OpenSkillIndex← back to search
claude-codedevops

Claude-skill-registry checking-deploy

Validate Kubernetes, Terraform, Helm, GitHub Actions, and Docker configs. Use when user says "deploy check", "validate deployment", "check k8s", "validate infrastructure", "check configs", or wants to verify infrastructure.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/checking-deploy" ~/.claude/skills/majiayu000-claude-skill-registry-checking-deploy && rm -rf "$T"
manifest: skills/data/checking-deploy/SKILL.md
tags
#k8s-validation#terraform-check#helm-validation#github-actions#docker-check#infrastructure
source content

Deployment Validation

Validate Kubernetes, Terraform, Helm, GitHub Actions, and Docker configs.

Use TodoWrite to track these 5 phases:

  1. Detect infrastructure files
  2. Spawn validation agent
  3. Collect results
  4. Research best practices (if needed)
  5. Present summary

Parse $ARGUMENTS:

  • --background
    → Run in background, return immediately with agent ID

Step 1: Detect Infrastructure Files

Use Glob to find infrastructure files (quick scan):

  • **/*.yaml
    , 
    **/*.yml
    - K8s, Helm, Kustomize
  • .github/workflows/*.yml
    - GitHub Actions
  • **/*.tf
    - Terraform
  • **/Dockerfile*
    , 
    **/docker-compose*.yml
    - Docker

Step 2: Spawn Validation Agent

Based on detected file types, spawn infra-engineer agent:

Task(
  subagent_type="infra-engineer",
  run_in_background={true if --background else false},
  description="Infrastructure validation",
  prompt="Validate {detected_types} infrastructure in this repository.

  Run these validations (only for detected file types):

  **Kubernetes:**
  - kubectl apply --dry-run=client -f <files>
  - Check: security contexts, resource limits, non-root users
  - Check: liveness/readiness probes defined
  - Check: no 'latest' image tags

  **Helm:**
  - helm lint <chart>
  - helm template validation
  - Check: values.yaml has sensible defaults

  **GitHub Actions:**
  - actionlint (if available)
  - Check: secrets not hardcoded
  - Check: permissions minimized (not 'write-all')
  - Check: pinned action versions (@vX.Y.Z not @main)

  **Terraform:**
  - terraform fmt -check
  - terraform validate
  - Check: no hardcoded credentials
  - Check: state backend configured

  **Dockerfile:**
  - Multi-stage builds where appropriate
  - Non-root user (USER directive)
  - Pinned base image tags (not :latest)
  - No secrets in build args

  Output format:
  PASS/FAIL per category with file:line for issues.
  Severity: CRITICAL / IMPORTANT / SUGGESTION"
)

If --background: Return agent ID immediately for later collection.

Step 3: Collect Results (if not background)

TaskOutput(task_id=<agent_id>, block=true)

Step 4: Research if Needed

For uncertain findings, use Perplexity for current best practices:

mcp__perplexity-ask__perplexity_ask with:
"Current best practices for {specific concern} in {technology} 2024-2025"

Step 5: Present Summary

DEPLOYMENT CHECK
================
Agent ID: {id} (use /agent:resume {id} to continue)

Kubernetes: [PASS/FAIL] - {details}
Helm: [PASS/FAIL] - {details}
GitHub Actions: [PASS/FAIL] - {details}
Terraform: [PASS/FAIL] - {details}
Docker: [PASS/FAIL] - {details}

CRITICAL Issues:
- file:line - issue description

IMPORTANT Issues:
- file:line - issue description

Recommendations:
- [prioritized list]

Execute validation now.