@waensaran/antigravity-skills 1.0.0

package/skills/github-actions-templates/SKILL.md

@@ -0,0 +1,345 @@
+---
+name: github-actions-templates
+description: Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.
+---
+
+# GitHub Actions Templates
+
+Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
+
+## Do not use this skill when
+
+- The task is unrelated to github actions templates
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+## Purpose
+
+Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.
+
+## Use this skill when
+
+- Automate testing and deployment
+- Build Docker images and push to registries
+- Deploy to Kubernetes clusters
+- Run security scans
+- Implement matrix builds for multiple environments
+
+## Common Workflow Patterns
+
+### Pattern 1: Test Workflow
+
+```yaml
+name: Test
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Run linter
+      run: npm run lint
+
+    - name: Run tests
+      run: npm test
+
+    - name: Upload coverage
+      uses: codecov/codecov-action@v3
+      with:
+        files: ./coverage/lcov.info
+```
+
+**Reference:** See `assets/test-workflow.yml`
+
+### Pattern 2: Build and Push Docker Image
+
+```yaml
+name: Build and Push
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+
+    - name: Build and push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+```
+
+**Reference:** See `assets/deploy-workflow.yml`
+
+### Pattern 3: Deploy to Kubernetes
+
+```yaml
+name: Deploy to Kubernetes
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-west-2
+
+    - name: Update kubeconfig
+      run: |
+        aws eks update-kubeconfig --name production-cluster --region us-west-2
+
+    - name: Deploy to Kubernetes
+      run: |
+        kubectl apply -f k8s/
+        kubectl rollout status deployment/my-app -n production
+        kubectl get services -n production
+
+    - name: Verify deployment
+      run: |
+        kubectl get pods -n production
+        kubectl describe deployment my-app -n production
+```
+
+### Pattern 4: Matrix Build
+
+```yaml
+name: Matrix Build
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+
+    - name: Run tests
+      run: pytest
+```
+
+**Reference:** See `assets/matrix-build.yml`
+
+## Workflow Best Practices
+
+1. **Use specific action versions** (@v4, not @latest)
+2. **Cache dependencies** to speed up builds
+3. **Use secrets** for sensitive data
+4. **Implement status checks** on PRs
+5. **Use matrix builds** for multi-version testing
+6. **Set appropriate permissions**
+7. **Use reusable workflows** for common patterns
+8. **Implement approval gates** for production
+9. **Add notification steps** for failures
+10. **Use self-hosted runners** for sensitive workloads
+
+## Reusable Workflows
+
+```yaml
+# .github/workflows/reusable-test.yml
+name: Reusable Test Workflow
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        required: true
+        type: string
+    secrets:
+      NPM_TOKEN:
+        required: true
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+    - run: npm ci
+    - run: npm test
+```
+
+**Use reusable workflow:**
+```yaml
+jobs:
+  call-test:
+    uses: ./.github/workflows/reusable-test.yml
+    with:
+      node-version: '20.x'
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+```
+
+## Security Scanning
+
+```yaml
+name: Security Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy results to GitHub Security
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: 'trivy-results.sarif'
+
+    - name: Run Snyk Security Scan
+      uses: snyk/actions/node@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+```
+
+## Deployment with Approvals
+
+```yaml
+name: Deploy to Production
+
+on:
+  push:
+    tags: [ 'v*' ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+      url: https://app.example.com
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Deploy application
+      run: |
+        echo "Deploying to production..."
+        # Deployment commands here
+
+    - name: Notify Slack
+      if: success()
+      uses: slackapi/slack-github-action@v1
+      with:
+        webhook-url: ${{ secrets.SLACK_WEBHOOK }}
+        payload: |
+          {
+            "text": "Deployment to production completed successfully!"
+          }
+```
+
+## Reference Files
+
+- `assets/test-workflow.yml` - Testing workflow template
+- `assets/deploy-workflow.yml` - Deployment workflow template
+- `assets/matrix-build.yml` - Matrix build template
+- `references/common-workflows.md` - Common workflow patterns
+
+## Related Skills
+
+- `gitlab-ci-patterns` - For GitLab CI workflows
+- `deployment-pipeline-design` - For pipeline architecture
+- `secrets-management` - For secrets handling

