ai-playbook 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +146 -0
- package/agents/README.md +168 -0
- package/agents/SKILL.md +633 -0
- package/agents/architect/AGENT.md +44 -0
- package/agents/architect/README.md +5 -0
- package/agents/coder/AGENT.md +43 -0
- package/agents/coder/README.md +5 -0
- package/agents/debugger/AGENT.md +42 -0
- package/agents/debugger/README.md +6 -0
- package/agents/devops/AGENT.md +43 -0
- package/agents/devops/README.md +5 -0
- package/agents/documentation/AGENT.md +45 -0
- package/agents/documentation/README.md +5 -0
- package/agents/examples.md +550 -0
- package/agents/performance/AGENT.md +45 -0
- package/agents/performance/README.md +6 -0
- package/agents/planner/AGENT.md +44 -0
- package/agents/planner/README.md +6 -0
- package/agents/product-owner/AGENT.md +46 -0
- package/agents/product-owner/README.md +6 -0
- package/agents/refactorer/AGENT.md +44 -0
- package/agents/refactorer/README.md +6 -0
- package/agents/release-manager/AGENT.md +45 -0
- package/agents/release-manager/README.md +6 -0
- package/agents/researcher/AGENT.md +44 -0
- package/agents/researcher/README.md +6 -0
- package/agents/reviewer/AGENT.md +43 -0
- package/agents/reviewer/README.md +6 -0
- package/agents/security/AGENT.md +46 -0
- package/agents/security/README.md +6 -0
- package/agents/support/AGENT.md +45 -0
- package/agents/support/README.md +6 -0
- package/agents/tester/AGENT.md +46 -0
- package/agents/tester/README.md +5 -0
- package/bin/cli.js +186 -0
- package/commands/README.md +266 -0
- package/commands/build.md +135 -0
- package/commands/clean.md +126 -0
- package/commands/deploy-prod.md +171 -0
- package/commands/deploy-staging.md +147 -0
- package/commands/deps.md +169 -0
- package/commands/dev.md +132 -0
- package/commands/format.md +142 -0
- package/commands/lint.md +125 -0
- package/commands/migrate.md +159 -0
- package/commands/release.md +183 -0
- package/commands/rollback.md +152 -0
- package/commands/seed.md +178 -0
- package/commands/setup.md +109 -0
- package/commands/test.md +134 -0
- package/commands/validate.md +147 -0
- package/context/README.md +7 -0
- package/context/aem.md +47 -0
- package/context/architecture.md +51 -0
- package/context/bullminder.md +57 -0
- package/context/coding-style.md +42 -0
- package/context/communication.md +53 -0
- package/context/company.md +46 -0
- package/context/engineering.md +63 -0
- package/context/project-template.md +71 -0
- package/context/trading.md +52 -0
- package/hooks/README.md +326 -0
- package/hooks/code-review/README.md +6 -0
- package/hooks/code-review/check-coverage.md +101 -0
- package/hooks/custom/README.md +6 -0
- package/hooks/custom/project-specific-hooks.md +273 -0
- package/hooks/deployment/README.md +6 -0
- package/hooks/deployment/health-check.md +102 -0
- package/hooks/deployment/pre-deploy-check.md +84 -0
- package/hooks/documentation/README.md +6 -0
- package/hooks/documentation/update-changelog.md +146 -0
- package/hooks/post-task/README.md +5 -0
- package/hooks/post-task/run-tests.md +61 -0
- package/hooks/pre-commit/README.md +6 -0
- package/hooks/pre-commit/format.md +63 -0
- package/hooks/pre-commit/lint.md +62 -0
- package/hooks/pre-commit/type-check.md +78 -0
- package/hooks/pre-task/README.md +6 -0
- package/hooks/pre-task/check-branch.md +48 -0
- package/hooks/pre-task/validate-environment.md +48 -0
- package/hooks/security-check/README.md +6 -0
- package/hooks/security-check/dependency-audit.md +85 -0
- package/hooks/security-check/secrets-scan.md +77 -0
- package/hooks/test-before-finish/README.md +6 -0
- package/hooks/test-before-finish/run-all-tests.md +128 -0
- package/index.js +69 -0
- package/knowledge/README.md +33 -0
- package/knowledge/ai-agents.md +74 -0
- package/knowledge/decision-making.md +73 -0
- package/knowledge/documentation.md +67 -0
- package/knowledge/engineering-principles.md +65 -0
- package/knowledge/product-discovery.md +68 -0
- package/knowledge/security-privacy.md +54 -0
- package/knowledge/testing-quality.md +63 -0
- package/package.json +63 -0
- package/patterns/README.md +7 -0
- package/prompts/README.md +208 -0
- package/prompts/architect/README.md +96 -0
- package/prompts/architect/design-system.md +140 -0
- package/prompts/debugger/README.md +96 -0
- package/prompts/debugger/diagnose-issue.md +141 -0
- package/prompts/developer/README.md +129 -0
- package/prompts/developer/fix-bug.md +136 -0
- package/prompts/developer/implement-feature.md +133 -0
- package/prompts/product-owner/README.md +116 -0
- package/prompts/product-owner/define-feature.md +145 -0
- package/prompts/reviewer/README.md +91 -0
- package/prompts/reviewer/code-review.md +129 -0
- package/prompts/support/README.md +154 -0
- package/prompts/support/resolve-issue.md +124 -0
- package/roles/README.md +6 -0
- package/roles/design-architect/README.md +98 -0
- package/roles/design-architect/accessibility/README.md +33 -0
- package/roles/design-architect/accessibility/checklists.md +29 -0
- package/roles/design-architect/accessibility/examples.md +35 -0
- package/roles/design-architect/checklists.md +76 -0
- package/roles/design-architect/component-library/README.md +35 -0
- package/roles/design-architect/component-library/checklists.md +29 -0
- package/roles/design-architect/component-library/examples.md +35 -0
- package/roles/design-architect/design-system/README.md +35 -0
- package/roles/design-architect/design-system/checklists.md +27 -0
- package/roles/design-architect/design-system/examples.md +41 -0
- package/roles/design-architect/examples/README.md +31 -0
- package/roles/design-architect/examples/checklists.md +26 -0
- package/roles/design-architect/examples/examples.md +46 -0
- package/roles/design-architect/examples.md +90 -0
- package/roles/design-architect/figma/README.md +33 -0
- package/roles/design-architect/figma/checklists.md +27 -0
- package/roles/design-architect/figma/examples.md +38 -0
- package/roles/design-architect/responsibilities.md +73 -0
- package/roles/design-architect/responsive/README.md +34 -0
