@sylix/coworker 2.0.10 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/slash/config.d.ts.map +1 -1
- package/dist/commands/slash/config.js +23 -5
- package/dist/commands/slash/config.js.map +1 -1
- package/dist/commands/slash/todo.js +1 -1
- package/dist/commands/slash/todo.js.map +1 -1
- package/dist/core/CoWorkerAgent.d.ts.map +1 -1
- package/dist/core/CoWorkerAgent.js +6 -3
- package/dist/core/CoWorkerAgent.js.map +1 -1
- package/dist/permissions/PermissionInterceptor.js +1 -1
- package/dist/permissions/PermissionInterceptor.js.map +1 -1
- package/dist/skills/defaults/accessibility/screen-reader-testing.md +545 -0
- package/dist/skills/defaults/accessibility/wcag-audit-patterns.md +555 -0
- package/dist/skills/defaults/ai-ml/rag.md +276 -0
- package/dist/skills/defaults/backend-development/api-design-principles.md +528 -0
- package/dist/skills/defaults/backend-development/api-design.md +285 -0
- package/dist/skills/defaults/backend-development/architecture-patterns.md +494 -0
- package/dist/skills/defaults/backend-development/async-python.md +237 -0
- package/dist/skills/defaults/backend-development/auth-implementation-patterns.md +638 -0
- package/dist/skills/defaults/backend-development/bazel-build-optimization.md +387 -0
- package/dist/skills/defaults/backend-development/billing-automation/SKILL.md +566 -0
- package/dist/skills/defaults/backend-development/code-review-excellence.md +538 -0
- package/dist/skills/defaults/backend-development/cqrs-implementation.md +554 -0
- package/dist/skills/defaults/backend-development/database-design.md +305 -0
- package/dist/skills/defaults/backend-development/debugging-strategies.md +536 -0
- package/dist/skills/defaults/backend-development/e2e-testing-patterns.md +544 -0
- package/dist/skills/defaults/backend-development/error-handling-patterns.md +641 -0
- package/dist/skills/defaults/backend-development/fastapi-templates.md +559 -0
- package/dist/skills/defaults/backend-development/fastapi.md +309 -0
- package/dist/skills/defaults/backend-development/git-advanced-workflows.md +405 -0
- package/dist/skills/defaults/backend-development/microservices-patterns.md +595 -0
- package/dist/skills/defaults/backend-development/microservices.md +284 -0
- package/dist/skills/defaults/backend-development/monorepo-management.md +623 -0
- package/dist/skills/defaults/backend-development/nodejs-backend-patterns.md +1048 -0
- package/dist/skills/defaults/backend-development/nx-workspace-patterns.md +457 -0
- package/dist/skills/defaults/backend-development/paypal-integration/SKILL.md +478 -0
- package/dist/skills/defaults/backend-development/pci-compliance/SKILL.md +480 -0
- package/dist/skills/defaults/backend-development/python-anti-patterns.md +349 -0
- package/dist/skills/defaults/backend-development/python-background-jobs.md +364 -0
- package/dist/skills/defaults/backend-development/python-code-style.md +360 -0
- package/dist/skills/defaults/backend-development/python-configuration.md +368 -0
- package/dist/skills/defaults/backend-development/python-design-patterns.md +296 -0
- package/dist/skills/defaults/backend-development/python-error-handling.md +323 -0
- package/dist/skills/defaults/backend-development/python-packaging.md +887 -0
- package/dist/skills/defaults/backend-development/python-performance-optimization.md +874 -0
- package/dist/skills/defaults/backend-development/python-project-structure.md +252 -0
- package/dist/skills/defaults/backend-development/python-resilience.md +376 -0
- package/dist/skills/defaults/backend-development/python-resource-management.md +421 -0
- package/dist/skills/defaults/backend-development/python-type-safety.md +428 -0
- package/dist/skills/defaults/backend-development/sql-optimization-patterns.md +509 -0
- package/dist/skills/defaults/backend-development/stripe-integration/SKILL.md +522 -0
- package/dist/skills/defaults/backend-development/turborepo-caching.md +376 -0
- package/dist/skills/defaults/blockchain/defi-protocol-templates.md +430 -0
- package/dist/skills/defaults/blockchain/nft-standards.md +364 -0
- package/dist/skills/defaults/blockchain/solidity-security.md +514 -0
- package/dist/skills/defaults/blockchain/web3-testing.md +360 -0
- package/dist/skills/defaults/business/competitive-landscape/SKILL.md +527 -0
- package/dist/skills/defaults/business/market-sizing-analysis/SKILL.md +451 -0
