@marcfargas/skills 0.4.1 → 0.5.0

package/azure/azcli/serverless.md

@@ -0,0 +1,242 @@
+# Serverless & Containers: App Service, Functions, Container Apps, AKS, ACR
+
+## App Service (Web Apps)
+
+```bash
+# Create App Service plan
+az appservice plan create \
+  --resource-group my-rg \
+  --name my-plan \
+  --sku B1 \
+  --is-linux
+
+# WRITE — create web app (Node.js)
+az webapp create \
+  --resource-group my-rg \
+  --plan my-plan \
+  --name my-webapp \
+  --runtime "NODE:20-lts"
+
+# Deploy from local source (zip deploy)
+az webapp up --resource-group my-rg --name my-webapp --runtime "NODE:20-lts"
+
+# Deploy from GitHub
+az webapp deployment source config \
+  --resource-group my-rg \
+  --name my-webapp \
+  --repo-url https://github.com/user/repo \
+  --branch main
+
+# Deploy from container image
+az webapp create \
+  --resource-group my-rg \
+  --plan my-plan \
+  --name my-webapp \
+  --deployment-container-image-name myregistry.azurecr.io/myimage:tag
+
+# READ
+az webapp list --resource-group my-rg -o table
+az webapp show --name my-webapp --resource-group my-rg -o json
+az webapp log tail --name my-webapp --resource-group my-rg
+
+# WRITE — app settings (env vars)
+az webapp config appsettings set \
+  --resource-group my-rg \
+  --name my-webapp \
+  --settings KEY=value DB_HOST=mydb.postgres.database.azure.com
+
+az webapp config appsettings list --resource-group my-rg --name my-webapp -o json
+
+# WRITE — connection strings
+az webapp config connection-string set \
+  --resource-group my-rg \
+  --name my-webapp \
+  --connection-string-type PostgreSQL \
+  --settings MyDB="host=...;database=...;user=...;password=..."
+
+# Scale
+az appservice plan update --name my-plan --resource-group my-rg --sku S1
+az webapp scale --name my-webapp --resource-group my-rg --instance-count 3
+
+# Deployment slots
+az webapp deployment slot create --name my-webapp --resource-group my-rg --slot staging
+az webapp deployment slot swap --name my-webapp --resource-group my-rg --slot staging --target-slot production
+
+# Custom domain
+az webapp config hostname add --webapp-name my-webapp --resource-group my-rg --hostname www.example.com
+az webapp config ssl bind --certificate-thumbprint THUMBPRINT --ssl-type SNI \
+  --name my-webapp --resource-group my-rg
+
+# Restart / stop
+az webapp restart --name my-webapp --resource-group my-rg
+az webapp stop --name my-webapp --resource-group my-rg
+az webapp start --name my-webapp --resource-group my-rg
+
+# ⚠️ DESTRUCTIVE
+az webapp delete --name my-webapp --resource-group my-rg
+az appservice plan delete --name my-plan --resource-group my-rg
+```
+
+### App Service Pricing
+
+| SKU | ~Cost/mo | vCPU | RAM | Notes |
+|-----|----------|------|-----|-------|
+| F1 | Free | Shared | 1 GB | Dev/test, 60 min/day |
+| B1 | ~$13 | 1 | 1.75 GB | Basic |
+| S1 | ~$73 | 1 | 1.75 GB | Standard, slots, autoscale |
+| P1v3 | ~$138 | 2 | 8 GB | Premium, VNet integration |
+
+## Azure Functions
+
+```bash
+# Create Function App (Consumption plan — pay per execution)
+az functionapp create \
+  --resource-group my-rg \
+  --name my-func \
+  --consumption-plan-location westeurope \
+  --runtime node \
+  --runtime-version 20 \
+  --storage-account mystorageaccount \
+  --functions-version 4
+
+# Deploy from local
+func azure functionapp publish my-func
+
+# Or with zip deploy
+az functionapp deployment source config-zip \
+  --resource-group my-rg \
+  --name my-func \
+  --src app.zip
+
+# READ
+az functionapp list --resource-group my-rg -o table
+az functionapp show --name my-func --resource-group my-rg -o json
+az functionapp function list --name my-func --resource-group my-rg -o json
+
