Agent skill

devops-deployment

Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub Actions, Docker, Helm, and Terraform patterns.

View SKILL.md on GitHub Repository
Stars 143
Forks 15

Install this agent skill to your Project

npx add-skill https://github.com/yonatangross/orchestkit/tree/main/plugins/ork/skills/devops-deployment

Metadata

Additional technical details for this skill

category
workflow-automation

SKILL.md

DevOps & Deployment Skill

Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.

Note: If disableSkillShellExecution is enabled (CC 2.1.91), the Docker install check won't run. Verify Docker is available for container operations: docker --version.

Overview

  • Setting up CI/CD pipelines
  • Containerizing applications
  • Deploying to Kubernetes or cloud platforms
  • Implementing GitOps workflows
  • Managing infrastructure as code
  • Planning release strategies

Pipeline Architecture

┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐
│    Code     │──>│    Build    │──>│    Test     │──>│   Deploy    │
│   Commit    │   │   & Lint    │   │   & Scan    │   │  & Release  │
└─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘
       │                 │                 │                 │
       v                 v                 v                 v
   Triggers         Artifacts          Reports          Monitoring

Key Concepts

CI/CD Pipeline Stages

  1. Lint & Type Check - Code quality gates
  2. Unit Tests - Test coverage with reporting
  3. Security Scan - npm audit + Trivy vulnerability scanner
  4. Build & Push - Docker image to container registry
  5. Deploy Staging - Environment-gated deployment
  6. Deploy Production - Manual approval or automated

Container Best Practices

Multi-stage builds minimize image size:

  • Stage 1: Install production dependencies only
  • Stage 2: Build application with dev dependencies
  • Stage 3: Production runtime with minimal footprint

Security hardening:

  • Non-root user (uid 1001)
  • Read-only filesystem where possible
  • Health checks for orchestrator integration

Kubernetes Deployment

Essential manifests:

  • Deployment with rolling update strategy
  • Service for internal routing
  • Ingress for external access with TLS
  • HorizontalPodAutoscaler for scaling

Security context:

  • runAsNonRoot: true
  • allowPrivilegeEscalation: false
  • readOnlyRootFilesystem: true
  • Drop all capabilities

Deployment Strategies

Strategy Use Case Risk
Rolling Default, gradual replacement Low - automatic rollback
Blue-Green Instant switch, easy rollback Medium - double resources
Canary Progressive traffic shift Low - gradual exposure

Rolling Update (Kubernetes default):

yaml
strategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 25%
    maxUnavailable: 0  # Zero downtime

Secrets Management

Use External Secrets Operator to sync from cloud providers:

  • AWS Secrets Manager
  • HashiCorp Vault
  • Azure Key Vault
  • GCP Secret Manager

References

Docker Patterns

Load: Read("${CLAUDE_SKILL_DIR}/references/docker-patterns.md")

Key topics covered:

  • Multi-stage build examples with 78% size reduction
  • Layer caching optimization
  • Security hardening (non-root, health checks)
  • Trivy vulnerability scanning
  • Docker Compose development setup

CI/CD Pipelines

Load: Read("${CLAUDE_SKILL_DIR}/references/ci-cd-pipelines.md")

Key topics covered:

  • Branch strategy (Git Flow)
  • GitHub Actions caching (85% time savings)
  • Artifact management
  • Matrix testing
  • Complete backend CI/CD example

Kubernetes Basics

Load: Read("${CLAUDE_SKILL_DIR}/references/kubernetes-basics.md")

Key topics covered:

  • Health probes (startup, liveness, readiness)
  • Security context configuration
  • PodDisruptionBudget
  • Resource quotas
  • StatefulSets for databases
  • Helm chart structure

Environment Management

Load: Read("${CLAUDE_SKILL_DIR}/references/environment-management.md")

Key topics covered:

  • External Secrets Operator
  • GitOps with ArgoCD
  • Terraform patterns (remote state, modules)
  • Zero-downtime database migrations
  • Alembic migration workflow
  • Rollback procedures

Observability

Load: Read("${CLAUDE_SKILL_DIR}/references/observability.md")

Key topics covered:

  • Prometheus metrics exposition
  • Grafana dashboard queries (PromQL)
  • Alerting rules for SLOs
  • Golden signals (SRE)
  • Structured logging
  • Distributed tracing (OpenTelemetry)