- package/dist/skills/defaults/business/startup-financial-modeling/SKILL.md +494 -0
- package/dist/skills/defaults/business/startup-metrics-framework/SKILL.md +564 -0
- package/dist/skills/defaults/business/team-composition-analysis.md +437 -0
- package/dist/skills/defaults/compliance/employment-contract-templates/SKILL.md +527 -0
- package/dist/skills/defaults/compliance/gdpr-data-handling/SKILL.md +630 -0
- package/dist/skills/defaults/data-engineering/airflow-dag-patterns.md +436 -0
- package/dist/skills/defaults/data-engineering/airflow.md +519 -0
- package/dist/skills/defaults/data-engineering/data-quality.md +583 -0
- package/dist/skills/defaults/data-engineering/dbt-transformation-patterns.md +482 -0
- package/dist/skills/defaults/data-engineering/dbt.md +556 -0
- package/dist/skills/defaults/data-engineering/ml-pipeline-workflow/SKILL.md +247 -0
- package/dist/skills/defaults/data-engineering/spark-optimization.md +348 -0
- package/dist/skills/defaults/data-engineering/spark.md +411 -0
- package/dist/skills/defaults/database/postgresql.md +202 -0
- package/dist/skills/defaults/debugging/systematic-debugging.md +249 -0
- package/dist/skills/defaults/devops/architecture-decision-records.md +448 -0
- package/dist/skills/defaults/devops/changelog-automation.md +580 -0
- package/dist/skills/defaults/devops/cicd.md +314 -0
- package/dist/skills/defaults/devops/cloud.md +263 -0
- package/dist/skills/defaults/devops/code-review-excellence.md +299 -0
- package/dist/skills/defaults/devops/cost-optimization.md +295 -0
- package/dist/skills/defaults/devops/deployment-pipeline-design.md +356 -0
- package/dist/skills/defaults/devops/docker.md +281 -0
- package/dist/skills/defaults/devops/git-workflows.md +205 -0
- package/dist/skills/defaults/devops/github-actions.md +311 -0
- package/dist/skills/defaults/devops/gitlab-ci-patterns.md +266 -0
- package/dist/skills/defaults/devops/hybrid-cloud-networking.md +241 -0
- package/dist/skills/defaults/devops/istio-traffic-management.md +327 -0
- package/dist/skills/defaults/devops/kubernetes.md +339 -0
- package/dist/skills/defaults/devops/linkerd-patterns.md +311 -0
- package/dist/skills/defaults/devops/multi-cloud-architecture.md +181 -0
- package/dist/skills/defaults/devops/observability.md +243 -0
- package/dist/skills/defaults/devops/openapi-spec-generation.md +1024 -0
- package/dist/skills/defaults/devops/postmortem-writing.md +396 -0
- package/dist/skills/defaults/devops/prometheus-configuration.md +265 -0
- package/dist/skills/defaults/devops/secrets-management.md +341 -0
- package/dist/skills/defaults/devops/service-mesh-observability.md +385 -0
- package/dist/skills/defaults/devops/terraform-module-library.md +244 -0
- package/dist/skills/defaults/finance/backtesting-frameworks/SKILL.md +663 -0
- package/dist/skills/defaults/finance/risk-metrics-calculation/SKILL.md +557 -0
- package/dist/skills/defaults/frontend/accessibility-compliance.md +420 -0
- package/dist/skills/defaults/frontend/design-system-patterns.md +337 -0
- package/dist/skills/defaults/frontend/interaction-design.md +327 -0
- package/dist/skills/defaults/frontend/javascript.md +311 -0
- package/dist/skills/defaults/frontend/modern-javascript-patterns.md +927 -0
- package/dist/skills/defaults/frontend/react-native-design.md +440 -0
- package/dist/skills/defaults/frontend/react.md +345 -0
- package/dist/skills/defaults/frontend/responsive-design.md +472 -0
- package/dist/skills/defaults/frontend/tailwind-design-system.md +337 -0
- package/dist/skills/defaults/frontend/typescript-advanced-types.md +724 -0
- package/dist/skills/defaults/frontend/typescript.md +334 -0
- package/dist/skills/defaults/frontend/visual-design-foundations.md +326 -0
- package/dist/skills/defaults/frontend/web-component-design.md +279 -0
- package/dist/skills/defaults/game-development/godot-gdscript-patterns.md +188 -0
- package/dist/skills/defaults/game-development/unity-ecs-patterns.md +594 -0
- package/dist/skills/defaults/kubernetes/gitops-workflow.md +285 -0
- package/dist/skills/defaults/kubernetes/gitops.md +280 -0
- package/dist/skills/defaults/kubernetes/helm-chart-scaffolding.md +553 -0
- package/dist/skills/defaults/kubernetes/helm.md +343 -0
- package/dist/skills/defaults/kubernetes/k8s-manifest-generator.md +501 -0
