CI/CD Pipeline Builder
Tier: POWERFUL
Category: Engineering
Domain: DevOps / Automation
Overview
Use this skill to generate pragmatic CI/CD pipelines from detected project stack signals, not guesswork. It focuses on fast baseline generation, repeatable checks, and environment-aware deployment stages.
Core Capabilities
- - Detect language/runtime/tooling from repository files
- Recommend CI stages (
lint, test, build, deploy) - Generate GitHub Actions or GitLab CI starter pipelines
- Include caching and matrix strategy based on detected stack
- Emit machine-readable detection output for automation
- Keep pipeline logic aligned with project lockfiles and build commands
When to Use
- - Bootstrapping CI for a new repository
- Replacing brittle copied pipeline files
- Migrating between GitHub Actions and GitLab CI
- Auditing whether pipeline steps match actual stack
- Creating a reproducible baseline before custom hardening
Key Workflows
1. Detect Stack
CODEBLOCK0
Supports input via stdin or --input file for offline analysis payloads.
2. Generate Pipeline From Detection
CODEBLOCK1
Or end-to-end from repo directly:
CODEBLOCK2
3. Validate Before Merge
- 1. Confirm commands exist in project (
test, lint, build). - Run generated pipeline locally where possible.
- Ensure required secrets/env vars are documented.
- Keep deploy jobs gated by protected branches/environments.
4. Add Deployment Stages Safely
- - Start with CI-only (
lint/test/build). - Add staging deploy with explicit environment context.
- Add production deploy with manual gate/approval.
- Keep rollout/rollback commands explicit and auditable.
Script Interfaces
- Detects stack signals from repository files
- Reads optional JSON input from stdin/
--input
- Generates GitHub/GitLab YAML from detection payload
- Writes to stdout or �INLINECODE12
Common Pitfalls
- 1. Copying a Node pipeline into Python/Go repos
- Enabling deploy jobs before stable tests
- Forgetting dependency cache keys
- Running expensive matrix builds for every trivial branch
- Missing branch protections around prod deploy jobs
- Hardcoding secrets in YAML instead of CI secret stores
Best Practices
- 1. Detect stack first, then generate pipeline.
- Keep generated baseline under version control.
- Add one optimization at a time (cache, matrix, split jobs).
- Require green CI before deployment jobs.
- Use protected environments for production credentials.
- Regenerate pipeline when stack changes significantly.
References
Detection Heuristics
The stack detector prioritizes deterministic file signals over heuristics:
- - Lockfiles determine package manager preference
- Language manifests determine runtime families
- Script commands (if present) drive lint/test/build commands
- Missing scripts trigger conservative placeholder commands
Generation Strategy
Start with a minimal, reliable pipeline:
- 1. Checkout and setup runtime
- Install dependencies with cache strategy
- Run lint, test, build in separate steps
- Publish artifacts only after passing checks
Then layer advanced behavior (matrix builds, security scans, deploy gates).
Platform Decision Notes
- - GitHub Actions for tight GitHub ecosystem integration
- GitLab CI for integrated SCM + CI in self-hosted environments
- Keep one canonical pipeline source per repo to reduce drift
Validation Checklist
- 1. Generated YAML parses successfully.
- All referenced commands exist in the repo.
- Cache strategy matches package manager.
- Required secrets are documented, not embedded.
- Branch/protected-environment rules match org policy.
Scaling Guidance
- - Split long jobs by stage when runtime exceeds 10 minutes.
- Introduce test matrix only when compatibility truly requires it.
- Separate deploy jobs from CI jobs to keep feedback fast.
- Track pipeline duration and flakiness as first-class metrics.
