@sylix/coworker 2.0.10 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/slash/config.d.ts.map +1 -1
- package/dist/commands/slash/config.js +23 -5
- package/dist/commands/slash/config.js.map +1 -1
- package/dist/commands/slash/todo.js +1 -1
- package/dist/commands/slash/todo.js.map +1 -1
- package/dist/core/CoWorkerAgent.d.ts.map +1 -1
- package/dist/core/CoWorkerAgent.js +6 -3
- package/dist/core/CoWorkerAgent.js.map +1 -1
- package/dist/permissions/PermissionInterceptor.js +1 -1
- package/dist/permissions/PermissionInterceptor.js.map +1 -1
- package/dist/skills/defaults/accessibility/screen-reader-testing.md +545 -0
- package/dist/skills/defaults/accessibility/wcag-audit-patterns.md +555 -0
- package/dist/skills/defaults/ai-ml/rag.md +276 -0
- package/dist/skills/defaults/backend-development/api-design-principles.md +528 -0
- package/dist/skills/defaults/backend-development/api-design.md +285 -0
- package/dist/skills/defaults/backend-development/architecture-patterns.md +494 -0
- package/dist/skills/defaults/backend-development/async-python.md +237 -0
- package/dist/skills/defaults/backend-development/auth-implementation-patterns.md +638 -0
- package/dist/skills/defaults/backend-development/bazel-build-optimization.md +387 -0
- package/dist/skills/defaults/backend-development/billing-automation/SKILL.md +566 -0
- package/dist/skills/defaults/backend-development/code-review-excellence.md +538 -0
- package/dist/skills/defaults/backend-development/cqrs-implementation.md +554 -0
- package/dist/skills/defaults/backend-development/database-design.md +305 -0
- package/dist/skills/defaults/backend-development/debugging-strategies.md +536 -0
- package/dist/skills/defaults/backend-development/e2e-testing-patterns.md +544 -0
- package/dist/skills/defaults/backend-development/error-handling-patterns.md +641 -0
- package/dist/skills/defaults/backend-development/fastapi-templates.md +559 -0
- package/dist/skills/defaults/backend-development/fastapi.md +309 -0
- package/dist/skills/defaults/backend-development/git-advanced-workflows.md +405 -0
- package/dist/skills/defaults/backend-development/microservices-patterns.md +595 -0
- package/dist/skills/defaults/backend-development/microservices.md +284 -0
- package/dist/skills/defaults/backend-development/monorepo-management.md +623 -0
- package/dist/skills/defaults/backend-development/nodejs-backend-patterns.md +1048 -0
- package/dist/skills/defaults/backend-development/nx-workspace-patterns.md +457 -0
- package/dist/skills/defaults/backend-development/paypal-integration/SKILL.md +478 -0
- package/dist/skills/defaults/backend-development/pci-compliance/SKILL.md +480 -0
- package/dist/skills/defaults/backend-development/python-anti-patterns.md +349 -0
- package/dist/skills/defaults/backend-development/python-background-jobs.md +364 -0
- package/dist/skills/defaults/backend-development/python-code-style.md +360 -0
- package/dist/skills/defaults/backend-development/python-configuration.md +368 -0
- package/dist/skills/defaults/backend-development/python-design-patterns.md +296 -0
- package/dist/skills/defaults/backend-development/python-error-handling.md +323 -0
- package/dist/skills/defaults/backend-development/python-packaging.md +887 -0
- package/dist/skills/defaults/backend-development/python-performance-optimization.md +874 -0
- package/dist/skills/defaults/backend-development/python-project-structure.md +252 -0
- package/dist/skills/defaults/backend-development/python-resilience.md +376 -0
- package/dist/skills/defaults/backend-development/python-resource-management.md +421 -0
- package/dist/skills/defaults/backend-development/python-type-safety.md +428 -0
- package/dist/skills/defaults/backend-development/sql-optimization-patterns.md +509 -0
- package/dist/skills/defaults/backend-development/stripe-integration/SKILL.md +522 -0
- package/dist/skills/defaults/backend-development/turborepo-caching.md +376 -0
- package/dist/skills/defaults/blockchain/defi-protocol-templates.md +430 -0
- package/dist/skills/defaults/blockchain/nft-standards.md +364 -0
- package/dist/skills/defaults/blockchain/solidity-security.md +514 -0
- package/dist/skills/defaults/blockchain/web3-testing.md +360 -0
- package/dist/skills/defaults/business/competitive-landscape/SKILL.md +527 -0
- package/dist/skills/defaults/business/market-sizing-analysis/SKILL.md +451 -0
- package/dist/skills/defaults/business/startup-financial-modeling/SKILL.md +494 -0