- package/dist/skills/defaults/kubernetes/k8s-security-policies.md +342 -0
- package/dist/skills/defaults/kubernetes/manifests.md +330 -0
- package/dist/skills/defaults/kubernetes/security.md +337 -0
- package/dist/skills/defaults/llm-application/embedding-strategies.md +608 -0
- package/dist/skills/defaults/llm-application/hybrid-search-implementation.md +570 -0
- package/dist/skills/defaults/llm-application/hybrid-search.md +570 -0
- package/dist/skills/defaults/llm-application/langchain-architecture.md +666 -0
- package/dist/skills/defaults/llm-application/langchain.md +259 -0
- package/dist/skills/defaults/llm-application/llm-evaluation.md +695 -0
- package/dist/skills/defaults/llm-application/prompt-engineering-patterns.md +449 -0
- package/dist/skills/defaults/llm-application/prompt-engineering.md +219 -0
- package/dist/skills/defaults/llm-application/rag-implementation.md +434 -0
- package/dist/skills/defaults/llm-application/similarity-search-patterns.md +560 -0
- package/dist/skills/defaults/llm-application/similarity-search.md +560 -0
- package/dist/skills/defaults/llm-application/vector-index-tuning.md +523 -0
- package/dist/skills/defaults/mobile/mobile-android-design.md +440 -0
- package/dist/skills/defaults/mobile/mobile-ios-design.md +266 -0
- package/dist/skills/defaults/monitoring/distributed-tracing.md +436 -0
- package/dist/skills/defaults/monitoring/grafana-dashboards.md +370 -0
- package/dist/skills/defaults/monitoring/prometheus-configuration.md +379 -0
- package/dist/skills/defaults/monitoring/slo-implementation.md +323 -0
- package/dist/skills/defaults/refactoring/code-refactoring.md +349 -0
- package/dist/skills/defaults/security/anti-reversing-techniques/SKILL.md +559 -0
- package/dist/skills/defaults/security/auditor.md +168 -0
- package/dist/skills/defaults/security/binary-analysis-patterns/SKILL.md +438 -0
- package/dist/skills/defaults/security/memory-forensics/SKILL.md +483 -0
- package/dist/skills/defaults/security/mtls-configuration.md +349 -0
- package/dist/skills/defaults/security/protocol-reverse-engineering/SKILL.md +520 -0
- package/dist/skills/defaults/security/sast-configuration.md +182 -0
- package/dist/skills/defaults/security/security.md +313 -0
- package/dist/skills/defaults/security/stride-analysis.md +273 -0
- package/dist/skills/defaults/security/threat-mitigation-mapping.md +290 -0
- package/dist/skills/defaults/systems/bash-defensive-patterns/SKILL.md +539 -0
- package/dist/skills/defaults/systems/bats-testing-patterns/SKILL.md +631 -0
- package/dist/skills/defaults/systems/go-concurrency-patterns.md +657 -0
- package/dist/skills/defaults/systems/memory-safety-patterns.md +605 -0
- package/dist/skills/defaults/systems/rust-async-patterns.md +519 -0
- package/dist/skills/defaults/systems/shellcheck-configuration/SKILL.md +456 -0
- package/dist/skills/defaults/team-collaboration/multi-reviewer-patterns.md +126 -0
- package/dist/skills/defaults/team-collaboration/parallel-feature-development.md +151 -0
- package/dist/skills/defaults/testing/javascript-testing-patterns.md +1021 -0
- package/dist/skills/defaults/testing/python-testing-patterns.md +351 -0
- package/dist/skills/defaults/testing/testing.md +332 -0
- package/dist/skills/defaults/workflows/context-driven-development.md +384 -0
- package/dist/skills/defaults/workflows/track-management.md +592 -0
- package/dist/skills/defaults/workflows/workflow-patterns.md +622 -0
- package/dist/skills/index.d.ts +11 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +129 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/utils/character.js +6 -9
- package/dist/utils/character.js.map +1 -1
- package/dist/utils/contextManager.js +3 -7
- package/dist/utils/contextManager.js.map +1 -1
- package/dist/utils/inputbar.d.ts.map +1 -1
- package/dist/utils/inputbar.js +8 -1
- package/dist/utils/inputbar.js.map +1 -1
- package/dist/utils/output.d.ts.map +1 -1
- package/dist/utils/output.js +3 -35
- package/dist/utils/output.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,266 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: gitlab-ci-patterns
|
|
3
|
+
description: Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# GitLab CI Patterns
|
|
7
|
+
|
|
8
|
+
Comprehensive GitLab CI/CD pipeline patterns for automated testing, building, and deployment.