CI/CD管道构建器
层级: 强大
类别: 工程
领域: DevOps / 自动化
概述
使用此技能可根据检测到的项目堆栈信号生成实用的CI/CD管道,而非凭空猜测。它专注于快速基线生成、可重复检查以及环境感知的部署阶段。
核心能力
- - 从仓库文件中检测语言/运行时/工具链
- 推荐CI阶段(lint、test、build、deploy)
- 生成GitHub Actions或GitLab CI入门管道
- 基于检测到的堆栈包含缓存和矩阵策略
- 输出机器可读的检测结果以支持自动化
- 保持管道逻辑与项目锁定文件和构建命令一致
使用场景
- - 为新仓库引导CI
- 替换脆弱的复制管道文件
- 在GitHub Actions和GitLab CI之间迁移
- 审计管道步骤是否与实际堆栈匹配
- 在自定义加固前创建可复现的基线
关键工作流
1. 检测堆栈
bash
python3 scripts/stack_detector.py --repo . --format text
python3 scripts/stack_detector.py --repo . --format json > detected-stack.json
支持通过stdin或--input文件输入离线分析负载。
2. 根据检测结果生成管道
bash
python3 scripts/pipeline_generator.py \
--input detected-stack.json \
--platform github \
--output .github/workflows/ci.yml \
--format text
或直接从仓库端到端生成:
bash
python3 scripts/pipeline_generator.py --repo . --platform gitlab --output .gitlab-ci.yml
3. 合并前验证
- 1. 确认项目中存在命令(test、lint、build)。
- 尽可能在本地运行生成的管道。
- 确保所需的密钥/环境变量已记录。
- 保持部署作业受保护分支/环境控制。
4. 安全添加部署阶段
- - 从仅CI开始(lint/test/build)。
- 添加带有明确环境上下文的预发布部署。
- 添加带有手动门控/审批的生产部署。
- 保持回滚/回退命令明确且可审计。
脚本接口
- - python3 scripts/stack_detector.py --help
- 从仓库文件中检测堆栈信号
- 从stdin/--input读取可选的JSON输入
- - python3 scripts/pipeline_generator.py --help
- 根据检测负载生成GitHub/GitLab YAML
- 写入stdout或--output
常见陷阱
- 1. 将Node管道复制到Python/Go仓库
- 在稳定测试前启用部署作业
- 忘记依赖缓存键
- 为每个琐碎分支运行昂贵的矩阵构建
- 缺少生产部署作业的分支保护
- 在YAML中硬编码密钥而非使用CI密钥存储
最佳实践
- 1. 先检测堆栈,再生成管道。
- 将生成的基线纳入版本控制。
- 一次添加一项优化(缓存、矩阵、拆分作业)。
- 部署作业前要求CI通过。
- 为生产凭证使用受保护环境。
- 堆栈发生重大变化时重新生成管道。
参考
检测启发式
堆栈检测器优先使用确定性文件信号而非启发式:
- - 锁定文件决定包管理器偏好
- 语言清单决定运行时家族
- 脚本命令(如果存在)驱动lint/test/build命令
- 缺少脚本时触发保守的占位命令
生成策略
从最小可靠的管道开始:
- 1. 检出并设置运行时
- 使用缓存策略安装依赖
- 在独立步骤中运行lint、test、build
- 仅在检查通过后发布制品
然后分层添加高级行为(矩阵构建、安全扫描、部署门控)。
平台决策说明
- - GitHub Actions用于紧密的GitHub生态系统集成
- GitLab CI用于自托管环境中的集成SCM+CI
- 每个仓库保持一个规范管道源以减少漂移
验证清单
- 1. 生成的YAML成功解析。
- 所有引用的命令在仓库中存在。
- 缓存策略与包管理器匹配。
- 所需密钥已记录,未嵌入。
- 分支/受保护环境规则符合组织策略。
扩展指南
- - 当运行时间超过10分钟时,按阶段拆分长作业。
- 仅在兼容性真正需要时引入测试矩阵。
- 将部署作业与CI作业分离以保持快速反馈。
- 将管道持续时间和稳定性作为首要指标跟踪。