- package/roles/design-architect/responsive/checklists.md +26 -0
- package/roles/design-architect/responsive/examples.md +39 -0
- package/roles/design-architect/role.md +129 -0
- package/roles/design-architect/skill-map.md +42 -0
- package/roles/design-architect/triggers.md +110 -0
- package/roles/design-architect/ui/README.md +36 -0
- package/roles/design-architect/ui/checklists.md +29 -0
- package/roles/design-architect/ui/examples.md +28 -0
- package/roles/design-architect/usability/README.md +34 -0
- package/roles/design-architect/usability/checklists.md +28 -0
- package/roles/design-architect/usability/examples.md +31 -0
- package/roles/design-architect/ux/README.md +36 -0
- package/roles/design-architect/ux/checklists.md +28 -0
- package/roles/design-architect/ux/examples.md +37 -0
- package/roles/design-architect/wireframes/README.md +34 -0
- package/roles/design-architect/wireframes/checklists.md +25 -0
- package/roles/design-architect/wireframes/examples.md +32 -0
- package/roles/design-architect/workflow.md +80 -0
- package/roles/devops/README.md +101 -0
- package/roles/devops/ansible/README.md +6 -0
- package/roles/devops/checklists.md +413 -0
- package/roles/devops/ci-cd/README.md +169 -0
- package/roles/devops/ci-cd/checklists.md +289 -0
- package/roles/devops/ci-cd/examples.md +429 -0
- package/roles/devops/cloud-platforms/README.md +109 -0
- package/roles/devops/cost-optimization/README.md +131 -0
- package/roles/devops/disaster-recovery/README.md +118 -0
- package/roles/devops/docker/README.md +6 -0
- package/roles/devops/examples/README.md +6 -0
- package/roles/devops/examples.md +775 -0
- package/roles/devops/github-actions/README.md +6 -0
- package/roles/devops/helm/README.md +6 -0
- package/roles/devops/infrastructure-as-code/README.md +160 -0
- package/roles/devops/infrastructure-as-code/checklists.md +124 -0
- package/roles/devops/jenkins/README.md +6 -0
- package/roles/devops/kubernetes/README.md +150 -0
- package/roles/devops/kubernetes/checklists.md +192 -0
- package/roles/devops/kubernetes/examples.md +189 -0
- package/roles/devops/monitoring/README.md +93 -0
- package/roles/devops/networking/README.md +83 -0
- package/roles/devops/performance/README.md +104 -0
- package/roles/devops/responsibilities.md +95 -0
- package/roles/devops/role.md +130 -0
- package/roles/devops/security/README.md +126 -0
- package/roles/devops/skill-map.md +162 -0
- package/roles/devops/terraform/README.md +6 -0
- package/roles/devops/triggers.md +241 -0
- package/roles/devops/workflow.md +197 -0
- package/roles/qa/README.md +16 -0
- package/roles/qa/api-testing/README.md +6 -0
- package/roles/qa/automation/README.md +6 -0
- package/roles/qa/checklists.md +24 -0
- package/roles/qa/examples/README.md +6 -0
- package/roles/qa/examples.md +27 -0
- package/roles/qa/performance/README.md +6 -0
- package/roles/qa/playwright/README.md +6 -0
- package/roles/qa/responsibilities.md +16 -0
- package/roles/qa/role.md +47 -0
- package/roles/qa/selenium/README.md +6 -0
- package/roles/qa/skill-map.md +14 -0
- package/roles/qa/triggers.md +10 -0
- package/roles/qa/workflow.md +9 -0
- package/roles/software-architect/README.md +16 -0
- package/roles/software-architect/agents/README.md +6 -0
- package/roles/software-architect/ai-architecture/README.md +6 -0
- package/roles/software-architect/aws/README.md +6 -0
- package/roles/software-architect/azure/README.md +6 -0
- package/roles/software-architect/caching/README.md +6 -0
- package/roles/software-architect/checklists.md +25 -0
- package/roles/software-architect/cloud/README.md +6 -0
- package/roles/software-architect/database-design/README.md +6 -0
- package/roles/software-architect/diagrams/README.md +6 -0
- package/roles/software-architect/distributed-systems/README.md +7 -0
- package/roles/software-architect/docker/README.md +6 -0
- package/roles/software-architect/event-driven/README.md +7 -0
- package/roles/software-architect/examples/README.md +6 -0
- package/roles/software-architect/examples.md +22 -0
- package/roles/software-architect/gcp/README.md +6 -0
- package/roles/software-architect/kubernetes/README.md +6 -0
- package/roles/software-architect/messaging/README.md +6 -0
- package/roles/software-architect/rag/README.md +7 -0
- package/roles/software-architect/responsibilities.md +17 -0
- package/roles/software-architect/role.md +46 -0
- package/roles/software-architect/scalability/README.md +6 -0
- package/roles/software-architect/security/README.md +6 -0
- package/roles/software-architect/skill-map.md +15 -0
- package/roles/software-architect/system-design/README.md +6 -0
- package/roles/software-architect/triggers.md +10 -0
- package/roles/software-architect/vector-db/README.md +6 -0
- package/roles/software-architect/workflow.md +9 -0
- package/roles/software-developer/README.md +116 -0
- package/roles/software-developer/api/README.md +365 -0
- package/roles/software-developer/api/checklist.md +131 -0
- package/roles/software-developer/api/examples.md +459 -0
- package/roles/software-developer/authentication/README.md +26 -0
- package/roles/software-developer/authentication/checklists.md +22 -0
- package/roles/software-developer/authentication/examples.md +32 -0
- package/roles/software-developer/authorization/README.md +26 -0
- package/roles/software-developer/authorization/checklists.md +21 -0
- package/roles/software-developer/authorization/examples.md +27 -0
- package/roles/software-developer/backend/README.md +26 -0
- package/roles/software-developer/backend/checklists.md +21 -0
- package/roles/software-developer/backend/examples.md +21 -0
- package/roles/software-developer/cache/README.md +25 -0
- package/roles/software-developer/cache/checklists.md +21 -0
- package/roles/software-developer/cache/examples.md +22 -0
- package/roles/software-developer/checklists.md +122 -0
- package/roles/software-developer/code-review/README.md +23 -0
- package/roles/software-developer/code-review/checklists.md +22 -0
- package/roles/software-developer/code-review/examples.md +20 -0
