Awesome-omni-skill DevOps & Deployment

Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub Actions, Docker, Helm, and Terraform patterns.

install

source · Clone the upstream repo

git clone https://github.com/diegosouzapw/awesome-omni-skill

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/devops/devops-deployment-majiayu000" ~/.claude/skills/diegosouzapw-awesome-omni-skill-devops-deployment-c400df && rm -rf "$T"

manifest: skills/devops/devops-deployment-majiayu000/SKILL.md

source content

DevOps & Deployment Skill

Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.

Overview

Setting up CI/CD pipelines
Containerizing applications
Deploying to Kubernetes or cloud platforms
Implementing GitOps workflows
Managing infrastructure as code
Planning release strategies

Pipeline Architecture

┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐
│    Code     │──>│    Build    │──>│    Test     │──>│   Deploy    │
│   Commit    │   │   & Lint    │   │   & Scan    │   │  & Release  │
└─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘
       │                 │                 │                 │
       v                 v                 v                 v
   Triggers         Artifacts          Reports          Monitoring

Key Concepts

CI/CD Pipeline Stages

Lint & Type Check - Code quality gates
Unit Tests - Test coverage with reporting
Security Scan - npm audit + Trivy vulnerability scanner
Build & Push - Docker image to container registry
Deploy Staging - Environment-gated deployment
Deploy Production - Manual approval or automated

Container Best Practices

Multi-stage builds minimize image size:

Stage 1: Install production dependencies only
Stage 2: Build application with dev dependencies
Stage 3: Production runtime with minimal footprint

Security hardening:

Non-root user (uid 1001)
Read-only filesystem where possible
Health checks for orchestrator integration

Kubernetes Deployment

Essential manifests:

Deployment with rolling update strategy
Service for internal routing
Ingress for external access with TLS
HorizontalPodAutoscaler for scaling

Security context:

```
runAsNonRoot: true
```
```
allowPrivilegeEscalation: false
```
```
readOnlyRootFilesystem: true
```
Drop all capabilities

Deployment Strategies

Strategy	Use Case	Risk
Rolling	Default, gradual replacement	Low - automatic rollback
Blue-Green	Instant switch, easy rollback	Medium - double resources
Canary	Progressive traffic shift	Low - gradual exposure

Rolling Update (Kubernetes default):

strategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 25%
    maxUnavailable: 0  # Zero downtime

Secrets Management

Use External Secrets Operator to sync from cloud providers:

AWS Secrets Manager
HashiCorp Vault
Azure Key Vault
GCP Secret Manager

References

Docker Patterns

See:

references/docker-patterns.md

Key topics covered:

Multi-stage build examples with 78% size reduction
Layer caching optimization
Security hardening (non-root, health checks)
Trivy vulnerability scanning
Docker Compose development setup

CI/CD Pipelines

See:

references/ci-cd-pipelines.md

Key topics covered:

Branch strategy (Git Flow)
GitHub Actions caching (85% time savings)
Artifact management
Matrix testing
Complete backend CI/CD example

Kubernetes Basics

See:

references/kubernetes-basics.md

Key topics covered:

Health probes (startup, liveness, readiness)
Security context configuration
PodDisruptionBudget
Resource quotas
StatefulSets for databases
Helm chart structure

Environment Management

See:

references/environment-management.md

Key topics covered:

External Secrets Operator
GitOps with ArgoCD
Terraform patterns (remote state, modules)
Zero-downtime database migrations
Alembic migration workflow
Rollback procedures

Observability

See:

references/observability.md

Key topics covered:

Prometheus metrics exposition
Grafana dashboard queries (PromQL)
Alerting rules for SLOs
Golden signals (SRE)
Structured logging
Distributed tracing (OpenTelemetry)

Deployment Strategies

See:

references/deployment-strategies.md

Key topics covered:

Rolling deployment
Blue-green deployment
Canary releases
Traffic splitting with Istio

Deployment Checklist

Pre-Deployment

All tests passing in CI
Security scans clean
Database migrations ready
Rollback plan documented

During Deployment

Monitor deployment progress
Watch error rates
Verify health checks passing

Post-Deployment

Verify metrics normal
Check logs for errors
Update status page

Helm Chart Structure

charts/app/
├── Chart.yaml
├── values.yaml
├── templates/
│   ├── deployment.yaml
│   ├── service.yaml
│   ├── ingress.yaml
│   ├── configmap.yaml
│   ├── secret.yaml
│   ├── hpa.yaml
│   └── _helpers.tpl
└── values/
    ├── staging.yaml
    └── production.yaml

Related Skills

```
zero-downtime-migration
```
- Database migration patterns for zero-downtime deployments
```
security-scanning
```
- Security scanning integration for CI/CD pipelines
```
observability-monitoring
```
- Monitoring and alerting for deployed applications
```
alembic-migrations
```
- Python/Alembic migration workflow for backend deployments

Key Decisions

Decision	Choice	Rationale
Container user	Non-root (uid 1001)	Security best practice, required by many orchestrators
Deployment strategy	Rolling update (default)	Zero downtime, automatic rollback, resource efficient
Secrets management	External Secrets Operator	Syncs from cloud providers, GitOps compatible
Health checks	Separate startup/liveness/readiness	Prevents premature traffic, enables graceful shutdown

Extended Thinking Triggers

Use Opus 4.5 extended thinking for:

Architecture decisions - Kubernetes vs serverless, multi-region setup
Migration planning - Moving between cloud providers
Incident response - Complex deployment failures
Security design - Zero-trust architecture

Templates Reference

Template	Purpose
`github-actions-pipeline.yml`	Full CI/CD workflow with 6 stages
`Dockerfile`	Multi-stage Node.js build
`docker-compose.yml`	Development environment
`k8s-manifests.yaml`	Deployment, Service, Ingress
`helm-values.yaml`	Helm chart values
`terraform-aws.tf`	VPC, EKS, RDS infrastructure
`argocd-application.yaml`	GitOps application
`external-secrets.yaml`	Secrets Manager integration

Capability Details

ci-cd

Keywords: ci, cd, pipeline, github actions, gitlab ci, jenkins, workflow Solves:

How do I set up CI/CD?
GitHub Actions workflow patterns
Pipeline caching strategies
Matrix testing setup

docker

Keywords: docker, dockerfile, container, image, build, compose, multi-stage Solves:

How do I containerize my app?
Multi-stage Dockerfile best practices
Docker Compose development setup
Container security hardening

kubernetes

Keywords: kubernetes, k8s, deployment, service, ingress, helm, statefulset, pdb Solves:

How do I deploy to Kubernetes?
K8s health probes and resource limits
Helm chart structure
StatefulSet for databases

infrastructure-as-code

Keywords: terraform, pulumi, iac, infrastructure, provision, gitops, argocd Solves:

How do I set up infrastructure as code?
Terraform AWS patterns (VPC, EKS, RDS)
GitOps with ArgoCD
Secrets management patterns

deployment-strategies

Keywords: blue green, canary, rolling, deployment strategy, rollback, zero downtime Solves:

Which deployment strategy should I use?
Zero-downtime database migrations
Blue-green deployment setup
Canary release with traffic splitting

observability

Keywords: prometheus, grafana, metrics, alerting, monitoring, health check Solves:

How do I add monitoring to my app?
Prometheus metrics exposition
Grafana dashboard queries
Alerting rules for SLOs