+# App settings
+az functionapp config appsettings set \
+  --resource-group my-rg \
+  --name my-func \
+  --settings KEY=value
+
+# ⚠️ DESTRUCTIVE
+az functionapp delete --name my-func --resource-group my-rg
+```
+
+## Container Apps
+
+```bash
+# Create Container Apps environment
+az containerapp env create \
+  --resource-group my-rg \
+  --name my-env \
+  --location westeurope
+
+# WRITE — deploy container app
+az containerapp create \
+  --resource-group my-rg \
+  --name my-app \
+  --environment my-env \
+  --image myregistry.azurecr.io/myimage:tag \
+  --target-port 8080 \
+  --ingress external \
+  --cpu 0.5 --memory 1.0Gi \
+  --min-replicas 0 --max-replicas 5
+
+# Deploy from source (buildpack)
+az containerapp up --name my-app --resource-group my-rg --source .
+
+# READ
+az containerapp list --resource-group my-rg -o table
+az containerapp show --name my-app --resource-group my-rg -o json
+az containerapp logs show --name my-app --resource-group my-rg
+
+# Update image
+az containerapp update --name my-app --resource-group my-rg \
+  --image myregistry.azurecr.io/myimage:newtag
+
+# Scale rules
+az containerapp update --name my-app --resource-group my-rg \
+  --min-replicas 1 --max-replicas 10
+
+# Environment variables / secrets
+az containerapp update --name my-app --resource-group my-rg \
+  --set-env-vars "KEY=value" "SECRET=secretref:my-secret"
+
+# Revisions
+az containerapp revision list --name my-app --resource-group my-rg -o table
+
+# ⚠️ DESTRUCTIVE
+az containerapp delete --name my-app --resource-group my-rg
+az containerapp env delete --name my-env --resource-group my-rg
+```
+
+## Azure Kubernetes Service (AKS)
+
+```bash
+# ⚠️ EXPENSIVE — ~$70+/month for 3-node Standard_B2s cluster (+ node costs)
+az aks create \
+  --resource-group my-rg \
+  --name my-cluster \
+  --node-count 3 \
+  --node-vm-size Standard_B2s \
+  --enable-managed-identity \
+  --generate-ssh-keys \
+  --location westeurope
+
+# Get kubectl credentials
+az aks get-credentials --resource-group my-rg --name my-cluster
+
+# READ
+az aks list -o table
+az aks show --name my-cluster --resource-group my-rg -o json
+az aks nodepool list --cluster-name my-cluster --resource-group my-rg -o table
+
+# Scale
+az aks scale --name my-cluster --resource-group my-rg --node-count 5
+az aks nodepool scale --cluster-name my-cluster --resource-group my-rg \
+  --name nodepool1 --node-count 2
+
+# Enable autoscaler
+az aks update --name my-cluster --resource-group my-rg \
+  --enable-cluster-autoscaler --min-count 1 --max-count 10
+
+# Upgrade
+az aks get-upgrades --name my-cluster --resource-group my-rg -o table
+az aks upgrade --name my-cluster --resource-group my-rg --kubernetes-version 1.29.0
+
+# ⚠️ DESTRUCTIVE
+az aks delete --name my-cluster --resource-group my-rg
+```
+
+## Azure Container Registry (ACR)
+
+```bash
+# Create registry
+az acr create --resource-group my-rg --name myregistry --sku Basic
+
+# Login to registry
+az acr login --name myregistry
+
+# Build and push (ACR Tasks — no local Docker needed)
+az acr build --registry myregistry --image myimage:tag .
+
+# Tag and push (local Docker)
+docker tag myimage myregistry.azurecr.io/myimage:tag
+docker push myregistry.azurecr.io/myimage:tag
+
+# READ
+az acr list -o table
+az acr repository list --name myregistry -o json
+az acr repository show-tags --name myregistry --repository myimage -o json
+
+# ⚠️ DESTRUCTIVE
+az acr repository delete --name myregistry --repository myimage --tag tag
+az acr delete --name myregistry --resource-group my-rg
+```
+
+### Grant AKS access to ACR
+
+```bash
+az aks update --name my-cluster --resource-group my-rg --attach-acr myregistry
+```

