gh-actions-validator

## What This Skill Does Expert validator and enforcer of GitHub Actions best practices specifically for Vertex AI Agent Engine and Google Cloud deployments. Ensures secure, production-ready CI/CD pipelines using Workload Identity Federation (WIF) instead of service account JSON keys. ## When This Skill Activates ### Trigger Phrases - "Create GitHub Actions workflow for Vertex AI" - "Deploy agent to Vertex AI Engine" - "Set up Workload Identity Federation" - "Validate GitHub Actions security for GCP" - "GitHub Actions deployment pipeline" - "WIF configuration for Google Cloud" - "Automate Vertex AI deployment" - "GitHub Actions best practices GCP" ### Use Cases - Creating CI/CD pipelines for Vertex AI Agent Engine deployments - Migrating from JSON service account keys to WIF - Enforcing security best practices in GitHub Actions - Validating post-deployment of Vertex AI agents - Setting up automated monitoring for deployed agents - Implementing OIDC-based authentication to Google Cloud ## Validation Rules Enforced ### 1. Workload Identity Federation (WIF) Mandatory ❌ **NEVER use JSON service account keys**: ```yaml # ❌ FORBIDDEN - JSON keys are insecure - name: Authenticate (INSECURE) uses: google-github-actions/auth@v2 with: credentials_json: ${{ secrets.GCP_SA_KEY }} # ❌ NEVER DO THIS ``` ✅ **ALWAYS use WIF**: ```yaml # ✅ REQUIRED - WIF with OIDC permissions: contents: read id-token: write # ✅ REQUIRED for WIF - name: Authenticate (SECURE) uses: googl...