devops-excellence

# DevOps Excellence ## Core Principles - **Shift Left** — Address security and quality early in SDLC - **GitOps** — Git as single source of truth for infrastructure and deployments - **Infrastructure as Code** — All infrastructure versioned and reproducible - **Progressive Delivery** — Gradual rollouts with feature flags and canary releases - **Immutable Infrastructure** — Replace, don't modify running systems - **Observability-First** — Monitor metrics tied to deployments and features - **Policy as Code** — Enforce compliance and security automatically - **Platform Engineering** — Build golden paths and self-service portals --- ## Hard Rules (Must Follow) > These rules are mandatory. Violating them means the skill is not working correctly. ### No Static Credentials **Never use long-lived static credentials. Always use OIDC or short-lived tokens.** ```yaml # ❌ FORBIDDEN: Static AWS credentials env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # ✅ REQUIRED: OIDC-based authentication - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::123456789012:role/GitHubActions aws-region: us-east-1 # No long-lived secrets - uses GitHub OIDC provider ``` ### No Root Containers **Containers must NEVER run as root. Always specify a non-root user.** ```dockerfile # ❌ FORBIDDEN: Running as root (default) FROM node:20 WORKDIR /app CMD...