- package/dist/skills/defaults/business/startup-metrics-framework/SKILL.md +564 -0
- package/dist/skills/defaults/business/team-composition-analysis.md +437 -0
- package/dist/skills/defaults/compliance/employment-contract-templates/SKILL.md +527 -0
- package/dist/skills/defaults/compliance/gdpr-data-handling/SKILL.md +630 -0
- package/dist/skills/defaults/data-engineering/airflow-dag-patterns.md +436 -0
- package/dist/skills/defaults/data-engineering/airflow.md +519 -0
- package/dist/skills/defaults/data-engineering/data-quality.md +583 -0
- package/dist/skills/defaults/data-engineering/dbt-transformation-patterns.md +482 -0
- package/dist/skills/defaults/data-engineering/dbt.md +556 -0
- package/dist/skills/defaults/data-engineering/ml-pipeline-workflow/SKILL.md +247 -0
- package/dist/skills/defaults/data-engineering/spark-optimization.md +348 -0
- package/dist/skills/defaults/data-engineering/spark.md +411 -0
- package/dist/skills/defaults/database/postgresql.md +202 -0
- package/dist/skills/defaults/debugging/systematic-debugging.md +249 -0
- package/dist/skills/defaults/devops/architecture-decision-records.md +448 -0
- package/dist/skills/defaults/devops/changelog-automation.md +580 -0
- package/dist/skills/defaults/devops/cicd.md +314 -0
- package/dist/skills/defaults/devops/cloud.md +263 -0
- package/dist/skills/defaults/devops/code-review-excellence.md +299 -0
- package/dist/skills/defaults/devops/cost-optimization.md +295 -0
- package/dist/skills/defaults/devops/deployment-pipeline-design.md +356 -0
- package/dist/skills/defaults/devops/docker.md +281 -0
- package/dist/skills/defaults/devops/git-workflows.md +205 -0
- package/dist/skills/defaults/devops/github-actions.md +311 -0
- package/dist/skills/defaults/devops/gitlab-ci-patterns.md +266 -0
- package/dist/skills/defaults/devops/hybrid-cloud-networking.md +241 -0
- package/dist/skills/defaults/devops/istio-traffic-management.md +327 -0
- package/dist/skills/defaults/devops/kubernetes.md +339 -0
- package/dist/skills/defaults/devops/linkerd-patterns.md +311 -0
- package/dist/skills/defaults/devops/multi-cloud-architecture.md +181 -0
- package/dist/skills/defaults/devops/observability.md +243 -0
- package/dist/skills/defaults/devops/openapi-spec-generation.md +1024 -0
- package/dist/skills/defaults/devops/postmortem-writing.md +396 -0
- package/dist/skills/defaults/devops/prometheus-configuration.md +265 -0
- package/dist/skills/defaults/devops/secrets-management.md +341 -0
- package/dist/skills/defaults/devops/service-mesh-observability.md +385 -0
- package/dist/skills/defaults/devops/terraform-module-library.md +244 -0
- package/dist/skills/defaults/finance/backtesting-frameworks/SKILL.md +663 -0
- package/dist/skills/defaults/finance/risk-metrics-calculation/SKILL.md +557 -0
- package/dist/skills/defaults/frontend/accessibility-compliance.md +420 -0
- package/dist/skills/defaults/frontend/design-system-patterns.md +337 -0
- package/dist/skills/defaults/frontend/interaction-design.md +327 -0
- package/dist/skills/defaults/frontend/javascript.md +311 -0
- package/dist/skills/defaults/frontend/modern-javascript-patterns.md +927 -0
- package/dist/skills/defaults/frontend/react-native-design.md +440 -0
- package/dist/skills/defaults/frontend/react.md +345 -0
- package/dist/skills/defaults/frontend/responsive-design.md +472 -0
- package/dist/skills/defaults/frontend/tailwind-design-system.md +337 -0
- package/dist/skills/defaults/frontend/typescript-advanced-types.md +724 -0
- package/dist/skills/defaults/frontend/typescript.md +334 -0
- package/dist/skills/defaults/frontend/visual-design-foundations.md +326 -0
- package/dist/skills/defaults/frontend/web-component-design.md +279 -0
- package/dist/skills/defaults/game-development/godot-gdscript-patterns.md +188 -0
- package/dist/skills/defaults/game-development/unity-ecs-patterns.md +594 -0
- package/dist/skills/defaults/kubernetes/gitops-workflow.md +285 -0
- package/dist/skills/defaults/kubernetes/gitops.md +280 -0
- package/dist/skills/defaults/kubernetes/helm-chart-scaffolding.md +553 -0
- package/dist/skills/defaults/kubernetes/helm.md +343 -0
- package/dist/skills/defaults/kubernetes/k8s-manifest-generator.md +501 -0
- package/dist/skills/defaults/kubernetes/k8s-security-policies.md +342 -0
- package/dist/skills/defaults/kubernetes/manifests.md +330 -0
- package/dist/skills/defaults/kubernetes/security.md +337 -0
