PluginBench
Skill
Fail
Audit score 45

devops-deployment

yonatangross/orchestkit

How to install devops-deployment

npx skills add https://github.com/yonatangross/orchestkit --skill devops-deployment
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from yonatangross/orchestkit.


name: devops-deployment license: MIT compatibility: "Claude Code 2.1.183+." description: Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub Actions, Docker, Helm, and Terraform patterns. tags: [devops, ci-cd, docker, kubernetes, terraform] context: fork agent: ci-cd-engineer version: 1.0.0 author: OrchestKit user-invocable: false disable-model-invocation: false complexity: medium persuasion-type: guidance metadata: category: workflow-automation allowed-tools:

  • Read
  • Glob
  • Grep
  • WebFetch
  • WebSearch paths: [".github/workflows/", "Dockerfile*", "docker-compose*", "/k8s/", "/terraform/"] path_patterns: [".tf", ".tfvars", "/k8s/", "/helm/**", "Dockerfile*", ".github/workflows/*"] invocation_hooks:
  • "command -v docker >/dev/null 2>&1 || echo 'Warning: docker not found — container operations will fail'"

DevOps & Deployment Skill

Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.

Note: If disableSkillShellExecution is enabled (CC 2.1.91), the Docker install check won't run. Verify Docker is available for container operations: docker --version.

Overview

  • Setting up CI/CD pipelines
  • Containerizing applications
  • Deploying to Kubernetes or cloud platforms
  • Implementing GitOps workflows
  • Managing infrastructure as code
  • Planning release strategies

Pipeline Architecture

┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐
│    Code     │──>│    Build    │──>│    Test     │──>│   Deploy    │
│   Commit    │   │   & Lint    │   │   & Scan    │   │  & Release  │
└─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘
       │                 │                 │                 │
       v                 v                 v                 v
   Triggers         Artifacts          Reports          Monitoring

Key Concepts

CI/CD Pipeline Stages

  1. Lint & Type Check - Code quality gates
  2. Unit Tests - Test coverage with reporting
  3. Security Scan - npm audit + Trivy vulnerability scanner
  4. Build & Push - Docker image to container registry
  5. Deploy Staging - Environment-gated deployment
  6. Deploy Production - Manual approval or automated

Container Best Practices

Multi-stage builds minimize image size:

  • Stage 1: Install production dependencies only
  • Stage 2: Build application with dev dependencies
  • Stage 3: Production runtime with minimal footprint

Security hardening:

  • Non-root user (uid 1001)
  • Read-only filesystem where possible
  • Health checks for orchestrator integration

Kubernetes Deployment

Essential manifests:

  • Deployment with rolling update strategy
  • Service for internal routing
  • Ingress for external access with TLS
  • HorizontalPodAutoscaler for scaling

Security context:

  • runAsNonRoot: true
  • allowPrivilegeEscalation: false
  • readOnlyRootFilesystem: true
  • Drop all capabilities

Deployment Strategies

StrategyUse CaseRisk
RollingDefault, gradual replacementLow - automatic rollback
Blue-GreenInstant switch, easy rollbackMedium - double resources
CanaryProgressive traffic shiftLow - gradual exposure

Rolling Update (Kubernetes default):

strategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 25%
    maxUnavailable: 0  # Zero downtime

Secrets Management

Use External Secrets Operator to sync from cloud providers:

  • AWS Secrets Manager
  • HashiCorp Vault
  • Azure Key Vault
  • GCP Secret Manager

References

Docker Patterns

Load: Read("${CLAUDE_SKILL_DIR}/references/docker-patterns.md")

Key topics covered:

  • Multi-stage build examples with 78% size reduction
  • Layer caching optimization
  • Security hardening (non-root, health checks)
  • Trivy vulnerability scanning
  • Docker Compose development setup

CI/CD Pipelines

Load: Read("${CLAUDE_SKILL_DIR}/references/ci-cd-pipelines.md")

Key topics covered:

  • Branch strategy (Git Flow)
  • GitHub Actions caching (85% time savings)
  • Artifact management
  • Matrix testing
  • Complete backend CI/CD example

Kubernetes Basics

Load: Read("${CLAUDE_SKILL_DIR}/references/kubernetes-basics.md")

Key topics covered:

  • Health probes (startup, liveness, readiness)
  • Security context configuration
  • PodDisruptionBudget
  • Resource quotas
  • StatefulSets for databases
  • Helm chart structure