package/skills/gitlab-ci-patterns/SKILL.md

@@ -0,0 +1,283 @@
+---
+name: gitlab-ci-patterns
+description: Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment.
+---
+
+# GitLab CI Patterns
+
+Comprehensive GitLab CI/CD pipeline patterns for automated testing, building, and deployment.
+
+## Do not use this skill when
+
+- The task is unrelated to gitlab ci patterns
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+## Purpose
+
+Create efficient GitLab CI pipelines with proper stage organization, caching, and deployment strategies.
+
+## Use this skill when
+
+- Automate GitLab-based CI/CD
+- Implement multi-stage pipelines
+- Configure GitLab Runners
+- Deploy to Kubernetes from GitLab
+- Implement GitOps workflows
+
+## Basic Pipeline Structure
+
+```yaml
+stages:
+  - build
+  - test
+  - deploy
+
+variables:
+  DOCKER_DRIVER: overlay2
+  DOCKER_TLS_CERTDIR: "/certs"
+
+build:
+  stage: build
+  image: node:20
+  script:
+    - npm ci
+    - npm run build
+  artifacts:
+    paths:
+      - dist/
+    expire_in: 1 hour
+  cache:
+    key: ${CI_COMMIT_REF_SLUG}
+    paths:
+      - node_modules/
+
+test:
+  stage: test
+  image: node:20
+  script:
+    - npm ci
+    - npm run lint
+    - npm test
+  coverage: '/Lines\s*:\s*(\d+\.\d+)%/'
+  artifacts:
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage/cobertura-coverage.xml
+
+deploy:
+  stage: deploy
+  image: bitnami/kubectl:latest
+  script:
+    - kubectl apply -f k8s/
+    - kubectl rollout status deployment/my-app
+  only:
+    - main
+  environment:
+    name: production
+    url: https://app.example.com
+```
+
+## Docker Build and Push
+
+```yaml
+build-docker:
+  stage: build
+  image: docker:24
+  services:
+    - docker:24-dind
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
+    - docker build -t $CI_REGISTRY_IMAGE:latest .
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - docker push $CI_REGISTRY_IMAGE:latest
+  only:
+    - main
+    - tags
+```
+
+## Multi-Environment Deployment
+
+```yaml
+.deploy_template: &deploy_template
+  image: bitnami/kubectl:latest
+  before_script:
+    - kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
+    - kubectl config set-credentials admin --token="$KUBE_TOKEN"
+    - kubectl config set-context default --cluster=k8s --user=admin
+    - kubectl config use-context default
+
+deploy:staging:
+  <<: *deploy_template
+  stage: deploy
+  script:
+    - kubectl apply -f k8s/ -n staging
+    - kubectl rollout status deployment/my-app -n staging
+  environment:
+    name: staging
+    url: https://staging.example.com
+  only:
+    - develop
+
+deploy:production:
+  <<: *deploy_template
+  stage: deploy
+  script:
+    - kubectl apply -f k8s/ -n production
+    - kubectl rollout status deployment/my-app -n production
+  environment:
+    name: production
+    url: https://app.example.com
+  when: manual
+  only:
+    - main
+```
+
+## Terraform Pipeline
+
+```yaml
+stages:
+  - validate
+  - plan
+  - apply
+
+variables:
+  TF_ROOT: ${CI_PROJECT_DIR}/terraform
+  TF_VERSION: "1.6.0"
+
+before_script:
+  - cd ${TF_ROOT}
+  - terraform --version
+
+validate:
+  stage: validate
+  image: hashicorp/terraform:${TF_VERSION}
+  script:
+    - terraform init -backend=false
+    - terraform validate
+    - terraform fmt -check
+
+plan:
+  stage: plan
+  image: hashicorp/terraform:${TF_VERSION}
+  script:
+    - terraform init
+    - terraform plan -out=tfplan
+  artifacts:
+    paths:
+      - ${TF_ROOT}/tfplan
+    expire_in: 1 day
+
+apply:
+  stage: apply
+  image: hashicorp/terraform:${TF_VERSION}
+  script:
+    - terraform init
+    - terraform apply -auto-approve tfplan
+  dependencies:
+    - plan
+  when: manual
+  only:
+    - main
+```
+
+## Security Scanning
+
+```yaml
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Container-Scanning.gitlab-ci.yml
+
+trivy-scan:
+  stage: test
+  image: aquasec/trivy:latest
+  script:
+    - trivy image --exit-code 1 --severity HIGH,CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+  allow_failure: true
+```
+
+## Caching Strategies
+
+```yaml
+# Cache node_modules
+build:
+  cache:
+    key: ${CI_COMMIT_REF_SLUG}
+    paths:
+      - node_modules/
+    policy: pull-push
+
+# Global cache
+cache:
+  key: ${CI_COMMIT_REF_SLUG}
+  paths:
+    - .cache/
+    - vendor/
+
+# Separate cache per job
+job1:
+  cache:
+    key: job1-cache
+    paths:
+      - build/
+
+job2:
+  cache:
+    key: job2-cache
+    paths:
+      - dist/
+```
+
+## Dynamic Child Pipelines
+
+```yaml
+generate-pipeline:
+  stage: build
+  script:
+    - python generate_pipeline.py > child-pipeline.yml
+  artifacts:
+    paths:
+      - child-pipeline.yml
+
+trigger-child:
+  stage: deploy
+  trigger:
+    include:
+      - artifact: child-pipeline.yml
+        job: generate-pipeline
+    strategy: depend
+```
+
+## Reference Files
+
+- `assets/gitlab-ci.yml.template` - Complete pipeline template
+- `references/pipeline-stages.md` - Stage organization patterns
+
+## Best Practices
+
+1. **Use specific image tags** (node:20, not node:latest)
+2. **Cache dependencies** appropriately
+3. **Use artifacts** for build outputs
+4. **Implement manual gates** for production
+5. **Use environments** for deployment tracking
+6. **Enable merge request pipelines**
+7. **Use pipeline schedules** for recurring jobs
+8. **Implement security scanning**
+9. **Use CI/CD variables** for secrets
+10. **Monitor pipeline performance**
+
+## Related Skills
+
+- `github-actions-templates` - For GitHub Actions
+- `deployment-pipeline-design` - For architecture
+- `secrets-management` - For secrets handling