home / skills / ntaksh42 / agents / yaml-pipeline-validator

yaml-pipeline-validator skill

safe

This skill validates and lint Azure Pipelines YAML for syntax, best practices, secrets, performance, and security improvements.

npx playbooks add skill ntaksh42/agents --skill yaml-pipeline-validator

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

1.6 KB

---
name: yaml-pipeline-validator
description: Validate and lint Azure Pipelines YAML with best practices checks. Use when validating pipeline syntax or ensuring pipeline quality.
---

# YAML Pipeline Validator Skill

Azure Pipelinesの YAML検証を行うスキルです。

## 主な機能

- **構文検証**: YAMLシンタックスチェック
- **ベストプラクティス**: 推奨設定確認
- **セキュリティ**: シークレット露出チェック
- **パフォーマンス**: 最適化提案

## 検証項目

### 1. 必須フィールド

```yaml
# ❌ Bad: トリガーなし
pool:
  vmImage: 'ubuntu-latest'

# ✅ Good
trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'
```

### 2. シークレット管理

```yaml
# ❌ Bad: ハードコード
steps:
  - script: echo "Password: MySecretPassword123"

# ✅ Good: 変数グループ使用
variables:
  - group: Secrets

steps:
  - script: echo "Password: $(SecretPassword)"
```

### 3. キャッシュ使用

```yaml
# ✅ Good: 依存関係キャッシュ
steps:
  - task: Cache@2
    inputs:
      key: 'npm | "$(Agent.OS)" | package-lock.json'
      path: $(npm_config_cache)

  - script: npm install
```

### 4. 並列実行

```yaml
# ✅ Good: 並列ジョブ
jobs:
  - job: TestLinux
    pool:
      vmImage: 'ubuntu-latest'
    steps:
      - script: npm test

  - job: TestWindows
    pool:
      vmImage: 'windows-latest'
    steps:
      - script: npm test
```

## Azure CLI検証

```bash
# YAML検証
az pipelines validate \
  --repository myrepo \
  --branch main \
  --path azure-pipelines.yml
```

## バージョン情報
- Version: 1.0.0

Overview

This skill validates and lints Azure Pipelines YAML files to catch syntax errors and enforce pipeline quality. It highlights missing required fields, insecure patterns, and opportunities for performance improvements. Use it to ensure pipelines follow best practices before merging or deploying.

How this skill works

The validator parses pipeline YAML and runs a set of rules: syntax checks, required-field checks (like trigger), secret exposure detection, cache and parallelism recommendations, and other best-practice validations. It reports line-specific warnings and actionable suggestions, and can reference Azure CLI validation for end-to-end verification. Results focus on concrete fixes and examples that are safe to apply.

When to use it

Before committing or merging changes to azure-pipelines.yml
During CI review to enforce pipeline standards and security
When onboarding new projects to ensure baseline pipeline quality
After refactoring jobs or steps to confirm no regressions
When optimizing pipeline runtime or reliability

Best practices

Always include a trigger section to avoid unintentionally disabled CI
Never hard-code secrets; use variable groups or secret variables
Use cache tasks for dependency directories to reduce install time
Split independent work into parallel jobs to shorten total runtime
Prefer explicit pools and images to ensure reproducible agents

Example use cases

Detecting a missing trigger field that would stop automatic builds
Flagging hard-coded passwords or tokens in script steps
Suggesting Cache@2 usage for npm or pip dependency folders
Identifying opportunities to split tests into parallel jobs
Validating YAML with az pipelines validate as a final check

FAQ

Will it run my pipeline or just check YAML?

It only parses and analyzes YAML for syntax, security, and best-practice issues; it does not execute pipeline jobs.

Can it detect secrets in variables referenced from templates?

It flags obvious hard-coded secrets and common secret patterns; detection across templates depends on whether the template content is available to the analyzer.

How do I perform an end-to-end validation against Azure?

Use az pipelines validate with repository, branch, and path to run server-side validation after addressing local lint warnings.