engineering")
contextProvider.getDomainIndex("security")

Load relevant context files based on project needs:

Azure Pipelines patterns if using Azure DevOps
Git workflow patterns
Security scanning patterns
Container and Kubernetes patterns if relevant

Budget: 6 files maximum

Step 4: Pipeline Design

Design CI/CD pipeline stages:
- Source: Trigger conditions (push, PR, schedule, manual)
- Build: Compilation, dependency resolution, artifact creation
- Test: Unit tests, integration tests, security scans, code quality
- Package: Container images, application packages, deployment artifacts
- Deploy: Environment promotion (dev → staging → prod)
- Verify: Smoke tests, health checks, rollback triggers
Choose pipeline platform and justify:
- GitHub Actions: Best for GitHub-hosted repos, extensive marketplace
- GitLab CI: Best for GitLab, integrated security scanning
- Azure Pipelines: Best for Microsoft stack, enterprise features
- Jenkins: Best for self-hosted, maximum customization
Define pipeline triggers and conditions
Plan artifact management and caching strategies
Design environment-specific configurations

Step 5: Infrastructure Automation

Implement Infrastructure as Code (IaC):
- Terraform for multi-cloud provisioning
- ARM/Bicep for Azure resources
- CloudFormation for AWS resources
- Pulumi for programming language-based IaC
Automate environment provisioning:
- Development, staging, production environments
- Environment parity (minimize dev/prod differences)
- Ephemeral environments for PRs/feature branches
Implement configuration management:
- Environment variables and secrets
- Feature flags
- Configuration drift detection

Step 6: Release Strategy

Design deployment strategy:
- Blue/Green: Zero-downtime, instant rollback
- Canary: Gradual rollout with monitoring
- Rolling: Sequential updates with minimal downtime
- Feature Flags: Progressive feature enablement
Implement deployment gates:
- Manual approval gates for production
- Automated quality gates (test pass rate, code coverage)
- Security gates (vulnerability scanning, compliance checks)
Plan rollback and disaster recovery:
- Automated rollback triggers
- Database migration rollback
- State recovery procedures

Step 7: Testing & Quality Gates

Implement comprehensive testing:
- Unit Tests: Fast, isolated component tests
- Integration Tests: API and service integration tests
- E2E Tests: Full user journey tests
- Performance Tests: Load and stress testing
- Security Tests: SAST, DAST, dependency scanning
Set quality gates:
- Code coverage thresholds (e.g., 80% minimum)
- Test pass rate requirements (e.g., 100% for production)
- Security vulnerability limits (e.g., no critical CVEs)
- Code quality scores (e.g., Sonar quality gate)
Implement fail-fast mechanisms

Step 8: Observability & Monitoring

Implement pipeline observability:
- Build and deployment metrics (success rate, duration)
- Failure alerts and notifications
- Pipeline analytics and trends
Integrate application monitoring:
- Health check endpoints
- Deployment markers in monitoring tools
- Error rate tracking post-deployment
Set up feedback loops:
- Failed build notifications (Slack, Teams, email)
- Deployment summaries
- Performance regression alerts

Step 9: Security & Compliance

Implement security scanning:
- Static Application Security Testing (SAST)
- Software Composition Analysis (SCA) for dependencies
- Container image scanning
- Infrastructure security scanning (IaC validation)
Manage secrets securely:
- Use platform secret stores (GitHub Secrets, Azure Key Vault)
- Rotate secrets regularly
- Never commit secrets to source control
Implement compliance controls:
- Audit logging
- Access controls and approvals
- Artifact signing and verification

Step 10: Generate Output

Save DevOps documentation to /claudedocs/devops-engineer_{project}_{YYYY-MM-DD}.md
Follow naming conventions in ../OUTPUT_CONVENTIONS.md
Use template from templates/pipeline_template.md if available
Include:
- Pipeline architecture diagram
- Configuration files (complete and ready to use)
- Deployment strategy and runbooks
- Testing strategy and quality gates
- Security and compliance measures
- Monitoring and alerting setup
- Troubleshooting guide
- Next steps and improvement recommendations

Step 11: Update Memory

Follow Standard Memory Update for skill="devops-engineer".

Store learned insights:

memoryStore.updateSkillMemory("devops-engineer", "{project-name}", {
  pipeline_patterns: [...],
  deployment_strategies: [...],
  optimizations: [...],
  lessons_learned: [...]
})

Update memory with:

Pipeline configurations and patterns
Deployment strategies and results
Build optimization techniques
Security integration patterns
Performance metrics and improvements
Common issues and resolutions

Compliance Checklist

Before completing, verify:

DevOps Principles

1. Automation First

Automate repetitive tasks
Infrastructure as Code
Automated testing at every stage
Self-service environments

2. Continuous Integration

Commit code frequently (daily minimum)
Build and test on every commit
Fail fast with rapid feedback
Maintain a single source of truth

3. Continuous Delivery

Every commit is a release candidate
Automated deployment to staging
Manual or automated production deployment
Rollback capability always available

4. Shift Left Security

Security scanning in development
Automated vulnerability detection
Secure secrets management
Compliance as code

5. Observability

Comprehensive logging
Metrics and monitoring
Distributed tracing
Actionable alerts

CI/CD Platform Comparison

Feature	GitHub Actions	Azure Pipelines	GitLab CI	Jenkins
Hosting	Cloud	Cloud + Self-hosted	Cloud + Self-hosted	Self-hosted
Pricing	Free (public), metered (private)	Free tier, then metered	Free tier, then metered	Free (DIY hosting)
Marketplace	Extensive (10K+ actions)	Moderate	Good	Extensive (plugins)
YAML Syntax	Straightforward	Comprehensive	Straightforward	Groovy/Declarative
Container Support	Excellent	Excellent	Excellent	Good
Kubernetes	Good (via actions)	Excellent (native)	Excellent	Good (plugins)
Security Scanning	Via actions	Built-in + extensions	Built-in	Via plugins
Best For	GitHub repos	Microsoft stack	GitLab repos	Custom workflows

Common Pipeline Patterns

Pattern 1: Monorepo Multi-Service

Detect changed services via path filters
Run tests only for changed services
Deploy only changed services
Shared pipeline templates

Pattern 2: Trunk-Based Development

Frequent small commits to main
Short-lived feature branches
Feature flags for incomplete features
Continuous deployment to staging

Pattern 3: GitFlow

Long-lived develop and main branches
Feature branches for development
Release branches for stabilization
Hotfix branches for production fixes

Pattern 4: Microservices Pipeline

Service-specific pipelines
Contract testing between services
Independent deployment schedules
Service mesh integration

Version History

Version	Date	Changes
1.0.0	2026-02-12	Initial release with comprehensive CI/CD and DevOps capabilities