- package/roles/software-developer/database/README.md +27 -0
- package/roles/software-developer/database/checklists.md +21 -0
- package/roles/software-developer/database/examples.md +27 -0
- package/roles/software-developer/debugging/README.md +24 -0
- package/roles/software-developer/debugging/checklists.md +20 -0
- package/roles/software-developer/debugging/examples.md +28 -0
- package/roles/software-developer/examples/README.md +22 -0
- package/roles/software-developer/examples/checklists.md +8 -0
- package/roles/software-developer/examples/examples.md +25 -0
- package/roles/software-developer/examples.md +378 -0
- package/roles/software-developer/frontend/README.md +76 -0
- package/roles/software-developer/frontend/accessibility/README.md +136 -0
- package/roles/software-developer/frontend/accessibility/best-practices.md +368 -0
- package/roles/software-developer/frontend/code-quality/README.md +136 -0
- package/roles/software-developer/frontend/code-quality/best-practices.md +309 -0
- package/roles/software-developer/frontend/components/README.md +65 -0
- package/roles/software-developer/frontend/components/best-practices.md +273 -0
- package/roles/software-developer/frontend/debugging/README.md +149 -0
- package/roles/software-developer/frontend/debugging/best-practices.md +329 -0
- package/roles/software-developer/frontend/examples/README.md +19 -0
- package/roles/software-developer/frontend/examples/checklists.md +8 -0
- package/roles/software-developer/frontend/examples/examples.md +17 -0
- package/roles/software-developer/frontend/logging-observability/README.md +196 -0
- package/roles/software-developer/frontend/logging-observability/best-practices.md +430 -0
- package/roles/software-developer/frontend/performance/README.md +99 -0
- package/roles/software-developer/frontend/performance/best-practices.md +350 -0
- package/roles/software-developer/frontend/state-management/README.md +85 -0
- package/roles/software-developer/frontend/state-management/best-practices.md +344 -0
- package/roles/software-developer/frontend/testing/README.md +114 -0
- package/roles/software-developer/frontend/testing/best-practices.md +272 -0
- package/roles/software-developer/fullstack/README.md +25 -0
- package/roles/software-developer/fullstack/checklists.md +19 -0
- package/roles/software-developer/fullstack/examples.md +14 -0
- package/roles/software-developer/graphql/README.md +24 -0
- package/roles/software-developer/graphql/checklists.md +20 -0
- package/roles/software-developer/graphql/examples.md +24 -0
- package/roles/software-developer/integration-tests/README.md +25 -0
- package/roles/software-developer/integration-tests/checklists.md +20 -0
- package/roles/software-developer/integration-tests/examples.md +18 -0
- package/roles/software-developer/java/README.md +24 -0
- package/roles/software-developer/java/checklists.md +16 -0
- package/roles/software-developer/java/examples.md +22 -0
- package/roles/software-developer/javascript/README.md +24 -0
- package/roles/software-developer/javascript/checklists.md +15 -0
- package/roles/software-developer/javascript/examples.md +18 -0
- package/roles/software-developer/logging/README.md +105 -0
- package/roles/software-developer/logging/checklists.md +48 -0
- package/roles/software-developer/logging/examples.md +135 -0
- package/roles/software-developer/messaging/README.md +24 -0
- package/roles/software-developer/messaging/checklists.md +21 -0
- package/roles/software-developer/messaging/examples.md +26 -0
- package/roles/software-developer/microservices/README.md +25 -0
- package/roles/software-developer/microservices/checklists.md +21 -0
- package/roles/software-developer/microservices/examples.md +21 -0
- package/roles/software-developer/node/README.md +25 -0
- package/roles/software-developer/node/checklists.md +15 -0
- package/roles/software-developer/node/examples.md +15 -0
- package/roles/software-developer/nosql/README.md +24 -0
- package/roles/software-developer/nosql/checklists.md +21 -0
- package/roles/software-developer/nosql/examples.md +20 -0
- package/roles/software-developer/observability/README.md +25 -0
- package/roles/software-developer/observability/checklists.md +21 -0
- package/roles/software-developer/observability/examples.md +22 -0
- package/roles/software-developer/performance/README.md +26 -0
- package/roles/software-developer/performance/checklists.md +20 -0
- package/roles/software-developer/performance/examples.md +20 -0
- package/roles/software-developer/python/README.md +25 -0
- package/roles/software-developer/python/checklists.md +15 -0
- package/roles/software-developer/python/examples.md +17 -0
- package/roles/software-developer/react/README.md +24 -0
- package/roles/software-developer/react/checklists.md +15 -0
- package/roles/software-developer/react/examples.md +22 -0
- package/roles/software-developer/refactoring/README.md +23 -0
- package/roles/software-developer/refactoring/checklists.md +21 -0
- package/roles/software-developer/refactoring/examples.md +11 -0
- package/roles/software-developer/responsibilities.md +58 -0
- package/roles/software-developer/role.md +127 -0
- package/roles/software-developer/skill-map.md +88 -0
- package/roles/software-developer/springboot/README.md +25 -0
- package/roles/software-developer/springboot/checklists.md +15 -0
- package/roles/software-developer/springboot/examples.md +21 -0
- package/roles/software-developer/sql/README.md +24 -0
- package/roles/software-developer/sql/checklists.md +22 -0
- package/roles/software-developer/sql/examples.md +20 -0
- package/roles/software-developer/testing/README.md +25 -0
- package/roles/software-developer/testing/checklists.md +21 -0
- package/roles/software-developer/testing/examples.md +19 -0
- package/roles/software-developer/triggers.md +550 -0
- package/roles/software-developer/typescript/README.md +25 -0
- package/roles/software-developer/typescript/checklists.md +15 -0
- package/roles/software-developer/typescript/examples.md +18 -0
- package/roles/software-developer/unit-tests/README.md +24 -0
