cicd-pipeline-generator skill

---
name: cicd-pipeline-generator
description: This skill should be used when creating or configuring CI/CD pipeline files for automated testing, building, and deployment. Use this for generating GitHub Actions workflows, GitLab CI configs, CircleCI configs, or other CI/CD platform configurations. Ideal for setting up automated pipelines for Node.js/Next.js applications, including linting, testing, building, and deploying to platforms like Vercel, Netlify, or AWS.
---

# CI/CD Pipeline Generator

## Overview

Generate production-ready CI/CD pipeline configuration files for various platforms (GitHub Actions, GitLab CI, CircleCI, Jenkins). This skill provides templates and guidance for setting up automated workflows that handle linting, testing, building, and deployment for modern web applications, particularly Node.js/Next.js projects.

## Core Capabilities

### 1. Platform Selection

Choose the appropriate CI/CD platform based on project requirements:

- **GitHub Actions**: Best for GitHub-hosted projects with native integration
- **GitLab CI/CD**: Ideal for GitLab repositories with complex pipeline needs
- **CircleCI**: Optimized for Docker workflows and fast build times
- **Jenkins**: Suitable for self-hosted, highly customizable environments

Refer to `references/platform-comparison.md` for detailed platform comparisons, pros/cons, and use case recommendations.

### 2. Pipeline Configuration Generation

Generate pipeline configs following these principles:

#### Pipeline Stages

Structure pipelines with these standard stages:

1. **Install Dependencies**
   - Checkout code from repository
   - Setup runtime environment (Node.js version)
   - Restore cached dependencies
   - Install dependencies with `npm ci`
   - Cache dependencies for future runs

2. **Lint**
   - Run ESLint for code quality
   - Run TypeScript type checking
   - Fail fast on linting errors

3. **Test**
   - Execute unit tests
   - Execute integration tests
   - Generate code coverage reports
   - Upload coverage to reporting services (Codecov, Coveralls)

4. **Build**
   - Create production build
   - Verify build succeeds
   - Store build artifacts

5. **Deploy**
   - Deploy to staging (develop branch)
   - Deploy to production (main branch)
   - Run post-deployment smoke tests

#### Caching Strategy

Implement effective caching to speed up builds:

```yaml
# Cache node_modules based on package-lock.json
cache:
  key: ${{ hashFiles('package-lock.json') }}
  paths:
    - node_modules/
    - .npm/
```

#### Environment Variables

Configure necessary environment variables:
- `NODE_ENV`: Set to `production` for builds
- Platform-specific tokens: Store as secrets
- Build-time variables: Pass to build process

### 3. Template Usage

Use provided templates from `assets/` directory:

**GitHub Actions Template** (`assets/github-actions-nodejs.yml`):
- Multi-job workflow with lint, test, build, deploy
- Matrix builds for multiple Node.js versions (optional)
- Vercel deployment integration
- Artifact uploading
- Code coverage reporting

**GitLab CI Template** (`assets/gitlab-ci-nodejs.yml`):
- Multi-stage pipeline
- Dependency caching
- Manual production deployment
- Automatic staging deployment
- Coverage reporting

To use a template:
1. Copy the appropriate template file
2. Place in the correct location:
   - GitHub Actions: `.github/workflows/ci.yml`
   - GitLab CI: `.gitlab-ci.yml`
3. Customize deployment targets, environment variables, and branch names
4. Add required secrets to platform settings

### 4. Deployment Configuration

#### Vercel Deployment

For GitHub Actions:
```yaml
- uses: amondnet/vercel-action@v25
  with:
    vercel-token: ${{ secrets.VERCEL_TOKEN }}
    vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
    vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
    vercel-args: '--prod'
```

**Required Secrets**:
- `VERCEL_TOKEN`: Get from Vercel account settings
- `VERCEL_ORG_ID`: From Vercel project settings
- `VERCEL_PROJECT_ID`: From Vercel project settings

#### Netlify Deployment

```yaml
- run: |
    npm install -g netlify-cli
    netlify deploy --prod --dir=.next
  env:
    NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
    NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
```

#### AWS S3 + CloudFront

```yaml
- uses: aws-actions/configure-aws-credentials@v4
  with:
    aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    aws-region: us-east-1

- run: |
    aws s3 sync .next/static s3://${{ secrets.S3_BUCKET }}/static
    aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DIST_ID }} --paths "/*"
```

### 5. Testing Integration

Configure test execution with proper reporting:

**Jest Configuration**:
```yaml
- name: Run tests with coverage
  run: npm test -- --coverage --coverageReporters=text --coverageReporters=lcov

- name: Upload coverage
  uses: codecov/codecov-action@v4
  with:
    files: ./coverage/lcov.info
    flags: unittests
```

**Fail Fast Strategy**:
```yaml
# Run quick tests first
jobs:
  lint:  # Fails in ~30 seconds
  test:  # Fails in ~2 minutes
  build: # Fails in ~5 minutes
    needs: [lint, test]
  deploy:
    needs: [build]
```

### 6. Branch-Based Workflows

Implement different behaviors per branch:

**Feature Branches / PRs**:
- Run lint + test only
- No deployment
- Add PR comments with test results

**Develop Branch**:
- Run lint + test + build
- Deploy to staging environment
- Automatic deployment

**Main Branch**:
- Run lint + test + build
- Deploy to production
- Manual approval (optional)
- Create release tags

**Example**:
```yaml
deploy_staging:
  if: github.ref == 'refs/heads/develop'
  # Deploy to staging

deploy_production:
  if: github.ref == 'refs/heads/main'
  environment: production  # Requires manual approval
  # Deploy to production
```