Railway Deployment

Load: Read("${CLAUDE_SKILL_DIR}/rules/railway-deployment.md")

Key topics covered:

  • railway.json configuration, Nixpacks builds
  • Environment variable management, database provisioning
  • Multi-service setups, Railway CLI workflows
  • References: ${CLAUDE_SKILL_DIR}/references/railway-json-config.md, ${CLAUDE_SKILL_DIR}/references/nixpacks-customization.md, ${CLAUDE_SKILL_DIR}/references/multi-service-setup.md

Deployment Strategies

Load: Read("${CLAUDE_SKILL_DIR}/references/deployment-strategies.md")

Key topics covered:

  • Rolling deployment
  • Blue-green deployment
  • Canary releases
  • Traffic splitting with Istio

Deployment Checklist & Templates

Load: Read("${CLAUDE_SKILL_DIR}/references/checklists-and-templates.md") for pre/during/post-deployment checklists, Helm chart structure, template reference table, and extended thinking triggers.

Related Skills

  • zero-downtime-migration - Database migration patterns for zero-downtime deployments
  • security-scanning - Security scanning integration for CI/CD pipelines
  • ork:monitoring-observability - Monitoring and alerting for deployed applications
  • ork:database-patterns - Python/Alembic migration workflow for backend deployments
  • portless (upstream) - Named .localhost URLs for multi-service local dev (portless alias api 8080)

Key Decisions

Decision Choice Rationale
Container user Non-root (uid 1001) Security best practice, required by many orchestrators
Deployment strategy Rolling update (default) Zero downtime, automatic rollback, resource efficient
Secrets management External Secrets Operator Syncs from cloud providers, GitOps compatible
Health checks Separate startup/liveness/readiness Prevents premature traffic, enables graceful shutdown

Capability Details

Load: Read("${CLAUDE_SKILL_DIR}/references/capability-details.md") for full keyword index and problem-solution mapping across all 6 capabilities (ci-cd, docker, kubernetes, infrastructure-as-code, deployment-strategies, observability).

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

yonatangross/orchestkit

expect

Diff-aware AI browser testing — analyzes git changes, generates targeted test plans, and executes them via agent-browser. Reads git diff to determine what changed, maps changes to affected pages via route map, generates a test plan scoped to the diff, and runs it with pass/fail reporting. Use when testing UI changes, verifying PRs before merge, running regression checks on changed components, or validating that recent code changes don't break the user-facing experience.

143 15
Explore
yonatangross/orchestkit

github-operations

GitHub CLI operations for issues, PRs, milestones, and Projects v2. Covers gh commands, REST API patterns, and automation scripts. Use when managing GitHub issues, PRs, milestones, or Projects with gh.

143 15
Explore
yonatangross/orchestkit

chain-patterns

Chain patterns for CC 2.1.71 pipelines — MCP detection, handoff files, checkpoint-resume, worktree agents, CronCreate monitoring. Use when building multi-phase pipeline skills. Loaded via skills: field by pipeline skills (fix-issue, implement, brainstorm, verify). Not user-invocable.

143 15
Explore
yonatangross/orchestkit

storybook-mcp-integration

Storybook MCP server integration for component-aware AI development. Covers 6 tools across 3 toolsets (dev, docs, testing): component discovery via list-all-documentation/get-documentation, story previews via preview-stories, and automated testing via run-story-tests. Use when generating components that should reuse existing Storybook components, running component tests via MCP, or previewing stories in chat.

143 15
Explore
yonatangross/orchestkit

component-search

Search 21st.dev component registry for production-ready React components. Finds components by natural language description, filters by framework and style system, returns ranked results with install instructions. Use when looking for UI components, finding alternatives to existing components, or sourcing design system building blocks.

143 15
Explore
yonatangross/orchestkit

ai-ui-generation

AI-assisted UI generation patterns for json-render, v0, Bolt, and Cursor workflows. Covers prompt engineering for component generation, review checklists for AI-generated code, design token injection, refactoring for design system conformance, and CI gates for quality assurance. Use when generating UI components with AI tools, rendering multi-surface MCP visual output, reviewing AI-generated code, or integrating AI output into design systems.

143 15
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results