Environment Management

Load: Read("${CLAUDE_SKILL_DIR}/references/environment-management.md")

Key topics covered:

  • External Secrets Operator
  • GitOps with ArgoCD
  • Terraform patterns (remote state, modules)
  • Zero-downtime database migrations
  • Alembic migration workflow
  • Rollback procedures

Observability

Load: Read("${CLAUDE_SKILL_DIR}/references/observability.md")

Key topics covered:

  • Prometheus metrics exposition
  • Grafana dashboard queries (PromQL)
  • Alerting rules for SLOs
  • Golden signals (SRE)
  • Structured logging
  • Distributed tracing (OpenTelemetry)

Railway Deployment

Load: Read("${CLAUDE_SKILL_DIR}/rules/railway-deployment.md")

Key topics covered:

  • railway.json configuration, Nixpacks builds
  • Environment variable management, database provisioning
  • Multi-service setups, Railway CLI workflows
  • References: ${CLAUDE_SKILL_DIR}/references/railway-json-config.md, ${CLAUDE_SKILL_DIR}/references/nixpacks-customization.md, ${CLAUDE_SKILL_DIR}/references/multi-service-setup.md

Deployment Strategies

Load: Read("${CLAUDE_SKILL_DIR}/references/deployment-strategies.md")

Key topics covered:

  • Rolling deployment
  • Blue-green deployment
  • Canary releases
  • Traffic splitting with Istio

Deployment Checklist & Templates

Load: Read("${CLAUDE_SKILL_DIR}/references/checklists-and-templates.md") for pre/during/post-deployment checklists, Helm chart structure, template reference table, and extended thinking triggers.


Related Skills

  • zero-downtime-migration - Database migration patterns for zero-downtime deployments
  • security-scanning - Security scanning integration for CI/CD pipelines
  • ork:monitoring-observability - Monitoring and alerting for deployed applications
  • ork:database-patterns - Python/Alembic migration workflow for backend deployments
  • portless (upstream) - Named .localhost URLs for multi-service local dev (portless alias api 8080)

Key Decisions

DecisionChoiceRationale
Container userNon-root (uid 1001)Security best practice, required by many orchestrators
Deployment strategyRolling update (default)Zero downtime, automatic rollback, resource efficient
Secrets managementExternal Secrets OperatorSyncs from cloud providers, GitOps compatible
Health checksSeparate startup/liveness/readinessPrevents premature traffic, enables graceful shutdown

Capability Details

Load: Read("${CLAUDE_SKILL_DIR}/references/capability-details.md") for full keyword index and problem-solution mapping across all 6 capabilities (ci-cd, docker, kubernetes, infrastructure-as-code, deployment-strategies, observability).

Related skills

More from yonatangross/orchestkit and the wider catalog.

AR

architecture-decision-record

yonatangross/orchestkit

Use this skill when documenting significant architectural decisions. Provides ADR templates following the Nygard format with sections for context, decision, consequences, and alternatives. Use when writing ADRs, recording decisions, or evaluating options.

834 installs
UI

ui-components

yonatangross/orchestkit

UI component library patterns for shadcn/ui and Radix Primitives. Use when building accessible component libraries, customizing shadcn components, using Radix unstyled primitives, or creating design system foundations.

829 installsAudited
RE

responsive-patterns

yonatangross/orchestkit

Responsive design with Container Queries, fluid typography, cqi/cqb units, subgrid, intrinsic layouts, foldable devices, and mobile-first patterns for React applications. Use when building responsive layouts or container queries.

829 installsAudited
RA

rag-retrieval

yonatangross/orchestkit

Retrieval-Augmented Generation patterns for grounded LLM responses. Use when building RAG pipelines, embedding documents, implementing hybrid search, contextual retrieval, HyDE, agentic RAG, multimodal RAG, query decomposition, reranking, or pgvector search.

748 installs
AG

agent-orchestration

yonatangross/orchestkit

Agent orchestration patterns for agentic loops, multi-agent coordination, alternative frameworks, and multi-scenario workflows. Use when building autonomous agent loops, coordinating multiple agents, evaluating CrewAI/AutoGen/Swarm, or orchestrating complex multi-step scenarios.

702 installs
ZU

zustand-patterns

yonatangross/orchestkit

Reference for Zustand 5.x state management including slices, middleware, Immer, useShallow, persistence, selectors, and devtools integration. Documents 7 core patterns with TypeScript examples and anti-patterns. Use when building React state management with Zustand instead of Redux.

672 installsAudited