|
|
9
|
+
|
|
10
|
+
## Purpose
|
|
11
|
+
|
|
12
|
+
Create efficient GitLab CI pipelines with proper stage organization, caching, and deployment strategies.
|
|
13
|
+
|
|
14
|
+
## When to Use
|
|
15
|
+
|
|
16
|
+
- Automate GitLab-based CI/CD
|
|
17
|
+
- Implement multi-stage pipelines
|
|
18
|
+
- Configure GitLab Runners
|
|
19
|
+
- Deploy to Kubernetes from GitLab
|
|
20
|
+
- Implement GitOps workflows
|
|
21
|
+
|
|
22
|
+
## Basic Pipeline Structure
|
|
23
|
+
|
|
24
|
+
```yaml
|
|
25
|
+
stages:
|
|
26
|
+
- build
|
|
27
|
+
- test
|
|
28
|
+
- deploy
|
|
29
|
+
|
|
30
|
+
variables:
|
|
31
|
+
DOCKER_DRIVER: overlay2
|
|
32
|
+
DOCKER_TLS_CERTDIR: "/certs"
|
|
33
|
+
|
|
34
|
+
build:
|
|
35
|
+
stage: build
|
|
36
|
+
image: node:20
|
|
37
|
+
script:
|
|
38
|
+
- npm ci
|
|
39
|
+
- npm run build
|
|
40
|
+
artifacts:
|
|
41
|
+
paths:
|
|
42
|
+
- dist/
|
|
43
|
+
expire_in: 1 hour
|
|
44
|
+
cache:
|
|
45
|
+
key: ${CI_COMMIT_REF_SLUG}
|
|
46
|
+
paths:
|
|
47
|
+
- node_modules/
|
|
48
|
+
|
|
49
|
+
test:
|
|
50
|
+
stage: test
|
|
51
|
+
image: node:20
|
|
52
|
+
script:
|
|
53
|
+
- npm ci
|
|
54
|
+
- npm run lint
|
|
55
|
+
- npm test
|
|
56
|
+
coverage: '/Lines\s*:\s*(\d+\.\d+)%/'
|
|
57
|
+
artifacts:
|
|
58
|
+
reports:
|
|
59
|
+
coverage_report:
|
|
60
|
+
coverage_format: cobertura
|
|
61
|
+
path: coverage/cobertura-coverage.xml
|
|
62
|
+
|
|
63
|
+
deploy:
|
|
64
|
+
stage: deploy
|
|
65
|
+
image: bitnami/kubectl:latest
|
|
66
|
+
script:
|
|
67
|
+
- kubectl apply -f k8s/
|
|
68
|
+
- kubectl rollout status deployment/my-app
|
|
69
|
+
only:
|
|
70
|
+
- main
|
|
71
|
+
environment:
|
|
72
|
+
name: production
|
|
73
|
+
url: https://app.example.com
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## Docker Build and Push
|
|
77
|
+
|
|
78
|
+
```yaml
|
|
79
|
+
build-docker:
|
|
80
|
+
stage: build
|
|
81
|
+
image: docker:24
|
|
82
|
+
services:
|
|
83
|
+
- docker:24-dind
|
|
84
|
+
before_script:
|
|
85
|
+
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
86
|
+
script:
|
|
87
|
+
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
|
|
88
|
+
- docker build -t $CI_REGISTRY_IMAGE:latest .
