cicd-generationlisted

Use when creating GitHub Actions workflows, adding CI/CD to a project, or reviewing pipeline security. Produces fail-fast, security-hardened workflows with OIDC auth and SHA-pinned actions. Triggers on 'add CI', 'create workflow', 'github actions'.
dtsong/my-claude-setup · ★ 5 · DevOps & Infrastructure · score 70

Install: claude install-skill dtsong/my-claude-setup

# CI/CD Generation Skill Generate production-ready GitHub Actions workflows. ## Input Sanitization - Workflow file names: alphanumeric, hyphens, and underscores only — reject `..`, shell metacharacters, or null bytes - Action references: `owner/action@ref` format — reject shell metacharacters and null bytes - Secret names: uppercase alphanumeric and underscores only ## Core Principles 1. **Fail-fast**: Quick checks (lint, type) before slow ops (build, test) 2. **Security hardening**: OIDC auth, minimal permissions, pinned action versions 3. **Caching**: Based on detected package manager 4. **Matrix testing**: When multiple versions/platforms needed 5. **Verification-first**: Examine repo before generating workflow ## Process ### Step 1: Analyze Repository Before generating ANY workflow, verify: ``` [ ] Language/framework detected [ ] Package manager identified (npm, yarn, pnpm, pip, poetry, go mod) [ ] Test command exists and verified [ ] Lint/format commands exist [ ] Build output/artifacts identified [ ] Deployment target identified (if applicable) ``` ### Step 2: Workflow Structure **Standard CI workflow** (`.github/workflows/ci.yml`): ```yaml name: CI on: push: branches: [main] pull_request: branches: [main] permissions: contents: read jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup # Language-specific setup - name: Lint run: <lint-command> test: runs-on: ub