- package/dist/skills/defaults/llm-application/embedding-strategies.md +608 -0
- package/dist/skills/defaults/llm-application/hybrid-search-implementation.md +570 -0
- package/dist/skills/defaults/llm-application/hybrid-search.md +570 -0
- package/dist/skills/defaults/llm-application/langchain-architecture.md +666 -0
- package/dist/skills/defaults/llm-application/langchain.md +259 -0
- package/dist/skills/defaults/llm-application/llm-evaluation.md +695 -0
- package/dist/skills/defaults/llm-application/prompt-engineering-patterns.md +449 -0
- package/dist/skills/defaults/llm-application/prompt-engineering.md +219 -0
- package/dist/skills/defaults/llm-application/rag-implementation.md +434 -0
- package/dist/skills/defaults/llm-application/similarity-search-patterns.md +560 -0
- package/dist/skills/defaults/llm-application/similarity-search.md +560 -0
- package/dist/skills/defaults/llm-application/vector-index-tuning.md +523 -0
- package/dist/skills/defaults/mobile/mobile-android-design.md +440 -0
- package/dist/skills/defaults/mobile/mobile-ios-design.md +266 -0
- package/dist/skills/defaults/monitoring/distributed-tracing.md +436 -0
- package/dist/skills/defaults/monitoring/grafana-dashboards.md +370 -0
- package/dist/skills/defaults/monitoring/prometheus-configuration.md +379 -0
- package/dist/skills/defaults/monitoring/slo-implementation.md +323 -0
- package/dist/skills/defaults/refactoring/code-refactoring.md +349 -0
- package/dist/skills/defaults/security/anti-reversing-techniques/SKILL.md +559 -0
- package/dist/skills/defaults/security/auditor.md +168 -0
- package/dist/skills/defaults/security/binary-analysis-patterns/SKILL.md +438 -0
- package/dist/skills/defaults/security/memory-forensics/SKILL.md +483 -0
- package/dist/skills/defaults/security/mtls-configuration.md +349 -0
- package/dist/skills/defaults/security/protocol-reverse-engineering/SKILL.md +520 -0
- package/dist/skills/defaults/security/sast-configuration.md +182 -0
- package/dist/skills/defaults/security/security.md +313 -0
- package/dist/skills/defaults/security/stride-analysis.md +273 -0
- package/dist/skills/defaults/security/threat-mitigation-mapping.md +290 -0
- package/dist/skills/defaults/systems/bash-defensive-patterns/SKILL.md +539 -0
- package/dist/skills/defaults/systems/bats-testing-patterns/SKILL.md +631 -0
- package/dist/skills/defaults/systems/go-concurrency-patterns.md +657 -0
- package/dist/skills/defaults/systems/memory-safety-patterns.md +605 -0
- package/dist/skills/defaults/systems/rust-async-patterns.md +519 -0
- package/dist/skills/defaults/systems/shellcheck-configuration/SKILL.md +456 -0
- package/dist/skills/defaults/team-collaboration/multi-reviewer-patterns.md +126 -0
- package/dist/skills/defaults/team-collaboration/parallel-feature-development.md +151 -0
- package/dist/skills/defaults/testing/javascript-testing-patterns.md +1021 -0
- package/dist/skills/defaults/testing/python-testing-patterns.md +351 -0
- package/dist/skills/defaults/testing/testing.md +332 -0
- package/dist/skills/defaults/workflows/context-driven-development.md +384 -0
- package/dist/skills/defaults/workflows/track-management.md +592 -0
- package/dist/skills/defaults/workflows/workflow-patterns.md +622 -0
- package/dist/skills/index.d.ts +11 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +129 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/utils/character.js +6 -9
- package/dist/utils/character.js.map +1 -1
- package/dist/utils/contextManager.js +3 -7
- package/dist/utils/contextManager.js.map +1 -1
- package/dist/utils/inputbar.d.ts.map +1 -1
- package/dist/utils/inputbar.js +8 -1
- package/dist/utils/inputbar.js.map +1 -1
- package/dist/utils/output.d.ts.map +1 -1
- package/dist/utils/output.js +3 -35
- package/dist/utils/output.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,356 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: deployment-pipeline-design
|
|
3
|
+
description: Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use when architecting deployment workflows, setting up continuous delivery, or implementing GitOps practices.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Deployment Pipeline Design
|
|
7
|
+
|
|
8
|
+
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
|
|
9
|
+
|
|
10
|
+
## Purpose
|
|
11
|
+
|
|
12
|
+
Design robust, secure deployment pipelines that balance speed with safety through proper stage organization and approval workflows.