- package/roles/software-developer/unit-tests/checklists.md +19 -0
- package/roles/software-developer/unit-tests/examples.md +22 -0
- package/roles/software-developer/workflow.md +196 -0
- package/roles/sre/README.md +16 -0
- package/roles/sre/alerts/README.md +6 -0
- package/roles/sre/availability/README.md +6 -0
- package/roles/sre/chaos/README.md +6 -0
- package/roles/sre/checklists.md +24 -0
- package/roles/sre/examples/README.md +6 -0
- package/roles/sre/examples.md +19 -0
- package/roles/sre/observability/README.md +6 -0
- package/roles/sre/reliability/README.md +6 -0
- package/roles/sre/responsibilities.md +16 -0
- package/roles/sre/role.md +46 -0
- package/roles/sre/skill-map.md +14 -0
- package/roles/sre/slos/README.md +6 -0
- package/roles/sre/triggers.md +10 -0
- package/roles/sre/workflow.md +9 -0
- package/roles/support-engineer/README.md +16 -0
- package/roles/support-engineer/checklists.md +24 -0
- package/roles/support-engineer/datadog/README.md +6 -0
- package/roles/support-engineer/examples/README.md +6 -0
- package/roles/support-engineer/examples.md +17 -0
- package/roles/support-engineer/incident-response/README.md +6 -0
- package/roles/support-engineer/kubernetes/README.md +6 -0
- package/roles/support-engineer/linux/README.md +6 -0
- package/roles/support-engineer/logs/README.md +6 -0
- package/roles/support-engineer/monitoring/README.md +6 -0
- package/roles/support-engineer/networking/README.md +6 -0
- package/roles/support-engineer/newrelic/README.md +6 -0
- package/roles/support-engineer/postmortem/README.md +6 -0
- package/roles/support-engineer/production/README.md +6 -0
- package/roles/support-engineer/responsibilities.md +16 -0
- package/roles/support-engineer/role.md +47 -0
- package/roles/support-engineer/root-cause-analysis/README.md +6 -0
- package/roles/support-engineer/runbooks/README.md +6 -0
- package/roles/support-engineer/skill-map.md +14 -0
- package/roles/support-engineer/splunk/README.md +6 -0
- package/roles/support-engineer/triggers.md +10 -0
- package/roles/support-engineer/troubleshooting/README.md +6 -0
- package/roles/support-engineer/workflow.md +9 -0
- package/setup.sh +204 -0
- package/skills/.claude/README.md +7 -0
- package/skills/README.md +21 -0
- package/skills/ai-agents/README.md +207 -0
- package/skills/ai-agents/examples.md +335 -0
- package/skills/ai-agents/skill.md +392 -0
- package/skills/architecture/README.md +198 -0
- package/skills/architecture/examples.md +316 -0
- package/skills/architecture/skill.md +189 -0
- package/skills/design-architecture/README.md +107 -0
- package/skills/design-architecture/examples.md +84 -0
- package/skills/design-architecture/skill.md +192 -0
- package/skills/devops/README.md +177 -0
- package/skills/devops/examples.md +376 -0
- package/skills/devops/skill.md +210 -0
- package/skills/documentation/README.md +182 -0
- package/skills/documentation/examples.md +364 -0
- package/skills/documentation/skill.md +200 -0
- package/skills/performance/README.md +177 -0
- package/skills/performance/examples.md +376 -0
- package/skills/performance/skill.md +199 -0
- package/skills/qa/README.md +106 -0
- package/skills/qa/examples.md +84 -0
- package/skills/qa/skill.md +384 -0
- package/skills/security/README.md +108 -0
- package/skills/security/examples.md +85 -0
- package/skills/security/skill.md +223 -0
- package/skills/software-development/README.md +239 -0
- package/skills/software-development/assessment.md +0 -0
- package/skills/software-development/checklists.md +0 -0
- package/skills/software-development/examples.md +375 -0
- package/skills/software-development/prompts.md +0 -0
- package/skills/software-development/skill.md +390 -0
- package/skills/software-development/templates/README.md +7 -0
- package/skills/software-development/templates/api-development.md +0 -0
- package/skills/software-development/templates/bug-fix.md +0 -0
- package/skills/software-development/templates/code-review.md +0 -0
- package/skills/software-development/templates/feature-implementation.md +0 -0
- package/skills/software-development/templates/llm-integration.md +0 -0
- package/skills/software-development/templates/performance-review.md +0 -0
- package/skills/software-development/templates/security-review.md +0 -0
- package/skills/software-development/templates/test-generation.md +0 -0
- package/skills/software-development/tools.md +0 -0
- package/skills/software-development/workflows.md +0 -0
- package/skills/sre/README.md +107 -0
- package/skills/sre/examples.md +379 -0
- package/skills/sre/skill.md +256 -0
- package/skills/support-engineering/README.md +107 -0
- package/skills/support-engineering/examples.md +85 -0
- package/skills/support-engineering/skill.md +103 -0
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
# DevOps Engineer Role
|
|
2
|
+
|
|
3
|
+
This packet defines how an AI-supported DevOps engineer should plan, design, implement,
|
|
4
|
+
test, and operate production infrastructure. It covers cloud platforms, Kubernetes,
|
|
5
|
+
CI/CD pipelines, monitoring, security, and operational automation.
|
|
6
|
+
|
|
7
|
+
## Contract
|
|
8
|
+
|
|
9
|
+
Use this role when the work involves:
|
|
10
|
+
|
|
11
|
+
- Designing or modifying cloud infrastructure (AWS, GCP, Azure, etc.).
|
|
12
|
+
- Building or improving CI/CD pipelines and deployment automation.
|
|
13
|
+
- Implementing or managing Kubernetes clusters and containerized workloads.
|
|
14
|
+
- Setting up monitoring, logging, alerting, and observability systems.
|
|
15
|
+
- Configuring networking, security groups, firewalls, and access controls.
|
|
16
|
+
- Implementing disaster recovery, high availability, and backup strategies.
|
|
17
|
+
- Troubleshooting production incidents and performing root cause analysis.
|
|
18
|
+
- Optimizing infrastructure costs and resource utilization.
|
|
19
|
+
- Automating operational tasks and runbooks.
|
|
20
|
+
- Reviewing infrastructure for reliability, security, and efficiency.
|
|
21
|
+
|
|
22
|
+
The role must always preserve these priorities:
|
|
23
|
+
|
|
24
|
+
1. Reliability.
|
|
25
|
+
2. Security.
|
|
26
|
+
3. Observability.
|
|
27
|
+
4. Simplicity.
|
|
28
|
+
5. Efficiency.
|
|
29
|
+
6. Automation.
|
|
30
|
+
7. Clear communication.
|
|
31
|
+
|
|
32
|
+
## Files
|
|
33
|
+
|
|
34
|
+
| File or folder | Meaning |
|
|
35
|
+
| --- | --- |
|
|
36
|
+
| `role.md` | Core behavior, mindset, constraints, and success criteria. |
|
|
37
|
+
| `responsibilities.md` | Detailed ownership areas for infrastructure, deployment, and operations. |
|
|
38
|
+
| `workflow.md` | Canonical lifecycle from requirement through production operation. |
|
|
39
|
+
| `triggers.md` | Situations that activate this role and the immediate response pattern. |
|
|
40
|
+
| `skill-map.md` | Skills to load or reference for common DevOps work. |
|
|
41
|
+
| `checklists.md` | Reusable delivery checklist for infrastructure, deployment, and operational work. |
|
|
42
|
+
| `examples.md` | Infrastructure-as-code and workflow examples demonstrating expected quality. |
|
|
43
|
+
| `ci-cd/` | CI/CD pipeline design, GitHub Actions, Jenkins, GitLab CI, and deployment automation. |
|
|
44
|
+
| `kubernetes/` | Kubernetes deployment, scaling, networking, storage, security, and troubleshooting. |
|
|
45
|
+
| `cloud-platforms/` | AWS, GCP, and Azure infrastructure design and service guidance. |
|
|
46
|
+
| `monitoring/` | Observability stack (Prometheus, Grafana, ELK), metrics, logging, and alerting. |
|
|
47
|
+
| `security/` | Infrastructure security, hardening, compliance, secrets management, and access control. |
|
|
48
|
+
| `networking/` | VPCs, subnets, load balancing, DNS, CDN, and network security. |
|
|
49
|
+
| `infrastructure-as-code/` | Terraform, CloudFormation, Helm, and IaC best practices. |
|
|
50
|
+
| `disaster-recovery/` | Backup strategies, disaster recovery plans, and business continuity. |
|
|
51
|
+
| `performance/` | Infrastructure performance tuning, capacity planning, and scaling strategies. |
|
|
52
|
+
| `cost-optimization/` | Cloud cost management, resource optimization, and billing analysis. |
|
|
53
|
+
|
|
54
|
+
## Loading Order
|
|
55
|
+
|
|
56
|
+
When applying this role, load files in this order:
|
|
57
|
+
|
|
58
|
+
1. `role.md` to establish behavior and constraints.
|
|
59
|
+
2. `triggers.md` if the request type is ambiguous.
|
|
60
|
+
3. `workflow.md` for the lifecycle stage.
|
|
61
|
+
4. `skill-map.md` to select supporting skills.
|
|
62
|
+
5. `checklists.md` for execution gates.
|
|
63
|
+
6. Topic folders such as `ci-cd/`, `kubernetes/`, `cloud-platforms/`, `monitoring/`, `security/`, or `infrastructure-as-code/` when the task touches that area.
|
|
64
|
+
7. `examples.md` when implementation style or infrastructure patterns need concrete reference.
|
|
65
|
+
|
|
66
|
+
For project work, also load `context/engineering.md` and the relevant
|
|
67
|
+
`projects/<project>/context.md` file when it exists.
|
|
68
|
+
|
|
69
|
+
## Topic Folders
|
|
70
|
+
|
|
71
|
+
Each topic folder follows the same mini-packet shape:
|
|
72
|
+
|
|
73
|
+
- `README.md` explains scope, standards, and related folders.
|
|
74
|
+
- `checklists.md` lists design, implementation, and verification gates.
|
|
75
|
+
- `examples.md` provides starter examples or templates.
|
|
76
|
+
|
|
77
|
+
Load only the topic packets that match the current task. For example, a Kubernetes
|
|
78
|
+
deployment might load `kubernetes/`, `monitoring/`, `security/`, and `infrastructure-as-code/`;
|
|
79
|
+
a CI/CD pipeline implementation might load `ci-cd/`, `infrastructure-as-code/`, `security/`,
|
|
80
|
+
and `monitoring/`.
|
|
81
|
+
|
|
82
|
+
## Completion Standard
|
|
83
|
+
|
|
84
|
+
A DevOps/infrastructure task is complete only when:
|
|
85
|
+
|
|
86
|
+
- The infrastructure meets or exceeds target SLOs (availability, latency, recovery time).
|
|
87
|
+
- The design adheres to security best practices and compliance requirements.
|
|
88
|
+
- Infrastructure-as-code is implemented for reproducibility and auditability.
|
|
89
|
+
- Monitoring, logging, and alerting are configured appropriately.
|
|
90
|
+
- The change fits the existing infrastructure architecture and local conventions.
|
|
91
|
+
- Disaster recovery and business continuity plans are in place and documented.
|
|
92
|
+
- Documentation or runbooks are updated when infrastructure, deployment, or operations change.
|
|
93
|
+
- The final response states what changed, what was verified, and operational guidance.
|
|
94
|
+
|
|
95
|
+
## Related Repository Areas
|
|
96
|
+
|
|
97
|
+
- `skills/devops/` for general DevOps practices and patterns.
|
|
98
|
+
- `skills/security/` for security hardening and compliance rules.
|
|
99
|
+
- `skills/observability/` for monitoring, logging, and alerting guidance.
|
|
100
|
+
- `context/engineering.md` for shared engineering norms and tooling.
|
|
101
|
+
- `context/communication.md` for stakeholder and operational communication.
|
|
@@ -0,0 +1,413 @@
|
|
|
1
|
+
# Checklists
|
|
2
|
+
|
|
3
|
+
Reusable checklists for common DevOps tasks. Use these to ensure all critical aspects are covered.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Infrastructure Design Checklist
|
|
8
|
+
|
|
9
|
+
Use when designing new infrastructure or major infrastructure changes.
|
|
10
|
+
|
|
11
|
+
### Discovery & Requirements
|
|
12
|
+
- [ ] Business SLOs documented (availability target, latency, RTO/RPO)
|
|
13
|
+
- [ ] Compliance and regulatory requirements identified
|
|
14
|
+
- [ ] Cost budget and constraints defined
|
|
15
|
+
- [ ] Scale requirements understood (users, data volume, geographic regions)
|
|
16
|
+
- [ ] Dependencies mapped (applications, databases, external services)
|
|
17
|
+
- [ ] Disaster recovery requirements defined
|
|
18
|
+
|
|
19
|
+
### Architecture Design
|
|
20
|
+
- [ ] Multiple approaches evaluated with trade-offs documented
|
|
21
|
+
- [ ] Architecture diagrams created (topology, data flow, dependencies)
|
|
22
|
+
- [ ] Single points of failure identified and mitigated
|
|
23
|
+
- [ ] Failover and recovery strategies planned
|
|
24
|
+
- [ ] Scalability approach defined (vertical, horizontal, auto-scaling)
|
|
25
|
+
- [ ] Capacity requirements estimated
|
|
26
|
+
|
|
27
|
+
### Security & Compliance
|
|
28
|
+
- [ ] Security hardening requirements identified
|
|
29
|
+
- [ ] Least-privilege access controls designed
|
|
30
|
+
- [ ] Encryption requirements (at rest, in transit) defined
|
|
31
|
+
- [ ] Secrets management approach chosen
|
|
32
|
+
- [ ] Compliance controls mapped to requirements
|
|
33
|
+
- [ ] Security audit and vulnerability scanning planned
|
|
34
|
+
|
|
35
|
+
### Observability & Operations
|
|
36
|
+
- [ ] Metrics and logging strategy defined
|
|
37
|
+
- [ ] SLOs and alerting thresholds identified
|
|
38
|
+
- [ ] Dashboards and runbook requirements specified
|
|
39
|
+
- [ ] On-call procedures and escalation paths defined
|
|
40
|
+
- [ ] Incident response procedures documented
|
|
41
|
+
|
|
42
|
+
### Cost & Optimization
|
|
43
|
+
- [ ] Cost estimation completed
|
|
44
|
+
- [ ] Right-sizing strategy defined
|
|
45
|
+
- [ ] Opportunity for cost optimization identified
|
|
46
|
+
- [ ] Budget monitoring and alerts configured
|
|
47
|
+
|
|
48
|
+
### Approval
|
|
49
|
+
- [ ] Architecture reviewed and approved by infrastructure team
|
|
50
|
+
- [ ] Security review completed
|
|
51
|
+
- [ ] Application team input incorporated
|
|
52
|
+
- [ ] Compliance team sign-off obtained (if required)
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## CI/CD Pipeline Checklist
|
|
57
|
+
|
|
58
|
+
Use when building or updating CI/CD pipelines.