|
|
89
|
+
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
|
90
|
+
- docker push $CI_REGISTRY_IMAGE:latest
|
|
91
|
+
only:
|
|
92
|
+
- main
|
|
93
|
+
- tags
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
## Multi-Environment Deployment
|
|
97
|
+
|
|
98
|
+
```yaml
|
|
99
|
+
.deploy_template: &deploy_template
|
|
100
|
+
image: bitnami/kubectl:latest
|
|
101
|
+
before_script:
|
|
102
|
+
- kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
|
|
103
|
+
- kubectl config set-credentials admin --token="$KUBE_TOKEN"
|
|
104
|
+
- kubectl config set-context default --cluster=k8s --user=admin
|
|
105
|
+
- kubectl config use-context default
|
|
106
|
+
|
|
107
|
+
deploy:staging:
|
|
108
|
+
<<: *deploy_template
|
|
109
|
+
stage: deploy
|
|
110
|
+
script:
|
|
111
|
+
- kubectl apply -f k8s/ -n staging
|
|
112
|
+
- kubectl rollout status deployment/my-app -n staging
|
|
113
|
+
environment:
|
|
114
|
+
name: staging
|
|
115
|
+
url: https://staging.example.com
|
|
116
|
+
only:
|
|
117
|
+
- develop
|
|
118
|
+
|
|
119
|
+
deploy:production:
|
|
120
|
+
<<: *deploy_template
|
|
121
|
+
stage: deploy
|
|
122
|
+
script:
|
|
123
|
+
- kubectl apply -f k8s/ -n production
|
|
124
|
+
- kubectl rollout status deployment/my-app -n production
|
|
125
|
+
environment:
|
|
126
|
+
name: production
|
|
127
|
+
url: https://app.example.com
|
|
128
|
+
when: manual
|
|
129
|
+
only:
|
|
130
|
+
- main
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## Terraform Pipeline
|
|
134
|
+
|
|
135
|
+
```yaml
|
|
136
|
+
stages:
|
|
137
|
+
- validate
|
|
138
|
+
- plan
|
|
139
|
+
- apply
|
|
140
|
+
|
|
141
|
+
variables:
|
|
142
|
+
TF_ROOT: ${CI_PROJECT_DIR}/terraform
|
|
143
|
+
TF_VERSION: "1.6.0"
|
|
144
|
+
|
|
145
|
+
before_script:
|
|
146
|
+
- cd ${TF_ROOT}
|
|
147
|
+
- terraform --version
|
|
148
|
+
|
|
149
|
+
validate:
|
|
150
|
+
stage: validate
|
|
151
|
+
image: hashicorp/terraform:${TF_VERSION}
|
|
152
|
+
script:
|
|
153
|
+
- terraform init -backend=false
|
|
154
|
+
- terraform validate
|
|
155
|
+
- terraform fmt -check
|
|
156
|
+
|
|
157
|
+
plan:
|
|
158
|
+
stage: plan
|
|
159
|
+
image: hashicorp/terraform:${TF_VERSION}
|
|
160
|
+
script:
|
|
161
|
+
- terraform init
|
|
162
|
+
- terraform plan -out=tfplan
|
|
163
|
+
artifacts:
|
|
164
|
+
paths:
|
|
165
|
+
- ${TF_ROOT}/tfplan
|
|
166
|
+
expire_in: 1 day
|
|
167
|
+
|
|
168
|
+
apply:
|
|
169
|
+
stage: apply
|
|
170
|
+
image: hashicorp/terraform:${TF_VERSION}
|
|
171
|
+
script:
|
|
172
|
+
- terraform init
|
|
173
|
+
- terraform apply -auto-approve tfplan
|
|
174
|
+
dependencies:
|
|
175
|
+
- plan
|
|
176
|
+
when: manual
|
|
177
|
+
only:
|
|
178
|
+
- main
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
## Security Scanning
|
|
182
|
+
|
|
183
|
+
```yaml
|
|
184
|
+
include:
|
|
185
|
+
- template: Security/SAST.gitlab-ci.yml
|
|
186
|
+
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
|
187
|
+
- template: Security/Container-Scanning.gitlab-ci.yml
|
|
188
|
+
|
|
189
|
+
trivy-scan:
|
|
190
|
+
stage: test
|
|
191
|
+
image: aquasec/trivy:latest
|
|
192
|
+
script:
|
|
193
|
+
- trivy image --exit-code 1 --severity HIGH,CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
|
194
|
+
allow_failure: true