|
|
13
|
+
|
|
14
|
+
## When to Use
|
|
15
|
+
|
|
16
|
+
- Design CI/CD architecture
|
|
17
|
+
- Implement deployment gates
|
|
18
|
+
- Configure multi-environment pipelines
|
|
19
|
+
- Establish deployment best practices
|
|
20
|
+
- Implement progressive delivery
|
|
21
|
+
|
|
22
|
+
## Pipeline Stages
|
|
23
|
+
|
|
24
|
+
### Standard Pipeline Flow
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
┌─────────┐ ┌──────┐ ┌─────────┐ ┌────────┐ ┌──────────┐
|
|
28
|
+
│ Build │ → │ Test │ → │ Staging │ → │ Approve│ → │Production│
|
|
29
|
+
└─────────┘ └──────┘ └─────────┘ └────────┘ └──────────┘
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
### Detailed Stage Breakdown
|
|
33
|
+
|
|
34
|
+
1. **Source** - Code checkout
|
|
35
|
+
2. **Build** - Compile, package, containerize
|
|
36
|
+
3. **Test** - Unit, integration, security scans
|
|
37
|
+
4. **Staging Deploy** - Deploy to staging environment
|
|
38
|
+
5. **Integration Tests** - E2E, smoke tests
|
|
39
|
+
6. **Approval Gate** - Manual approval required
|
|
40
|
+
7. **Production Deploy** - Canary, blue-green, rolling
|
|
41
|
+
8. **Verification** - Health checks, monitoring
|
|
42
|
+
9. **Rollback** - Automated rollback on failure
|
|
43
|
+
|
|
44
|
+
## Approval Gate Patterns
|
|
45
|
+
|
|
46
|
+
### Pattern 1: Manual Approval
|
|
47
|
+
|
|
48
|
+
```yaml
|
|
49
|
+
# GitHub Actions
|
|
50
|
+
production-deploy:
|
|
51
|
+
needs: staging-deploy
|
|
52
|
+
environment:
|
|
53
|
+
name: production
|
|
54
|
+
url: https://app.example.com
|
|
55
|
+
runs-on: ubuntu-latest
|
|
56
|
+
steps:
|
|
57
|
+
- name: Deploy to production
|
|
58
|
+
run: |
|
|
59
|
+
# Deployment commands
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
### Pattern 2: Time-Based Approval
|
|
63
|
+
|
|
64
|
+
```yaml
|
|
65
|
+
# GitLab CI
|
|
66
|
+
deploy:production:
|
|
67
|
+
stage: deploy
|
|
68
|
+
script:
|
|
69
|
+
- deploy.sh production
|
|
70
|
+
environment:
|
|
71
|
+
name: production
|
|
72
|
+
when: delayed
|
|
73
|
+
start_in: 30 minutes
|
|
74
|
+
only:
|
|
75
|
+
- main
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
### Pattern 3: Multi-Approver
|
|
79
|
+
|
|
80
|
+
```yaml
|
|
81
|
+
# Azure Pipelines
|
|
82
|
+
stages:
|
|
83
|
+
- stage: Production
|
|
84
|
+
dependsOn: Staging
|
|
85
|
+
jobs:
|
|
86
|
+
- deployment: Deploy
|
|
87
|
+
environment:
|
|
88
|
+
name: production
|
|
89
|
+
resourceType: Kubernetes
|
|
90
|
+
strategy:
|
|
91
|
+
runOnce:
|
|
92
|
+
preDeploy:
|
|
93
|
+
steps:
|
|
94
|
+
- task: ManualValidation@0
|
|
95
|
+
inputs:
|
|
96
|
+
notifyUsers: "team-leads@example.com"
|
|
97
|
+
instructions: "Review staging metrics before approving"
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
## Deployment Strategies
|
|
101
|
+
|
|
102
|
+
### 1. Rolling Deployment
|
|
103
|
+
|
|
104
|
+
```yaml
|
|
105
|
+
apiVersion: apps/v1
|
|
106
|
+
kind: Deployment
|
|
107
|
+
metadata:
|
|
108
|
+
name: my-app
|
|
109
|
+
spec:
|
|
110
|
+
replicas: 10
|
|
111
|
+
strategy:
|
|
112
|
+
type: RollingUpdate
|
|
113
|
+
rollingUpdate:
|
|
114
|
+
maxSurge: 2
|
|
115
|
+
maxUnavailable: 1
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
**Characteristics:**
|
|
119
|
+
|
|
120
|
+
- Gradual rollout
|
|
121
|
+
- Zero downtime
|
|
122
|
+
- Easy rollback
|
|
123
|
+
- Best for most applications
|
|
124
|
+
|
|
125
|
+
### 2. Blue-Green Deployment
|
|
126
|
+
|
|
127
|
+
```yaml
|
|
128
|
+
# Blue (current)
|
|
129
|
+
kubectl apply -f blue-deployment.yaml
|
|
130
|
+
kubectl label service my-app version=blue
|
|
131
|
+
|
|
132
|
+
# Green (new)
|
|
133
|
+
kubectl apply -f green-deployment.yaml
|
|
134
|
+
# Test green environment
|
|
135
|
+
kubectl label service my-app version=green
|
|
136
|
+
|
|
137
|
+
# Rollback if needed
|
|
138
|
+
kubectl label service my-app version=blue
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
**Characteristics:**
|
|
142
|
+
|
|
143
|
+
- Instant switchover
|
|
144
|
+
- Easy rollback
|
|
145
|
+