|
|
59
|
+
|
|
60
|
+
### Requirements & Planning
|
|
61
|
+
- [ ] Current deployment pain points identified
|
|
62
|
+
- [ ] Required pipeline stages defined (build, test, security, deploy)
|
|
63
|
+
- [ ] Target environments documented (dev, staging, production)
|
|
64
|
+
- [ ] Approval gates and required approvals identified
|
|
65
|
+
- [ ] Rollout strategy chosen (blue-green, canary, rolling, feature flags)
|
|
66
|
+
- [ ] Success metrics and SLOs defined
|
|
67
|
+
|
|
68
|
+
### Build Stage
|
|
69
|
+
- [ ] Source code checkout configured
|
|
70
|
+
- [ ] Dependency management set up
|
|
71
|
+
- [ ] Build script or tool configured (Maven, Gradle, npm, etc.)
|
|
72
|
+
- [ ] Build artifacts versioning strategy defined
|
|
73
|
+
- [ ] Build caching configured (if applicable)
|
|
74
|
+
- [ ] Build notifications configured (on success/failure)
|
|
75
|
+
|
|
76
|
+
### Test Stage
|
|
77
|
+
- [ ] Unit tests configured to run
|
|
78
|
+
- [ ] Integration tests configured
|
|
79
|
+
- [ ] Test coverage minimum defined
|
|
80
|
+
- [ ] Test result reporting configured
|
|
81
|
+
- [ ] Failing tests block pipeline progression
|
|
82
|
+
|
|
83
|
+
### Security Scanning
|
|
84
|
+
- [ ] Dependency scanning enabled (Snyk, Dependabot, etc.)
|
|
85
|
+
- [ ] SAST scanning enabled (SonarQube, etc.)
|
|
86
|
+
- [ ] Container scanning enabled (if using containers)
|
|
87
|
+
- [ ] Secrets scanning configured
|
|
88
|
+
- [ ] Scan results reviewed and enforced
|
|
89
|
+
|
|
90
|
+
### Deployment Stage
|
|
91
|
+
- [ ] Deployment target environments configured
|
|
92
|
+
- [ ] Deployment credentials and secrets secured (not in code)
|
|
93
|
+
- [ ] Blue-green/canary/rolling deployment strategy implemented
|
|
94
|
+
- [ ] Health checks and smoke tests configured
|
|
95
|
+
- [ ] Rollback procedure documented and tested
|
|
96
|
+
- [ ] Deployment notifications configured
|
|
97
|
+
|
|
98
|
+
### Monitoring & Validation
|
|
99
|
+
- [ ] Post-deployment health checks configured
|
|
100
|
+
- [ ] Monitoring metrics validated after deployment
|
|
101
|
+
- [ ] Automated rollback configured (if thresholds exceeded)
|
|
102
|
+
- [ ] Deployment logs and artifacts retained for troubleshooting
|
|
103
|
+
- [ ] Pipeline execution metrics tracked (build time, success rate)
|
|
104
|
+
|
|
105
|
+
### Documentation & Training
|
|
106
|
+
- [ ] Pipeline documentation created
|
|
107
|
+
- [ ] Troubleshooting guide written
|
|
108
|
+
- [ ] Team trained on pipeline usage
|
|
109
|
+
- [ ] Runbook for common issues created
|
|
110
|
+
|
|
111
|
+
---
|
|
112
|
+
|
|
113
|
+
## Kubernetes Deployment Checklist
|
|
114
|
+
|
|
115
|
+
Use when deploying applications to Kubernetes.
|
|
116
|
+
|
|
117
|
+
### Cluster Preparation
|
|
118
|
+
- [ ] Kubernetes cluster provisioned (EKS, GKE, AKS, self-managed)
|
|
119
|
+
- [ ] Node sizing appropriate for workload
|
|
120
|
+
- [ ] Storage classes configured
|
|
121
|
+
- [ ] Ingress controller configured
|
|
122
|
+
- [ ] CNI (networking plugin) selected and configured
|
|
123
|
+
- [ ] RBAC policies configured
|
|
124
|
+
|
|
125
|
+
### Application Deployment
|
|
126
|
+
- [ ] Container image built and stored in registry
|
|
127
|
+
- [ ] Deployment manifests created (YAML or Helm charts)
|
|
128
|
+
- [ ] Resource limits (CPU, memory) specified
|
|
129
|
+
- [ ] Health checks (liveness, readiness probes) configured
|
|
130
|
+
- [ ] Auto-scaling policies configured
|
|
131
|
+
- [ ] Pod security policies configured
|
|
132
|
+
|
|
133
|
+
### Networking
|
|
134
|
+
- [ ] Service type chosen (ClusterIP, LoadBalancer, NodePort)
|
|
135
|
+
- [ ] Service DNS names resolvable
|
|
136
|
+
- [ ] Ingress configured for external access
|
|
137
|
+
- [ ] Network policies configured (if required)
|
|
138
|
+
- [ ] Load balancer health checks configured
|
|
139
|
+
|
|
140
|
+
### Storage
|
|
141
|
+
- [ ] Persistent volume claims created (if needed)
|
|
142
|
+
- [ ] Storage class appropriate for workload
|
|
143
|
+
- [ ] Backup and snapshot procedures documented
|
|
144
|
+
- [ ] Storage access policies configured
|
|
145
|
+
|
|
146
|
+
### Secrets & Configuration
|
|
147
|
+
- [ ] Secrets managed securely (not in manifests)
|
|
148
|
+
- [ ] ConfigMaps for configuration created
|
|
149
|
+
- [ ] Secret rotation policy defined
|
|
150
|
+
- [ ] Database credentials rotated after deployment
|
|
151
|
+
|
|
152
|
+
### Monitoring & Logging
|
|
153
|
+
- [ ] Prometheus metrics exposed
|
|
154
|
+
- [ ] Logging to centralized system configured
|
|
155
|
+
- [ ] Application logs accessible
|
|
156
|
+
- [ ] Kubernetes cluster metrics monitored
|
|
157
|
+
- [ ] Alerts configured for critical metrics
|
|
158
|
+
|
|
159
|
+
### Security
|
|
160
|
+
- [ ] Pod security policies enforced
|
|
161
|
+
- [ ] RBAC policies restrict access
|
|
162
|
+
- [ ] Network policies restrict traffic
|
|
163
|
+
- [ ] Container images scanned for vulnerabilities
|
|
164
|
+
- [ ] Secrets encrypted (at rest and in transit)
|
|
165
|
+
|
|
166
|
+
### Testing & Validation
|
|
167
|
+
- [ ] Deployment tested in staging cluster
|
|
168
|
+
- [ ] Failover scenario tested
|
|
169
|
+
- [ ] Health checks verified
|
|
170
|
+
- [ ] Monitoring and alerting validated
|
|
171
|
+
- [ ] Rollback procedure tested
|
|
172
|
+
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
## Monitoring & Observability Checklist
|
|
176
|
+
|
|
177
|
+
Use when setting up monitoring, logging, and alerting.