## Workflow Decision Tree

Follow this decision tree to generate the appropriate pipeline:

1. **Which platform?**
   - GitHub → Use `assets/github-actions-nodejs.yml`
   - GitLab → Use `assets/gitlab-ci-nodejs.yml`
   - CircleCI/Jenkins → Adapt GitHub Actions template
   - Unsure → Consult `references/platform-comparison.md`

2. **What stages are needed?**
   - Always include: Lint, Test, Build
   - Optional: Security scanning, E2E tests, performance tests
   - Add deployment stage if deploying from CI

3. **Which deployment platform?**
   - Vercel → Use Vercel deployment examples
   - Netlify → Use Netlify CLI approach
   - AWS → Use AWS Actions/CLI
   - Custom → Implement custom deployment script

4. **What triggers?**
   - On push to main/develop
   - On pull request
   - On tag creation
   - Manual workflow dispatch

5. **What environment variables needed?**
   - Platform tokens (Vercel, Netlify, AWS)
   - API keys for external services
   - Build-time environment variables
   - Feature flags

## Best Practices

### Security
- Store all secrets in platform secret management (never in code)
- Use least-privilege tokens (read-only when possible)
- Rotate secrets regularly
- Audit secret access permissions
- Never log secrets (use `***` masking)

### Performance
- Cache dependencies aggressively
- Parallelize independent jobs
- Use matrix builds for multi-version testing
- Fail fast: Run quick checks before slow ones
- Optimize Docker layer caching

### Reliability
- Pin exact Node.js versions (`18.x` not just `18`)
- Commit lockfiles (`package-lock.json`)
- Add retry logic for flaky external services
- Set reasonable timeouts (10-15 minutes max)
- Use `continue-on-error` for non-critical steps

### Maintainability
- Add comments explaining complex logic
- Use reusable workflows/templates
- Keep configs DRY (Don't Repeat Yourself)
- Version control all pipeline changes
- Document required secrets in README

## Common Patterns

### Multi-Environment Deployment
```yaml
deploy_staging:
  environment: staging
  if: github.ref == 'refs/heads/develop'

deploy_production:
  environment: production
  if: github.ref == 'refs/heads/main'
  needs: [deploy_staging]
```

### Matrix Testing
```yaml
strategy:
  matrix:
    node-version: [16.x, 18.x, 20.x]
    os: [ubuntu-latest, windows-latest]
```

### Conditional Steps
```yaml
- name: Deploy
  if: github.event_name == 'push' && github.ref == 'refs/heads/main'
  run: npm run deploy
```

### Artifact Management
```yaml
- name: Upload build
  uses: actions/upload-artifact@v4
  with:
    name: build-output
    path: .next/
    retention-days: 7

- name: Download build
  uses: actions/download-artifact@v4
  with:
    name: build-output
```

## Troubleshooting

### Pipeline Failures
1. Check action/job logs for error messages
2. Verify environment variables and secrets are set
3. Test commands locally before adding to pipeline
4. Check for platform-specific issues in documentation

### Slow Builds
1. Verify cache is working (check cache hit/miss logs)
2. Parallelize independent jobs
3. Use faster runners if available
4. Optimize dependency installation

### Deployment Failures
1. Verify deployment tokens are valid
2. Check platform status pages
3. Review deployment logs
4. Test deployment commands locally

## Resources

### Templates (`assets/`)
- `github-actions-nodejs.yml`: Complete GitHub Actions workflow
- `gitlab-ci-nodejs.yml`: Complete GitLab CI pipeline

### Reference Documentation (`references/`)
- `platform-comparison.md`: Detailed comparison of CI/CD platforms, deployment targets, best practices, and common patterns

## Example Usage

**User Request**: "Create a GitHub Actions workflow that runs tests and deploys to Vercel"

**Steps**:
1. Copy `assets/github-actions-nodejs.yml` template
2. Create `.github/workflows/` directory if it doesn't exist
3. Save as `.github/workflows/ci.yml`
4. Update deployment section with Vercel credentials
5. Add secrets to GitHub repository settings:
   - `VERCEL_TOKEN`
   - `VERCEL_ORG_ID`
   - `VERCEL_PROJECT_ID`
6. Commit and push to trigger workflow

**User Request**: "Set up GitLab CI with staging and production environments"

**Steps**:
1. Copy `assets/gitlab-ci-nodejs.yml` template
2. Save as `.gitlab-ci.yml` in repository root
3. Configure GitLab CI/CD variables:
   - `VERCEL_TOKEN`
   - Other deployment credentials
4. Review manual approval settings for production
5. Commit to trigger pipeline

## Advanced Configuration

### Monorepo Support
```yaml
paths:
  - 'apps/frontend/**'
  - 'packages/**'
```

### Scheduled Runs
```yaml
on:
  schedule:
    - cron: '0 2 * * *'  # Daily at 2 AM
```

### External Service Integration
```yaml
- name: Notify Slack
  uses: 8398a7/action-slack@v3
  with:
    status: ${{ job.status }}
    webhook_url: ${{ secrets.SLACK_WEBHOOK }}
```

### Security Scanning
```yaml
- name: Run security audit
  run: npm audit --audit-level=moderate

- name: Check for vulnerabilities
  uses: snyk/actions/node@master
  env:
    SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
```