- Doubles infrastructure cost temporarily
|
|
146
|
+
- Good for high-risk deployments
|
|
147
|
+
|
|
148
|
+
### 3. Canary Deployment
|
|
149
|
+
|
|
150
|
+
```yaml
|
|
151
|
+
apiVersion: argoproj.io/v1alpha1
|
|
152
|
+
kind: Rollout
|
|
153
|
+
metadata:
|
|
154
|
+
name: my-app
|
|
155
|
+
spec:
|
|
156
|
+
replicas: 10
|
|
157
|
+
strategy:
|
|
158
|
+
canary:
|
|
159
|
+
steps:
|
|
160
|
+
- setWeight: 10
|
|
161
|
+
- pause: { duration: 5m }
|
|
162
|
+
- setWeight: 25
|
|
163
|
+
- pause: { duration: 5m }
|
|
164
|
+
- setWeight: 50
|
|
165
|
+
- pause: { duration: 5m }
|
|
166
|
+
- setWeight: 100
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
**Characteristics:**
|
|
170
|
+
|
|
171
|
+
- Gradual traffic shift
|
|
172
|
+
- Risk mitigation
|
|
173
|
+
- Real user testing
|
|
174
|
+
- Requires service mesh or similar
|
|
175
|
+
|
|
176
|
+
### 4. Feature Flags
|
|
177
|
+
|
|
178
|
+
```python
|
|
179
|
+
from flagsmith import Flagsmith
|
|
180
|
+
|
|
181
|
+
flagsmith = Flagsmith(environment_key="API_KEY")
|
|
182
|
+
|
|
183
|
+
if flagsmith.has_feature("new_checkout_flow"):
|
|
184
|
+
# New code path
|
|
185
|
+
process_checkout_v2()
|
|
186
|
+
else:
|
|
187
|
+
# Existing code path
|
|
188
|
+
process_checkout_v1()
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
**Characteristics:**
|
|
192
|
+
|
|
193
|
+
- Deploy without releasing
|
|
194
|
+
- A/B testing
|
|
195
|
+
- Instant rollback
|
|
196
|
+
- Granular control
|
|
197
|
+
|
|
198
|
+
## Pipeline Orchestration
|
|
199
|
+
|
|
200
|
+
### Multi-Stage Pipeline Example
|
|
201
|
+
|
|
202
|
+
```yaml
|
|
203
|
+
name: Production Pipeline
|
|
204
|
+
|
|
205
|
+
on:
|
|
206
|
+
push:
|
|
207
|
+
branches: [main]
|
|
208
|
+
|
|
209
|
+
jobs:
|
|
210
|
+
build:
|
|
211
|
+
runs-on: ubuntu-latest
|
|
212
|
+
steps:
|
|
213
|
+
- uses: actions/checkout@v4
|
|
214
|
+
- name: Build application
|
|
215
|
+
run: make build
|
|
216
|
+
- name: Build Docker image
|
|
217
|
+
run: docker build -t myapp:${{ github.sha }} .
|
|
218
|
+
- name: Push to registry
|
|
219
|
+
run: docker push myapp:${{ github.sha }}
|
|
220
|
+
|
|
221
|
+
test:
|
|
222
|
+
needs: build
|
|
223
|
+
runs-on: ubuntu-latest
|
|
224
|
+
steps:
|
|
225
|
+
- name: Unit tests
|
|
226
|
+
run: make test
|
|
227
|
+
- name: Security scan
|
|
228
|
+
run: trivy image myapp:${{ github.sha }}
|
|
229
|
+
|
|
230
|
+
deploy-staging:
|
|
231
|
+
needs: test
|
|
232
|
+
runs-on: ubuntu-latest
|
|
233
|
+
environment:
|
|
234
|
+
name: staging
|
|
235
|
+
steps:
|
|
236
|
+
- name: Deploy to staging
|
|
237
|
+
run: kubectl apply -f k8s/staging/
|
|
238
|
+
|
|
239
|
+
integration-test:
|
|
240
|
+
needs: deploy-staging
|
|
241
|
+
runs-on: ubuntu-latest
|
|
242
|
+
steps:
|
|
243
|
+
- name: Run E2E tests
|
|
244
|
+
run: npm run test:e2e
|
|
245
|
+
|
|
246
|
+
deploy-production:
|
|
247
|
+
needs: integration-test
|
|
248
|
+
runs-on: ubuntu-latest
|
|
249
|
+
environment:
|
|
250
|
+
name: production
|
|
251
|
+
steps:
|
|
252
|
+
- name: Canary deployment
|
|
253
|
+
run: |
|
|
254
|
+
kubectl apply -f k8s/production/
|
|
255
|
+
kubectl argo rollouts promote my-app
|
|
256
|
+
|
|
257
|
+
verify:
|
|
258
|
+
needs: deploy-production
|
|
259
|
+
runs-on: ubuntu-latest
|
|
260
|
+
steps:
|
|
261
|
+
- name: Health check
|
|
262
|
+
run: curl -f https://app.example.com/health
|
|
263
|
+
- name: Notify team
|
|
264
|
+
run: |
|
|
265
|
+
curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
|
|
266
|
+
-d '{"text":"Production deployment successful!"}'
|
|
267
|
+
```
|
|
268
|
+
|
|
269
|
+
## Pipeline Best Practices
|
|
270
|
+
|
|
271
|
+
1. **Fail fast** - Run quick tests first
|
|
272
|
+
2. **Parallel execution** - Run independent jobs concurrently
|
|
273
|
+
3. **Caching** - Cache dependencies between runs
|
|
274
|
+
4. **Artifact management** - Store build artifacts
|
|
275
|
+
5. **Environment parity** - Keep environments consistent
|
|
276
|
+
6. **Secrets management** - Use secret stores (Vault, etc.)