|
|
178
|
+
|
|
179
|
+
### Metrics Collection
|
|
180
|
+
- [ ] Metrics collection tool selected (Prometheus, CloudWatch, etc.)
|
|
181
|
+
- [ ] Scrape intervals and retention configured
|
|
182
|
+
- [ ] Infrastructure metrics collected (CPU, memory, disk, network)
|
|
183
|
+
- [ ] Application metrics instrumented and collected
|
|
184
|
+
- [ ] Custom business metrics defined and collected
|
|
185
|
+
- [ ] Metric naming conventions documented
|
|
186
|
+
|
|
187
|
+
### Dashboards
|
|
188
|
+
- [ ] Key dashboards created for operations team
|
|
189
|
+
- [ ] SLO dashboards created for leadership
|
|
190
|
+
- [ ] Problem dashboards created for troubleshooting
|
|
191
|
+
- [ ] Dashboard access controls configured
|
|
192
|
+
- [ ] Thresholds and alerts configured on dashboards
|
|
193
|
+
|
|
194
|
+
### Alerting
|
|
195
|
+
- [ ] Alert rules defined for critical metrics
|
|
196
|
+
- [ ] Alert thresholds tuned to minimize false positives
|
|
197
|
+
- [ ] Alert routing configured (escalation, on-call)
|
|
198
|
+
- [ ] Alert notifications tested (Slack, PagerDuty, email)
|
|
199
|
+
- [ ] Alert runbooks linked and accessible
|
|
200
|
+
- [ ] Alert acknowledgment and assignment workflows defined
|
|
201
|
+
|
|
202
|
+
### Logging
|
|
203
|
+
- [ ] Centralized logging configured (ELK, Splunk, CloudLogging)
|
|
204
|
+
- [ ] Log parsing and structuring configured
|
|
205
|
+
- [ ] Log retention policy defined (compliance and cost)
|
|
206
|
+
- [ ] Log indexing for search configured
|
|
207
|
+
- [ ] Sensitive data redaction/masking configured
|
|
208
|
+
- [ ] Application structured logging implemented
|
|
209
|
+
|
|
210
|
+
### SLOs & Error Budgets
|
|
211
|
+
- [ ] SLOs defined (availability, latency, error rate)
|
|
212
|
+
- [ ] SLI (Service Level Indicator) metrics identified
|
|
213
|
+
- [ ] Error budget calculated
|
|
214
|
+
- [ ] Error budget tracking dashboard created
|
|
215
|
+
- [ ] Burn rate alerts configured
|
|
216
|
+
|
|
217
|
+
### Tracing & Distributed Tracing (if applicable)
|
|
218
|
+
- [ ] Distributed tracing tool selected (Jaeger, Zipkin, etc.)
|
|
219
|
+
- [ ] Instrumentation libraries integrated
|
|
220
|
+
- [ ] Trace sampling configured
|
|
221
|
+
- [ ] Trace storage configured
|
|
222
|
+
- [ ] Trace querying interface accessible
|
|
223
|
+
|
|
224
|
+
### Runbooks & Documentation
|
|
225
|
+
- [ ] Runbooks created for common operational tasks
|
|
226
|
+
- [ ] Troubleshooting guides written for common issues
|
|
227
|
+
- [ ] Escalation procedures documented
|
|
228
|
+
- [ ] On-call playbooks created
|
|
229
|
+
- [ ] Dashboard and alert interpretation documented
|
|
230
|
+
|
|
231
|
+
### Testing & Validation
|
|
232
|
+
- [ ] Metrics verified to be collecting correctly
|
|
233
|
+
- [ ] Alerts tested to confirm they fire appropriately
|
|
234
|
+
- [ ] Logging verified to capture all necessary information
|
|
235
|
+
- [ ] Dashboard data accuracy verified
|
|
236
|
+
- [ ] Runbooks tested and validated
|
|
237
|
+
|
|
238
|
+
---
|
|
239
|
+
|
|
240
|
+
## Security Hardening Checklist
|
|
241
|
+
|
|
242
|
+
Use when implementing security controls or meeting compliance requirements.