package/azure/azcli/storage.md

@@ -0,0 +1,215 @@
+# Storage: Accounts, Blobs, File Shares, Queues, Tables
+
+## Storage Accounts
+
+```bash
+# Check name availability (globally unique)
+az storage account check-name --name mystorageaccount -o json
+
+# Create
+az storage account create \
+  --resource-group my-rg \
+  --name mystorageaccount \
+  --location westeurope \
+  --sku Standard_LRS \
+  --kind StorageV2
+
+# READ
+az storage account list --resource-group my-rg -o table
+az storage account show --name mystorageaccount --resource-group my-rg -o json
+
+# Get connection string (for apps)
+az storage account show-connection-string --name mystorageaccount -o tsv
+
+# Get access keys
+az storage account keys list --account-name mystorageaccount -o json
+
+# ⚠️ SECURITY — regenerate key (invalidates existing connections using that key)
+az storage account keys renew --account-name mystorageaccount --key primary
+
+# ⚠️ DESTRUCTIVE
+az storage account delete --name mystorageaccount --resource-group my-rg
+```
+
+### SKU Reference
+
+| SKU | Redundancy | ~Cost (100GB/mo) |
+|-----|-----------|-------------------|
+| `Standard_LRS` | Local (3 copies, 1 datacenter) | ~$2 |
+| `Standard_ZRS` | Zone (3 zones) | ~$2.50 |
+| `Standard_GRS` | Geo (2 regions) | ~$4 |
+| `Premium_LRS` | Local, SSD | ~$15 |
+
+## Blob Storage
+
+### Auth for blob commands
+
+```bash
+# Option 1: Use login credentials (RBAC — preferred)
+# Requires "Storage Blob Data Contributor" role
+az storage blob list --account-name mystorageaccount --container-name mycontainer --auth-mode login -o table
+
+# Option 2: Connection string (convenient for scripts)
+export AZURE_STORAGE_CONNECTION_STRING=$(az storage account show-connection-string --name mystorageaccount -o tsv)
+
+# Option 3: Account key
+export AZURE_STORAGE_KEY=$(az storage account keys list --account-name mystorageaccount --query "[0].value" -o tsv)
+```
+
+### Containers
+
+```bash
+# Create container
+az storage container create --name mycontainer --account-name mystorageaccount
+
+# List containers
+az storage container list --account-name mystorageaccount -o table
+
+# ⚠️ DESTRUCTIVE
+az storage container delete --name mycontainer --account-name mystorageaccount
+```
+
+### Upload & Download
+
+```bash
+# Upload single file
+az storage blob upload \
+  --account-name mystorageaccount \
+  --container-name mycontainer \
+  --file ./local.txt \
+  --name remote.txt
+
+# Upload directory (batch)
+az storage blob upload-batch \
+  --account-name mystorageaccount \
+  --destination mycontainer \
+  --source ./local-dir
+
+# Download
+az storage blob download \
+  --account-name mystorageaccount \
+  --container-name mycontainer \
+  --name remote.txt \
+  --file ./local.txt
+
+# Download directory
+az storage blob download-batch \
+  --account-name mystorageaccount \
+  --source mycontainer \
+  --destination ./local-dir
+
+# Copy between containers/accounts
+az storage blob copy start \
+  --destination-container dest-container \
+  --destination-blob dest.txt \
+  --source-uri "https://sourceaccount.blob.core.windows.net/source-container/source.txt" \
+  --account-name destaccount
+```
+
+### List & Info
+
+```bash
+az storage blob list --account-name mystorageaccount --container-name mycontainer -o table
+az storage blob show --account-name mystorageaccount --container-name mycontainer --name myfile.txt -o json
+
+# Show blob content (small files)
+az storage blob download --account-name mystorageaccount --container-name mycontainer --name myfile.txt --file /dev/stdout
+```
+
+### Delete
+
+```bash
+# ⚠️ DESTRUCTIVE
+az storage blob delete --account-name mystorageaccount --container-name mycontainer --name myfile.txt
+
+# Batch delete
+az storage blob delete-batch --account-name mystorageaccount --source mycontainer --pattern "*.tmp"
+```
+
+### SAS Tokens
+
+```bash
+# Generate SAS for a blob (time-limited access)
+END=$(date -u -d "+1 hour" +%Y-%m-%dT%H:%MZ)
+az storage blob generate-sas \
+  --account-name mystorageaccount \
+  --container-name mycontainer \
+  --name myfile.txt \
+  --permissions r \
+  --expiry "$END" \
+  --auth-mode key -o tsv
+
+# Generate SAS for entire container
+az storage container generate-sas \
+  --account-name mystorageaccount \
+  --name mycontainer \
+  --permissions rl \
+  --expiry "$END" \
+  --auth-mode key -o tsv
+```
+
+## File Shares (Azure Files)
+
+```bash
+# Create share
+az storage share create --name myshare --account-name mystorageaccount --quota 5
+
+# Upload
+az storage file upload --share-name myshare --source ./local.txt --account-name mystorageaccount
+
+# Download
+az storage file download --share-name myshare --path remote.txt --dest ./local.txt --account-name mystorageaccount
+
+# List
+az storage file list --share-name myshare --account-name mystorageaccount -o table
+
+# Create directory
+az storage directory create --share-name myshare --name mydir --account-name mystorageaccount
+
+# ⚠️ DESTRUCTIVE
+az storage share delete --name myshare --account-name mystorageaccount
+```
+
+## Queues
+
+```bash
+az storage queue create --name myqueue --account-name mystorageaccount
+az storage queue list --account-name mystorageaccount -o table
+
+# Put message
+az storage message put --queue-name myqueue --content "Hello" --account-name mystorageaccount
+
+# Peek (read without removing)
+az storage message peek --queue-name myqueue --account-name mystorageaccount -o json
+
+# Get (read and start visibility timeout)
+az storage message get --queue-name myqueue --account-name mystorageaccount -o json
+
+# ⚠️ DESTRUCTIVE
+az storage queue delete --name myqueue --account-name mystorageaccount
+```
+
+## Tables
+
+```bash
+az storage table create --name mytable --account-name mystorageaccount
+az storage table list --account-name mystorageaccount -o table
+
+# ⚠️ DESTRUCTIVE
+az storage table delete --name mytable --account-name mystorageaccount
+```
+
+## azcopy (Bulk Transfers)
+
+For large-scale transfers, use `azcopy` instead of `az storage blob`:
+
+```bash
+# Login (uses Azure AD)
+azcopy login
+
+# Sync local → blob
+azcopy sync ./local-dir "https://mystorageaccount.blob.core.windows.net/mycontainer" --recursive
+
+# Copy with SAS
+azcopy copy ./local.txt "https://mystorageaccount.blob.core.windows.net/mycontainer/remote.txt?$SAS_TOKEN"
+```