|
|
277
|
+
7. **Deployment windows** - Schedule deployments appropriately
|
|
278
|
+
8. **Monitoring integration** - Track deployment metrics
|
|
279
|
+
9. **Rollback automation** - Auto-rollback on failures
|
|
280
|
+
10. **Documentation** - Document pipeline stages
|
|
281
|
+
|
|
282
|
+
## Rollback Strategies
|
|
283
|
+
|
|
284
|
+
### Automated Rollback
|
|
285
|
+
|
|
286
|
+
```yaml
|
|
287
|
+
deploy-and-verify:
|
|
288
|
+
steps:
|
|
289
|
+
- name: Deploy new version
|
|
290
|
+
run: kubectl apply -f k8s/
|
|
291
|
+
|
|
292
|
+
- name: Wait for rollout
|
|
293
|
+
run: kubectl rollout status deployment/my-app
|
|
294
|
+
|
|
295
|
+
- name: Health check
|
|
296
|
+
id: health
|
|
297
|
+
run: |
|
|
298
|
+
for i in {1..10}; do
|
|
299
|
+
if curl -sf https://app.example.com/health; then
|
|
300
|
+
exit 0
|
|
301
|
+
fi
|
|
302
|
+
sleep 10
|
|
303
|
+
done
|
|
304
|
+
exit 1
|
|
305
|
+
|
|
306
|
+
- name: Rollback on failure
|
|
307
|
+
if: failure()
|
|
308
|
+
run: kubectl rollout undo deployment/my-app
|
|
309
|
+
```
|
|
310
|
+
|
|
311
|
+
### Manual Rollback
|
|
312
|
+
|
|
313
|
+
```bash
|
|
314
|
+
# List revision history
|
|
315
|
+
kubectl rollout history deployment/my-app
|
|
316
|
+
|
|
317
|
+
# Rollback to previous version
|
|
318
|
+
kubectl rollout undo deployment/my-app
|
|
319
|
+
|
|
320
|
+
# Rollback to specific revision
|
|
321
|
+
kubectl rollout undo deployment/my-app --to-revision=3
|
|
322
|
+
```
|
|
323
|
+
|
|
324
|
+
## Monitoring and Metrics
|
|
325
|
+
|
|
326
|
+
### Key Pipeline Metrics
|
|
327
|
+
|
|
328
|
+
- **Deployment Frequency** - How often deployments occur
|
|
329
|
+
- **Lead Time** - Time from commit to production
|
|
330
|
+
- **Change Failure Rate** - Percentage of failed deployments
|
|
331
|
+
- **Mean Time to Recovery (MTTR)** - Time to recover from failure
|
|
332
|
+
- **Pipeline Success Rate** - Percentage of successful runs
|
|
333
|
+
- **Average Pipeline Duration** - Time to complete pipeline
|
|
334
|
+
|
|
335
|
+
### Integration with Monitoring
|
|
336
|
+
|
|
337
|
+
```yaml
|
|
338
|
+
- name: Post-deployment verification
|
|
339
|
+
run: |
|
|
340
|
+
# Wait for metrics stabilization
|
|
341
|
+
sleep 60
|
|
342
|
+
|
|
343
|
+
# Check error rate
|
|
344
|
+
ERROR_RATE=$(curl -s "$PROMETHEUS_URL/api/v1/query?query=rate(http_errors_total[5m])" | jq '.data.result[0].value[1]')
|
|
345
|
+
|
|
346
|
+
if (( $(echo "$ERROR_RATE > 0.01" | bc -l) )); then
|
|
347
|
+
echo "Error rate too high: $ERROR_RATE"
|
|
348
|
+
exit 1
|
|
349
|
+
fi
|
|
350
|
+
```
|
|
351
|
+
|
|
352
|
+
## Related Skills
|
|
353
|
+
|
|
354
|
+
- `github-actions-templates` - For GitHub Actions implementation
|
|
355
|
+
- `gitlab-ci-patterns` - For GitLab CI implementation
|
|
356
|
+
- `secrets-management` - For secrets handling
|
|
@@ -0,0 +1,281 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: docker
|
|
3
|
+
description: Master Docker for containerization, multi-stage builds, and production deployment.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Docker Best Practices — CoWorker Edition
|
|
7
|
+
|
|
8
|
+
Build efficient, secure Docker containers.
|
|
9
|
+
|
|
10
|
+
## When to Use This Skill
|
|
11
|
+
|
|
12
|
+
- Containerizing applications
|
|
13
|
+
- Writing Dockerfiles
|
|
14
|
+
- Docker Compose for development
|
|
15
|
+
- Production deployments
|
|
16
|
+
|
|
17
|
+
## Core Concepts
|
|
18
|
+
|
|
19
|
+
### 1. Multi-Stage Builds
|
|
20
|
+
|
|
21
|
+
```dockerfile
|
|
22
|
+
# Build stage
|
|
23
|
+
FROM node:20-alpine AS builder
|
|
24
|
+
|
|
25
|
+
WORKDIR /app
|
|
26
|
+
|
|
27
|
+
# Install dependencies first (better caching)
|
|
28
|
+
COPY package*.json ./
|
|
29
|
+
RUN npm ci
|
|
30
|
+
|
|
31
|
+
# Copy source and build
|
|
32
|
+
COPY . .