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
## Caching Strategies
|
|
198
|
+
|
|
199
|
+
```yaml
|
|
200
|
+
# Cache node_modules
|
|
201
|
+
build:
|
|
202
|
+
cache:
|
|
203
|
+
key: ${CI_COMMIT_REF_SLUG}
|
|
204
|
+
paths:
|
|
205
|
+
- node_modules/
|
|
206
|
+
policy: pull-push
|
|
207
|
+
|
|
208
|
+
# Global cache
|
|
209
|
+
cache:
|
|
210
|
+
key: ${CI_COMMIT_REF_SLUG}
|
|
211
|
+
paths:
|
|
212
|
+
- .cache/
|
|
213
|
+
- vendor/
|
|
214
|
+
|
|
215
|
+
# Separate cache per job
|
|
216
|
+
job1:
|
|
217
|
+
cache:
|
|
218
|
+
key: job1-cache
|
|
219
|
+
paths:
|
|
220
|
+
- build/
|
|
221
|
+
|
|
222
|
+
job2:
|
|
223
|
+
cache:
|
|
224
|
+
key: job2-cache
|
|
225
|
+
paths:
|
|
226
|
+
- dist/
|
|
227
|
+
```
|
|
228
|
+
|
|
229
|
+
## Dynamic Child Pipelines
|
|
230
|
+
|
|
231
|
+
```yaml
|
|
232
|
+
generate-pipeline:
|
|
233
|
+
stage: build
|
|
234
|
+
script:
|
|
235
|
+
- python generate_pipeline.py > child-pipeline.yml
|
|
236
|
+
artifacts:
|
|
237
|
+
paths:
|
|
238
|
+
- child-pipeline.yml
|
|
239
|
+
|
|
240
|
+
trigger-child:
|
|
241
|
+
stage: deploy
|
|
242
|
+
trigger:
|
|
243
|
+
include:
|
|
244
|
+
- artifact: child-pipeline.yml
|
|
245
|
+
job: generate-pipeline
|
|
246
|
+
strategy: depend
|
|
247
|
+
```
|
|
248
|
+
|
|
249
|
+
## Best Practices
|
|
250
|
+
|
|
251
|
+
1. **Use specific image tags** (node:20, not node:latest)
|
|
252
|
+
2. **Cache dependencies** appropriately
|
|
253
|
+
3. **Use artifacts** for build outputs
|
|
254
|
+
4. **Implement manual gates** for production
|
|
255
|
+
5. **Use environments** for deployment tracking
|
|
256
|
+
6. **Enable merge request pipelines**
|
|
257
|
+
7. **Use pipeline schedules** for recurring jobs
|
|
258
|
+
8. **Implement security scanning**
|
|
259
|
+
9. **Use CI/CD variables** for secrets
|
|
260
|
+
10. **Monitor pipeline performance**
|
|
261
|
+
|
|
262
|
+
## Related Skills
|
|
263
|
+
|
|
264
|
+
- `github-actions-templates` - For GitHub Actions
|
|
265
|
+
- `deployment-pipeline-design` - For architecture
|
|
266
|
+
- `secrets-management` - For secrets handling
|
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hybrid-cloud-networking
|
|
3
|
+
description: Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Hybrid Cloud Networking
|
|
7
|
+
|
|
8
|
+
Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.
|
|
9
|
+
|
|
10
|
+
## Purpose
|
|
11
|
+
|
|
12
|
+
Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).
|
|
13
|
+
|
|
14
|
+
## When to Use
|
|
15
|
+
|
|
16
|
+
- Connect on-premises to cloud
|
|
17
|
+
- Extend datacenter to cloud
|
|
18
|
+
- Implement hybrid active-active setups
|
|
19
|
+
- Meet compliance requirements
|
|
20
|
+
- Migrate to cloud gradually
|
|
21
|
+
|
|
22
|
+
## Connection Options
|
|
23
|
+
|
|
24
|
+
### AWS Connectivity
|
|
25
|
+
|
|
26
|
+
#### 1. Site-to-Site VPN
|
|
27
|
+
|
|
28
|
+
- IPSec VPN over internet
|
|
29
|
+
- Up to 1.25 Gbps per tunnel
|
|
30
|
+
- Cost-effective for moderate bandwidth
|
|
31
|
+
- Higher latency, internet-dependent
|
|
32
|
+
|
|
33
|
+
```hcl
|
|
34
|
+
resource "aws_vpn_gateway" "main" {
|
|
35
|
+
vpc_id = aws_vpc.main.id
|
|
36
|
+
tags = {
|
|
37
|
+
Name = "main-vpn-gateway"
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
