ci-cd-templates
CI/CD Templates Skill
Provides production-ready CI/CD pipeline templates for GitHub Actions, GitLab CI, and CircleCI.
Purpose
This skill provides:
- GitHub Actions workflow templates
- GitLab CI/CD pipeline configurations
- CircleCI config examples
- Best practices for automated testing, building, and deployment
- Security scanning integration
- Deployment strategies (blue/green, canary, rolling)
When to Use
- "Create a CI/CD pipeline for Node.js"
- "Add GitHub Actions for testing and deployment"
- "Set up automated deployments to AWS"
- "Configure GitLab CI for Docker builds"
GitHub Actions Templates
Node.js CI/CD Pipeline
name: Node.js CI/CD
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linter
run: npm run lint
- name: Run tests
run: npm test
- name: Upload coverage
uses: codecov/codecov-action@v4
if: matrix.node-version == '20.x'
with:
token: ${{ secrets.CODECOV_TOKEN }}
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Snyk security scan
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Run npm audit
run: npm audit --production
build:
needs: [test, security]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Build Docker image
run: docker build -t myapp:${{ github.sha }} .
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Push Docker image
run: |
docker tag myapp:${{ github.sha }} myapp:latest
docker push myapp:${{ github.sha }}
docker push myapp:latest
deploy:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Deploy to production
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USER }}
key: ${{ secrets.DEPLOY_KEY }}
script: |
docker pull myapp:latest
docker-compose up -d
TypeScript + Vitest Pipeline
name: TypeScript CI
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- name: Type check
run: npm run type-check
- name: Run tests with coverage
run: npm run test:coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
GitLab CI Templates
Full-Stack Application Pipeline
stages:
- build
- test
- security
- deploy
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
build:
stage: build
image: node:20-alpine
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 hour
test:unit:
stage: test
image: node:20-alpine
script:
- npm ci
- npm run test:coverage
coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage/cobertura-coverage.xml
test:e2e:
stage: test
image: mcr.microsoft.com/playwright:v1.40.0
script:
- npm ci
- npx playwright install
- npm run test:e2e
artifacts:
when: on_failure
paths:
- playwright-report/
security:sast:
stage: security
image: returntocorp/semgrep
script:
- semgrep --config=auto --json --output=semgrep.json .
artifacts:
reports:
sast: semgrep.json
security:dependency:
stage: security
image: node:20-alpine
script:
- npm audit --json > npm-audit.json
artifacts:
reports:
dependency_scanning: npm-audit.json
deploy:staging:
stage: deploy
image: alpine:latest
before_script:
- apk add --no-cache curl
script:
- curl -X POST $DEPLOY_WEBHOOK_STAGING
only:
- develop
deploy:production:
stage: deploy
image: alpine:latest
before_script:
- apk add --no-cache curl
script:
- curl -X POST $DEPLOY_WEBHOOK_PRODUCTION
only:
- main
when: manual
Deployment Strategies
Blue/Green Deployment (AWS)
name: Blue/Green Deploy
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Deploy to green environment
run: |
aws deploy create-deployment \
--application-name my-app \
--deployment-group-name green-env \
--s3-location bucket=my-bucket,key=app.zip,bundleType=zip
- name: Run smoke tests
run: ./scripts/smoke-test.sh https://green.example.com
- name: Switch traffic to green
run: |
aws elbv2 modify-listener \
--listener-arn ${{ secrets.LISTENER_ARN }} \
--default-actions TargetGroupArn=${{ secrets.GREEN_TARGET_GROUP }}
- name: Monitor deployment
run: ./scripts/monitor-metrics.sh
Canary Deployment (Kubernetes)
name: Canary Deploy
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up kubectl
uses: azure/setup-kubectl@v3
- name: Deploy canary (10% traffic)
run: |
kubectl apply -f k8s/canary-10.yaml
kubectl rollout status deployment/app-canary
- name: Monitor metrics for 10 minutes
run: ./scripts/monitor-canary.sh 600
- name: Increase to 50% traffic
run: kubectl apply -f k8s/canary-50.yaml
- name: Monitor metrics for 10 minutes
run: ./scripts/monitor-canary.sh 600
- name: Full rollout
run: |
kubectl apply -f k8s/production.yaml
kubectl delete -f k8s/canary-50.yaml
Best Practices
- Always run tests before deployment
- Use matrix builds for multiple environments
- Implement security scanning (SAST, dependency checks)
- Cache dependencies to speed up builds
- Use secrets for sensitive data
- Implement rollback strategies
- Monitor deployments with health checks
- Use environment-specific configurations
Integration with Agents
Works best with:
- devops-automation agent - Generates pipelines for specific platforms
- security-auditor agent - Adds security scanning steps
- test-automation agent - Integrates testing frameworks
References
More from pfangueiro/claude-code-agents
deep-read
Comprehensive codebase reading engine. Systematically reads actual source code line by line through a 6-phase protocol — scoping, structural mapping, execution tracing, deep reading, pattern synthesis, and structured reporting. Source code is the source of truth. Use when needing to truly understand how code works, not just what documentation claims.
46git-workflow
Git workflow best practices and patterns. Use this skill when working with git operations, creating commits, managing branches, handling pull requests, or establishing team git workflows. Provides guidance on commit messages, branching strategies, and collaboration patterns.
11docker-deployment
Production-ready Docker configurations, multi-stage builds, and deployment best practices
7execute
Orchestrated task execution engine. Decomposes any goal into small atomic tasks, plans dependencies, selects the right agent/tool/MCP server for each, executes in optimally parallel batches, and tracks everything. Use when given a complex, multi-step goal that benefits from structured decomposition and full tool utilization.
6library-docs
Quick access to up-to-date library documentation using MCP. Use this skill when you need to reference official documentation for libraries, frameworks, or APIs. Leverages the context7 MCP server to fetch current docs for React, Next.js, Vue, MongoDB, Supabase, and hundreds of other libraries. Complements the documentation-maintainer agent.
6deep-analysis
Structured multi-step reasoning for complex problems using the sequential-thinking MCP server. Use when facing architectural decisions, performance bottlenecks, complex debugging, design trade-offs, technology selection, or any problem requiring rigorous step-by-step analysis with hypothesis testing.
6