|
|
33
|
+
RUN npm run build
|
|
34
|
+
|
|
35
|
+
# Production stage
|
|
36
|
+
FROM node:20-alpine AS runner
|
|
37
|
+
|
|
38
|
+
WORKDIR /app
|
|
39
|
+
|
|
40
|
+
# Create non-root user
|
|
41
|
+
RUN addgroup --system --gid 1001 nodejs && \
|
|
42
|
+
adduser --system --uid 1001 nodejs
|
|
43
|
+
|
|
44
|
+
# Copy only what we need
|
|
45
|
+
COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist
|
|
46
|
+
COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules
|
|
47
|
+
|
|
48
|
+
USER nodejs
|
|
49
|
+
|
|
50
|
+
ENV NODE_ENV=production
|
|
51
|
+
|
|
52
|
+
EXPOSE 3000
|
|
53
|
+
|
|
54
|
+
CMD ["node", "dist/index.js"]
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### 2. Python Multi-Stage
|
|
58
|
+
|
|
59
|
+
```dockerfile
|
|
60
|
+
# Build stage
|
|
61
|
+
FROM python:3.11-slim AS builder
|
|
62
|
+
|
|
63
|
+
WORKDIR /app
|
|
64
|
+
|
|
65
|
+
# Install build dependencies
|
|
66
|
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
67
|
+
gcc \
|
|
68
|
+
libpq-dev \
|
|
69
|
+
&& rm -rf /var/lib/apt/lists/*
|
|
70
|
+
|
|
71
|
+
# Virtual environment
|
|
72
|
+
RUN python -m venv /opt/venv
|
|
73
|
+
ENV PATH="/opt/venv/bin:$PATH"
|
|
74
|
+
|
|
75
|
+
COPY requirements.txt .
|
|
76
|
+
RUN pip install --no-cache-dir -r requirements.txt
|
|
77
|
+
|
|
78
|
+
# Production stage
|
|
79
|
+
FROM python:3.11-slim AS runner
|
|
80
|
+
|
|
81
|
+
WORKDIR /app
|
|
82
|
+
|
|
83
|
+
# Copy virtual environment
|
|
84
|
+
COPY --from=builder /opt/venv /opt/venv
|
|
85
|
+
ENV PATH="/opt/venv/bin:$PATH"
|
|
86
|
+
|
|
87
|
+
# Non-root user
|
|
88
|
+
RUN useradd --create-home appuser
|
|
89
|
+
USER appuser
|
|
90
|
+
|
|
91
|
+
COPY --chown=appuser:appuser . .
|
|
92
|
+
|
|
93
|
+
EXPOSE 8000
|
|
94
|
+
|
|
95
|
+
CMD ["uvicorn", "main:app", "--host", "0.0.0.0"]
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
### 3. Docker Compose for Development
|
|
99
|
+
|
|
100
|
+
```yaml
|
|
101
|
+
version: '3.8'
|
|
102
|
+
|
|
103
|
+
services:
|
|
104
|
+
app:
|
|
105
|
+
build:
|
|
106
|
+
context: .
|
|
107
|
+
target: development
|
|
108
|
+
volumes:
|
|
109
|
+
- .:/app
|
|
110
|
+
- /app/node_modules
|
|
111
|
+
ports:
|
|
112
|
+
- "3000:3000"
|
|
113
|
+
environment:
|
|
114
|
+
- NODE_ENV=development
|
|
115
|
+
- DATABASE_URL=postgres://user:pass@db:5432/devdb
|
|
116
|
+
depends_on:
|
|
117
|
+
db:
|
|
118
|
+
condition: service_healthy
|
|
119
|
+
redis:
|
|
120
|
+
condition: service_started
|
|
121
|
+
|
|
122
|
+
db:
|
|
123
|
+
image: postgres:15-alpine
|
|
124
|
+
environment:
|
|
125
|
+
POSTGRES_USER: user
|
|
126
|
+
POSTGRES_PASSWORD: pass
|
|
127
|
+
POSTGRES_DB: devdb
|
|
128
|
+
volumes:
|
|
129
|
+
- postgres_data:/var/lib/postgresql/data
|
|
130
|
+
healthcheck:
|
|
131
|
+
test: ["CMD-SHELL", "pg_isready -U user"]
|
|
132
|
+
interval: 5s
|
|
133
|
+
timeout: 5s
|
|
134
|
+
retries: 5
|
|
135
|
+
|
|
136
|
+
redis:
|
|
137
|
+
image: redis:7-alpine
|
|
138
|
+
command: redis-server --appendonly yes
|
|
139
|
+
volumes:
|
|
140
|
+
- redis_data:/data
|
|
141
|
+
|
|
142
|
+
volumes:
|
|
143
|
+
postgres_data:
|
|
144
|
+
redis_data:
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
### 4. Security Best Practices
|
|
148
|
+
|
|
149
|
+
```dockerfile
|
|
150
|
+
# Don't use latest tag
|
|
151
|
+
FROM node:20-alpine
|
|
152
|
+
|
|
153
|
+
# Create non-root user
|
|
154
|
+
RUN adduser -D -g '' appuser
|
|
155
|
+
|
|
156
|
+
# Use specific versions
|
|
157
|
+
RUN npm ci --production
|
|
158
|
+
|
|
159
|
+
# Set ownership
|
|
160
|
+
COPY --chown=appuser:appuser . .