resource "aws_customer_gateway" "main" {
|
|
42
|
+
bgp_asn = 65000
|
|
43
|
+
ip_address = "203.0.113.1"
|
|
44
|
+
type = "ipsec.1"
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
resource "aws_vpn_connection" "main" {
|
|
48
|
+
vpn_gateway_id = aws_vpn_gateway.main.id
|
|
49
|
+
customer_gateway_id = aws_customer_gateway.main.id
|
|
50
|
+
type = "ipsec.1"
|
|
51
|
+
static_routes_only = false
|
|
52
|
+
}
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
#### 2. AWS Direct Connect
|
|
56
|
+
|
|
57
|
+
- Dedicated network connection
|
|
58
|
+
- 1 Gbps to 100 Gbps
|
|
59
|
+
- Lower latency, consistent bandwidth
|
|
60
|
+
- More expensive, setup time required
|
|
61
|
+
|
|
62
|
+
**Reference:** See `references/direct-connect.md`
|
|
63
|
+
|
|
64
|
+
### Azure Connectivity
|
|
65
|
+
|
|
66
|
+
#### 1. Site-to-Site VPN
|
|
67
|
+
|
|
68
|
+
```hcl
|
|
69
|
+
resource "azurerm_virtual_network_gateway" "vpn" {
|
|
70
|
+
name = "vpn-gateway"
|
|
71
|
+
location = azurerm_resource_group.main.location
|
|
72
|
+
resource_group_name = azurerm_resource_group.main.name
|
|
73
|
+
|
|
74
|
+
type = "Vpn"
|
|
75
|
+
vpn_type = "RouteBased"
|
|
76
|
+
sku = "VpnGw1"
|
|
77
|
+
|
|
78
|
+
ip_configuration {
|
|
79
|
+
name = "vnetGatewayConfig"
|
|
80
|
+
public_ip_address_id = azurerm_public_ip.vpn.id
|
|
81
|
+
private_ip_address_allocation = "Dynamic"
|
|
82
|
+
subnet_id = azurerm_subnet.gateway.id
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
#### 2. Azure ExpressRoute
|
|
88
|
+
|
|
89
|
+
- Private connection via connectivity provider
|
|
90
|
+
- Up to 100 Gbps
|
|
91
|
+
- Low latency, high reliability
|
|
92
|
+
- Premium for global connectivity
|
|
93
|
+
|
|
94
|
+
### GCP Connectivity
|
|
95
|
+
|
|
96
|
+
#### 1. Cloud VPN
|
|
97
|
+
|
|
98
|
+
- IPSec VPN (Classic or HA VPN)
|
|
99
|
+
- HA VPN: 99.99% SLA
|
|
100
|
+
- Up to 3 Gbps per tunnel
|
|
101
|
+
|
|
102
|
+
#### 2. Cloud Interconnect
|
|
103
|
+
|
|
104
|
+
- Dedicated (10 Gbps, 100 Gbps)
|
|
105
|
+
- Partner (50 Mbps to 50 Gbps)
|
|
106
|
+
- Lower latency than VPN
|
|
107
|
+
|
|
108
|
+
## Hybrid Network Patterns
|
|
109
|
+
|
|
110
|
+
### Pattern 1: Hub-and-Spoke
|
|
111
|
+
|
|
112
|
+
```
|
|
113
|
+
On-Premises Datacenter
|
|
114
|
+
↓
|
|
115
|
+
VPN/Direct Connect
|
|
116
|
+
↓
|
|
117
|
+
Transit Gateway (AWS) / vWAN (Azure)
|
|
118
|
+
↓
|
|
119
|
+
├─ Production VPC/VNet
|
|
120
|
+
├─ Staging VPC/VNet
|
|
121
|
+
└─ Development VPC/VNet
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
### Pattern 2: Multi-Region Hybrid
|
|
125
|
+
|
|
126
|
+
```
|
|
127
|
+
On-Premises
|
|
128
|
+
├─ Direct Connect → us-east-1
|
|
129
|
+
└─ Direct Connect → us-west-2
|
|
130
|
+
↓
|
|
131
|
+
Cross-Region Peering
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
### Pattern 3: Multi-Cloud Hybrid
|
|
135
|
+
|
|
136
|
+
```
|
|
137
|
+
On-Premises Datacenter
|
|
138
|
+
├─ Direct Connect → AWS
|
|
139
|
+
├─ ExpressRoute → Azure
|
|
140
|
+
└─ Interconnect → GCP
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
## Routing Configuration
|
|
144
|
+
|
|
145
|
+
### BGP Configuration
|
|
146
|
+
|
|
147
|
+
```
|
|
148
|
+
On-Premises Router:
|
|
149
|
+
- AS Number: 65000
|
|
150
|
+
- Advertise: 10.0.0.0/8
|
|
151
|
+
|
|
152
|
+
Cloud Router:
|
|
153
|
+
- AS Number: 64512 (AWS), 65515 (Azure)
|
|
154
|
+
- Advertise: Cloud VPC/VNet CIDRs
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
### Route Propagation
|
|
158
|
+
|
|
159
|
+
- Enable route propagation on route tables
|
|
160
|
+
- Use BGP for dynamic routing
|
|
161
|
+
- Implement route filtering
|
|
162
|
+
- Monitor route advertisements
|
|
163
|
+
|
|
164
|
+
## Security Best Practices
|
|
165
|
+
|
|
166
|
+
1. **Use private connectivity** (Direct Connect/ExpressRoute)
|
|
167
|
+
2. **Implement encryption** for VPN tunnels
|
|
168
|
+
3. **Use VPC endpoints** to avoid internet routing
|
|
169
|
+
4. **Configure network ACLs** and security groups
|
|
170
|
+
5. **Enable VPC Flow Logs** for monitoring
|
|
171
|
+
6. **Implement DDoS protection**
|
|
172
|
+
7. **Use PrivateLink/Private Endpoints**
|
|
173
|
+
8. **Monitor connections** with CloudWatch/Monitor
|
|
174
|
+
9. **Implement redundancy** (dual tunnels)
|
|
175
|
+
10. **Regular security audits**
|
|
176
|
+
|
|
177
|
+
## High Availability
|
|
178
|
+
|
|
179
|
+
### Dual VPN Tunnels
|
|
180
|
+
|
|
181
|
+
```hcl
|
|
182
|
+
resource "aws_vpn_connection" "primary" {
|
|
183
|
+
vpn_gateway_id = aws_vpn_gateway.main.id
|
|
184
|
+
customer_gateway_id = aws_customer_gateway.primary.id
|
|
185
|
+
type = "ipsec.1"
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
resource "aws_vpn_connection" "secondary" {
|
|
189
|
+
vpn_gateway_id = aws_vpn_gateway.main.id
|
|
190
|
+
customer_gateway_id = aws_customer_gateway.secondary.id
|
|
191
|
+
type = "ipsec.1"
|
|
192
|
+
}
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
### Active-Active Configuration
|
|
196
|
+
|
|
197
|
+
- Multiple connections from different locations
|
|
198
|
+
- BGP for automatic failover
|
|
199
|
+
- Equal-cost multi-path (ECMP) routing
|
|
200
|
+
- Monitor health of all connections
|
|
201
|
+
|
|
202
|
+
## Monitoring and Troubleshooting
|
|
203
|
+
|
|
204
|
+
### Key Metrics
|
|
205
|
+
|
|
206
|
+
- Tunnel status (up/down)
|
|
207
|
+
- Bytes in/out
|
|
208
|
+
- Packet loss
|
|
209
|
+
- Latency
|
|
210
|
+
- BGP session status
|
|
211
|
+
|
|
212
|
+
### Troubleshooting
|
|
213
|
+
|
|
214
|
+
```bash
|
|
215
|
+
# AWS VPN
|
|
216
|
+
aws ec2 describe-vpn-connections
|
|
217
|
+
aws ec2 get-vpn-connection-telemetry
|
|
218
|
+
|
|
219
|
+
# Azure VPN
|
|
220
|
+
az network vpn-connection show
|
|
221
|
+
az network vpn-connection show-device-config-script
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
## Cost Optimization
|
|
225
|
+
|
|
226
|
+
1. **Right-size connections** based on traffic
|
|
227
|
+
2. **Use VPN for low-bandwidth** workloads
|
|
228
|
+
3. **Consolidate traffic** through fewer connections
|
|
229
|
+
4. **Minimize data transfer** costs
|
|
230
|
+
5. **Use Direct Connect** for high bandwidth
|
|
231
|
+
6. **Implement caching** to reduce traffic
|
|
232
|
+
|
|
233
|
+
## Reference Files
|
|
234
|
+
|
|
235
|
+
- `references/vpn-setup.md` - VPN configuration guide
|
|
236
|
+
- `references/direct-connect.md` - Direct Connect setup
|
|
237
|
+
|
|
238
|
+
## Related Skills
|
|
239
|
+
|
|
240
|
+
- `multi-cloud-architecture` - For architecture decisions
|
|
241
|
+
- `terraform-module-library` - For IaC implementation
|