package/google-cloud/gcloud/SKILL.md

@@ -53,6 +53,7 @@ Operations classified by risk. **Follow this model for all gcloud commands.**
 | **FORBIDDEN** | Refuse; escalate to human | `gcloud iam service-accounts keys create`, `gcloud projects delete`, passwords in CLI args |
 
 **Rules**:
+
 - **Never combine `--quiet` with destructive operations** — it suppresses the only safety gate
 - **Never put passwords/secrets as command-line arguments** — visible in process list & shell history
 - **Always use `--format=json`** for machine-parseable output (agents can't reliably parse tables)
@@ -60,7 +61,7 @@ Operations classified by risk. **Follow this model for all gcloud commands.**
 
 ## Command Structure
 
-```
+```text
 gcloud [RELEASE_LEVEL] COMPONENT ENTITY OPERATION [ARGS] [FLAGS]
 ```
 

package/google-cloud/gcloud/auth.md

@@ -47,6 +47,7 @@ gcloud auth application-default revoke
 ```
 
 **ADC search order**:
+
 1. `GOOGLE_APPLICATION_CREDENTIALS` env var
 2. `~/.config/gcloud/application_default_credentials.json`
 3. GCE/GKE metadata server (when running on GCP)
@@ -102,6 +103,7 @@ gcloud config get-value compute/zone
 ```
 
 Common mismatches that cause failures:
+
 - VM in `europe-west1-b` connecting to Cloud SQL in `us-central1`
 - GKE cluster in one zone, persistent disks in another
 - Cloud Run in `europe-west1` accessing a VPC in `us-east1`