|
|
161
|
+
|
|
162
|
+
USER appuser
|
|
163
|
+
|
|
164
|
+
# Read-only filesystem (if possible)
|
|
165
|
+
# docker run --read-only ...
|
|
166
|
+
|
|
167
|
+
# No secrets in image
|
|
168
|
+
# Use runtime environment variables or secrets
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
### 5. Health Checks
|
|
172
|
+
|
|
173
|
+
```dockerfile
|
|
174
|
+
FROM node:20-alpine
|
|
175
|
+
|
|
176
|
+
WORKDIR /app
|
|
177
|
+
|
|
178
|
+
COPY --chown=nodejs:nodejs package*.json ./
|
|
179
|
+
RUN npm ci --only=production
|
|
180
|
+
|
|
181
|
+
COPY --chown=nodejs:nodejs . .
|
|
182
|
+
|
|
183
|
+
USER nodejs
|
|
184
|
+
|
|
185
|
+
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
186
|
+
CMD node -e "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"
|
|
187
|
+
|
|
188
|
+
EXPOSE 3000
|
|
189
|
+
|
|
190
|
+
CMD ["node", "server.js"]
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
### 6. Optimizing Image Size
|
|
194
|
+
|
|
195
|
+
```dockerfile
|
|
196
|
+
# Use alpine base
|
|
197
|
+
FROM node:20-alpine
|
|
198
|
+
|
|
199
|
+
# Don't copy unnecessary files
|
|
200
|
+
.dockerignore:
|
|
201
|
+
# node_modules
|
|
202
|
+
# .git
|
|
203
|
+
# *.md
|
|
204
|
+
# tests/
|
|
205
|
+
# .env*
|
|
206
|
+
|
|
207
|
+
# Use multi-stage builds (see above)
|
|
208
|
+
# Combine RUN statements
|
|
209
|
+
RUN apt-get update && \
|
|
210
|
+
apt-get install -y --no-install-recommends \
|
|
211
|
+
curl \
|
|
212
|
+
&& rm -rf /var/lib/apt/lists/*
|
|
213
|
+
|
|
214
|
+
# Clean up in same layer
|
|
215
|
+
RUN npm ci --production && \
|
|
216
|
+
npm cache clean --force
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
### 7. Production Deployment
|
|
220
|
+
|
|
221
|
+
```yaml
|
|
222
|
+
# docker-compose.production.yml
|
|
223
|
+
version: '3.8'
|
|
224
|
+
|
|
225
|
+
services:
|
|
226
|
+
app:
|
|
227
|
+
image: myapp:${VERSION:-latest}
|
|
228
|
+
restart: unless-stopped
|
|
229
|
+
ports:
|
|
230
|
+
- "3000:3000"
|
|
231
|
+
environment:
|
|
232
|
+
- NODE_ENV=production
|
|
233
|
+
- DATABASE_URL=${DATABASE_URL}
|
|
234
|
+
- REDIS_URL=${REDIS_URL}
|
|
235
|
+
healthcheck:
|
|
236
|
+
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
|
|
237
|
+
interval: 30s
|
|
238
|
+
timeout: 10s
|
|
239
|
+
retries: 3
|
|
240
|
+
deploy:
|
|
241
|
+
resources:
|
|
242
|
+
limits:
|
|
243
|
+
cpus: '1'
|
|
244
|
+
memory: 1G
|
|
245
|
+
reservations:
|
|
246
|
+
cpus: '0.5'
|
|
247
|
+
memory: 512M
|
|
248
|
+
logging:
|
|
249
|
+
driver: "json-file"
|
|
250
|
+
options:
|
|
251
|
+
max-size: "10m"
|
|
252
|
+
max-file: "3"
|
|
253
|
+
networks:
|
|
254
|
+
- frontend
|
|
255
|
+
- backend
|
|
256
|
+
|
|
257
|
+
networks:
|
|
258
|
+
frontend:
|
|
259
|
+
backend:
|
|
260
|
+
internal: true
|
|
261
|
+
```
|
|
262
|
+
|
|
263
|
+
## Best Practices
|
|
264
|
+
|
|
265
|
+
1. **Multi-stage builds** - Smaller images
|
|
266
|
+
2. **Specific versions** - No latest
|
|
267
|
+
3. **Non-root user** - Security
|
|
268
|
+
4. **.dockerignore** - Exclude files
|
|
269
|
+
5. **Layer caching** - Order wisely
|
|
270
|
+
6. **Health checks** - Container health
|
|
271
|
+
7. **Healthchecks** - Production readiness
|
|
272
|
+
|
|
273
|
+
## Common Mistakes
|
|
274
|
+
|
|
275
|
+
- Using `latest` tag
|
|
276
|
+
- Running as root
|
|
277
|
+
- No .dockerignore
|
|
278
|
+
- Copying all files
|
|
279
|
+
- Not using multi-stage
|
|
280
|
+
- No health checks
|
|
281
|
+
- Large image sizes
|