devops-deployment
Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub Actions, Docker, Helm, and Terraform patterns.
How do I install this agent skill?
npx skills add https://github.com/yonatangross/orchestkit --skill devops-deploymentIs this agent skill safe to install?
- Gen Agent Trust Hubpass
The skill is a comprehensive DevOps toolkit for CI/CD and infrastructure automation. It includes hardcoded default credentials for development environments and utilizes dynamic context injection for project discovery. A vulnerability to indirect prompt injection exists because the skill parses untrusted local project files to auto-generate CI/CD configurations.
- Socketpass
No alerts
- Snykpass
Risk: LOW · No issues
- Runlayerfail
20/33 files flagged
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
DevOps & Deployment Skill
Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.
Note: If
disableSkillShellExecutionis enabled (CC 2.1.91), the Docker install check won't run. Verify Docker is available for container operations:docker --version.
Overview
- Setting up CI/CD pipelines
- Containerizing applications
- Deploying to Kubernetes or cloud platforms
- Implementing GitOps workflows
- Managing infrastructure as code
- Planning release strategies
Pipeline Architecture
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Code │──>│ Build │──>│ Test │──>│ Deploy │
│ Commit │ │ & Lint │ │ & Scan │ │ & Release │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
│ │ │ │
v v v v
Triggers Artifacts Reports Monitoring
Key Concepts
CI/CD Pipeline Stages
- Lint & Type Check - Code quality gates
- Unit Tests - Test coverage with reporting
- Security Scan - npm audit + Trivy vulnerability scanner
- Build & Push - Docker image to container registry
- Deploy Staging - Environment-gated deployment
- Deploy Production - Manual approval or automated
Container Best Practices
Multi-stage builds minimize image size:
- Stage 1: Install production dependencies only
- Stage 2: Build application with dev dependencies
- Stage 3: Production runtime with minimal footprint
Security hardening:
- Non-root user (uid 1001)
- Read-only filesystem where possible
- Health checks for orchestrator integration
Kubernetes Deployment
Essential manifests:
- Deployment with rolling update strategy
- Service for internal routing
- Ingress for external access with TLS
- HorizontalPodAutoscaler for scaling
Security context:
runAsNonRoot: trueallowPrivilegeEscalation: falsereadOnlyRootFilesystem: true- Drop all capabilities
Deployment Strategies
| Strategy | Use Case | Risk |
|---|---|---|
| Rolling | Default, gradual replacement | Low - automatic rollback |
| Blue-Green | Instant switch, easy rollback | Medium - double resources |
| Canary | Progressive traffic shift | Low - gradual exposure |
Rolling Update (Kubernetes default):
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0 # Zero downtime
Secrets Management
Use External Secrets Operator to sync from cloud providers:
- AWS Secrets Manager
- HashiCorp Vault
- Azure Key Vault
- GCP Secret Manager
References
Docker Patterns
Load: Read("${CLAUDE_SKILL_DIR}/references/docker-patterns.md")
Key topics covered:
- Multi-stage build examples with 78% size reduction
- Layer caching optimization
- Security hardening (non-root, health checks)
- Trivy vulnerability scanning
- Docker Compose development setup
CI/CD Pipelines
Load: Read("${CLAUDE_SKILL_DIR}/references/ci-cd-pipelines.md")
Key topics covered:
- Branch strategy (Git Flow)
- GitHub Actions caching (85% time savings)
- Artifact management
- Matrix testing
- Complete backend CI/CD example
Kubernetes Basics
Load: Read("${CLAUDE_SKILL_DIR}/references/kubernetes-basics.md")
Key topics covered:
- Health probes (startup, liveness, readiness)
- Security context configuration
- PodDisruptionBudget
- Resource quotas
- StatefulSets for databases
- Helm chart structure
Environment Management
Load: Read("${CLAUDE_SKILL_DIR}/references/environment-management.md")
Key topics covered:
- External Secrets Operator
- GitOps with ArgoCD
- Terraform patterns (remote state, modules)
- Zero-downtime database migrations
- Alembic migration workflow
- Rollback procedures
Observability
Load: Read("${CLAUDE_SKILL_DIR}/references/observability.md")
Key topics covered:
- Prometheus metrics exposition
- Grafana dashboard queries (PromQL)
- Alerting rules for SLOs
- Golden signals (SRE)
- Structured logging
- Distributed tracing (OpenTelemetry)
Railway Deployment
Load: Read("${CLAUDE_SKILL_DIR}/rules/railway-deployment.md")
Key topics covered:
- railway.json configuration, Nixpacks builds
- Environment variable management, database provisioning
- Multi-service setups, Railway CLI workflows
- References:
${CLAUDE_SKILL_DIR}/references/railway-json-config.md,${CLAUDE_SKILL_DIR}/references/nixpacks-customization.md,${CLAUDE_SKILL_DIR}/references/multi-service-setup.md
Deployment Strategies
Load: Read("${CLAUDE_SKILL_DIR}/references/deployment-strategies.md")
Key topics covered:
- Rolling deployment
- Blue-green deployment
- Canary releases
- Traffic splitting with Istio
Deployment Checklist & Templates
Load: Read("${CLAUDE_SKILL_DIR}/references/checklists-and-templates.md") for pre/during/post-deployment checklists, Helm chart structure, template reference table, and extended thinking triggers.
Related Skills
zero-downtime-migration- Database migration patterns for zero-downtime deploymentssecurity-scanning- Security scanning integration for CI/CD pipelinesork:monitoring-observability- Monitoring and alerting for deployed applicationsork:database-patterns- Python/Alembic migration workflow for backend deploymentsportless(upstream) - Named.localhostURLs for multi-service local dev (portless alias api 8080)
Key Decisions
| Decision | Choice | Rationale |
|---|---|---|
| Container user | Non-root (uid 1001) | Security best practice, required by many orchestrators |
| Deployment strategy | Rolling update (default) | Zero downtime, automatic rollback, resource efficient |
| Secrets management | External Secrets Operator | Syncs from cloud providers, GitOps compatible |
| Health checks | Separate startup/liveness/readiness | Prevents premature traffic, enables graceful shutdown |
Capability Details
Load: Read("${CLAUDE_SKILL_DIR}/references/capability-details.md") for full keyword index and problem-solution mapping across all 6 capabilities (ci-cd, docker, kubernetes, infrastructure-as-code, deployment-strategies, observability).
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/yonatangross/orchestkit/devops-deployment">View devops-deployment on skillZs</a>