home / skills / willsigmon / sigstack / cicd-expert

cicd-expert skill

safe

This skill guides multi-platform CI/CD setup and best practices across GitHub Actions, GitLab CI, Bitrise, and CircleCI to optimize pipelines.

npx playbooks add skill willsigmon/sigstack --skill cicd-expert

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

2.6 KB

---
name: CI/CD Expert
description: Multi-platform CI/CD - GitHub Actions, GitLab CI, Bitrise, best practices for mobile and web
allowed-tools: Read, Edit, Bash
model: sonnet
---

# CI/CD Expert

Cross-platform continuous integration and deployment patterns.

## Platform Comparison (2026)

| Platform | Best For | Free Tier | Pricing |
|----------|----------|-----------|---------|
| GitHub Actions | GitHub repos | 2000 min/mo | $0.008/min |
| GitLab CI | GitLab repos | 400 min/mo | $0.0008/min |
| Bitrise | Mobile | 300 credits | $35/mo+ |
| CircleCI | Speed | 6000 min/mo | $15/mo+ |
| Xcode Cloud | Apple-only | 25 hrs/mo | In Apple Dev |

## Universal Best Practices

### 1. Cache Dependencies
```yaml
# GitHub Actions
- uses: actions/cache@v4
  with:
    path: node_modules
    key: ${{ runner.os }}-node-${{ hashFiles('pnpm-lock.yaml') }}

# GitLab CI
cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - node_modules/
```

### 2. Fail Fast
```yaml
jobs:
  test:
    strategy:
      fail-fast: true
      matrix:
        node: [18, 20, 22]
```

### 3. Parallel Jobs
```yaml
# Run independent jobs in parallel
jobs:
  lint:
    runs-on: ubuntu-latest
    steps: ...

  test:
    runs-on: ubuntu-latest
    steps: ...

  build:
    needs: [lint, test]  # Only after parallel jobs pass
    steps: ...
```

### 4. Artifacts and Reports
```yaml
- uses: actions/upload-artifact@v4
  with:
    name: coverage-report
    path: coverage/
```

## Mobile CI Patterns

### iOS (GitHub Actions)
```yaml
jobs:
  ios:
    runs-on: macos-14
    steps:
      - uses: maxim-lobanov/setup-xcode@v1
        with:
          xcode-version: '15.2'
      - run: xcodebuild test -scheme App -destination 'platform=iOS Simulator,name=iPhone 15'
```

### Android
```yaml
jobs:
  android:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
      - run: ./gradlew test assembleRelease
```

## Web CI Patterns

### Node.js
```yaml
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: pnpm/action-setup@v2
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'pnpm'
      - run: pnpm install && pnpm test && pnpm build
```

## Security in CI

```yaml
# Secret scanning
- uses: trufflesecurity/trufflehog@main

# Dependency scanning
- uses: snyk/actions/node@master
  env:
    SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
```

## AI Integration (2026)
- Predictive test selection
- Intelligent failure diagnosis
- Auto-fix suggestions
- Risk assessment for changes

Use when: Setting up CI/CD, optimizing pipelines, multi-platform builds

Overview

This skill provides cross-platform CI/CD guidance and ready patterns for GitHub Actions, GitLab CI, Bitrise and other builders, with special emphasis on mobile and web pipelines. It condenses practical recipes for caching, parallelism, artifact management, security scanning and platform-specific steps for iOS, Android and Node.js. It also outlines modern AI-driven CI capabilities like predictive test selection and failure diagnosis. Use it to design, optimize, or audit CI/CD pipelines across teams and repositories.

How this skill works

The skill inspects common CI/CD requirements and recommends platform-appropriate job layouts, caching, artifact and secret handling, and parallelization strategies. It supplies concrete YAML patterns for actions such as dependency caching, fail-fast strategies, parallel jobs, artifact uploads, and platform-specific builds. It highlights security integrations (secret and dependency scanning) and practical mobile build steps for macOS and Linux runners. Finally, it advises on integrating AI features for smarter test selection and automated diagnostics.

When to use it

Bootstrapping CI/CD for a new repo (web or mobile).
Migrating or standardizing pipelines across GitHub, GitLab and Bitrise.
Improving build time and reliability with caching and parallel jobs.
Adding security scanning and artifact/report capture to pipelines.
Introducing AI-driven test selection or failure analysis.

Best practices

Cache dependencies keyed to lockfiles and OS to reduce install time.
Adopt fail-fast and matrix strategies to surface errors quickly and save CI minutes.
Run independent jobs in parallel and use conditional 'needs' to gate downstream steps.
Upload artifacts and reports (coverage, test results) for later inspection and debug.
Integrate secret and dependency scanners as part of CI to catch issues early.
Use platform-specific runners and tooling for mobile builds (macOS for iOS, Ubuntu/Android toolchain for Android).

Example use cases

GitHub Actions pipeline for a Node.js monorepo with pnpm caching and parallel test suites.
GitLab CI setup for a small team with commit-level caching and fail-fast matrices.
Bitrise pipeline for mobile apps that runs iOS tests on macOS runners and Android on Linux.
Add Snyk and secret-scanning steps to block merges with vulnerable dependencies.
Pilot AI-driven test selection to reduce coverage of redundant tests on pull requests.

FAQ

Which platform is best for mobile CI?

Bitrise and macOS runners (GitHub Actions macOS) are best for mobile; Bitrise focuses on mobile workflows while GitHub Actions supports macOS-located iOS builds.

How do I reduce CI minutes cost?

Use dependency caching keyed by lockfiles, run tests in parallel with fail-fast, target only changed packages/tests with selective runs, and use cheaper runners when possible.