|
|
243
|
+
|
|
244
|
+
### Access Control
|
|
245
|
+
- [ ] IAM roles and policies implemented (least privilege)
|
|
246
|
+
- [ ] Service accounts configured with minimal permissions
|
|
247
|
+
- [ ] User access provisioning process defined
|
|
248
|
+
- [ ] User access review process scheduled
|
|
249
|
+
- [ ] Privileged access management (PAM) configured (if needed)
|
|
250
|
+
- [ ] Multi-factor authentication enabled for sensitive access
|
|
251
|
+
|
|
252
|
+
### Secrets Management
|
|
253
|
+
- [ ] Secrets management solution configured (Vault, Secrets Manager)
|
|
254
|
+
- [ ] Secrets never stored in code or configuration files
|
|
255
|
+
- [ ] Secret rotation policy implemented
|
|
256
|
+
- [ ] Secret access audit logging enabled
|
|
257
|
+
- [ ] Secrets encrypted at rest
|
|
258
|
+
- [ ] Secrets never logged or exposed in errors
|
|
259
|
+
|
|
260
|
+
### Network Security
|
|
261
|
+
- [ ] Firewalls and security groups properly configured
|
|
262
|
+
- [ ] Network segmentation implemented (DMZ, internal, database tiers)
|
|
263
|
+
- [ ] Unused ports and services disabled
|
|
264
|
+
- [ ] DDoS protection configured (if needed)
|
|
265
|
+
- [ ] VPN or private links for remote access configured
|
|
266
|
+
- [ ] Network traffic inspection/IDS configured (if needed)
|
|
267
|
+
|
|
268
|
+
### Encryption
|
|
269
|
+
- [ ] Data encryption at rest configured (database, storage)
|
|
270
|
+
- [ ] Data encryption in transit (TLS/SSL) enforced
|
|
271
|
+
- [ ] Key management configured
|
|
272
|
+
- [ ] Certificate management automated
|
|
273
|
+
- [ ] Weak cipher suites disabled
|
|
274
|
+
|
|
275
|
+
### Compliance & Audit
|
|
276
|
+
- [ ] Compliance requirements identified and documented
|
|
277
|
+
- [ ] Audit logging configured for sensitive operations
|
|
278
|
+
- [ ] Audit logs stored in tamper-proof location
|
|
279
|
+
- [ ] Audit log retention policy defined
|
|
280
|
+
- [ ] Regular security audit schedule established
|
|
281
|
+
- [ ] Vulnerability scanning configured
|
|
282
|
+
|
|
283
|
+
### Patching & Updates
|
|
284
|
+
- [ ] OS and system patches applied regularly
|
|
285
|
+
- [ ] Application dependency updates scheduled
|
|
286
|
+
- [ ] Security patch process defined and automated
|
|
287
|
+
- [ ] Emergency patching procedure for critical vulnerabilities
|
|
288
|
+
- [ ] Patch testing in staging before production
|
|
289
|
+
|
|
290
|
+
### Incident Response
|
|
291
|
+
- [ ] Security incident response plan documented
|
|
292
|
+
- [ ] Incident escalation procedures defined
|
|
293
|
+
- [ ] Security monitoring and alerting configured
|
|
294
|
+
- [ ] Forensic tools and procedures available
|
|
295
|
+
- [ ] Incident communication templates prepared
|
|
296
|
+
|
|
297
|
+
### Documentation
|
|
298
|
+
- [ ] Security architecture documented
|
|
299
|
+
- [ ] Security policies documented
|
|
300
|
+
- [ ] Incident response procedures documented
|
|
301
|
+
- [ ] Security training material created
|
|
302
|
+
- [ ] Access control matrix maintained
|
|
303
|
+
|
|
304
|
+
---
|
|
305
|
+
|
|
306
|
+
## Disaster Recovery Checklist
|
|
307
|
+
|
|
308
|
+
Use when planning or testing disaster recovery procedures.
|
|
309
|
+
|
|
310
|
+
### RTO & RPO Definition
|
|
311
|
+
- [ ] RTO (Recovery Time Objective) defined for each critical system
|
|
312
|
+
- [ ] RPO (Recovery Point Objective) defined for each data set
|
|
313
|
+
- [ ] Recovery strategy chosen (backup, failover, multi-region)
|
|
314
|
+
- [ ] Stakeholder communication strategy defined
|
|
315
|
+
|
|
316
|
+
### Backup Strategy
|
|
317
|
+
- [ ] Backup frequency defined and implemented
|
|
318
|
+
- [ ] Backup retention policy defined
|
|
319
|
+
- [ ] Backup storage location chosen (separate region/provider)
|
|
320
|
+
- [ ] Backup encryption configured
|
|
321
|
+
- [ ] Backup restoration tested and validated
|
|
322
|
+
- [ ] Incremental and full backup strategy defined
|
|
323
|
+
|
|
324
|
+
### Data Replication
|
|
325
|
+
- [ ] Data replication configured (if using multi-region)
|
|
326
|
+
- [ ] Replication lag monitored
|
|
327
|
+
- [ ] Failover procedures documented
|
|
328
|
+
- [ ] Data consistency validation configured
|
|
329
|
+
|
|
330
|
+
### Failover Infrastructure
|
|
331
|
+
- [ ] Failover region or backup infrastructure provisioned
|
|
332
|
+
- [ ] DNS failover configured
|
|
333
|
+
- [ ] Application failover procedures tested
|
|
334
|
+
- [ ] Database failover and reconciliation procedures tested
|
|
335
|
+
- [ ] Load balancer failover configured
|
|
336
|
+
|
|
337
|
+
### Testing & Validation
|
|
338
|
+
- [ ] Disaster recovery drill scheduled (quarterly or annually)
|
|
339
|
+
- [ ] Backup restoration test completed successfully
|
|
340
|
+
- [ ] Failover test completed successfully
|
|
341
|
+
- [ ] Recovery time verified to meet RTO target
|
|
342
|
+
- [ ] Data loss verified to meet RPO target
|
|
343
|
+
- [ ] Post-recovery validation procedures tested
|
|
344
|
+
|
|
345
|
+
### Documentation
|
|
346
|
+
- [ ] Disaster recovery plan documented
|
|
347
|
+
- [ ] Failover procedures documented
|
|
348
|
+
- [ ] Recovery procedures documented
|
|
349
|
+
- [ ] Critical system dependencies documented
|
|
350
|
+
- [ ] Contact information for key personnel updated
|
|
351
|
+
|
|
352
|
+
### Monitoring & Alerting
|
|
353
|
+
- [ ] Backup completion monitored and alerted
|
|
354
|
+
- [ ] Replication lag monitored and alerted
|
|
355
|
+
- [ ] Failover system health monitored
|
|
356
|
+
- [ ] Disaster recovery automation tested
|
|
357
|
+
|
|
358
|
+
---
|
|
359
|
+
|
|
360
|
+
## Infrastructure Code Review Checklist
|
|
361
|
+
|
|
362
|
+
Use when reviewing Terraform, CloudFormation, Helm, or other IaC code.
|
|
363
|
+
|
|
364
|
+
### Correctness
|
|
365
|
+
- [ ] Code implements the intended design
|
|
366
|
+
- [ ] Resources configured correctly for intended purpose
|
|
367
|
+
- [ ] Dependencies between resources properly defined
|
|
368
|
+
- [ ] Output values correctly defined
|
|
369
|
+
- [ ] Destruction procedures tested (no orphaned resources)
|
|
370
|
+
|
|
371
|
+
### Security
|
|
372
|
+
- [ ] No secrets hardcoded in code
|
|
373
|
+
- [ ] Secrets retrieved from secure management system
|
|
374
|
+
- [ ] IAM policies follow least privilege principle
|
|
375
|
+
- [ ] Security groups/firewall rules appropriately restrictive
|
|
376
|
+
- [ ] Encryption enabled for sensitive data (at rest, in transit)
|
|
377
|
+
- [ ] Audit logging enabled for sensitive operations
|
|
378
|
+
|
|
379
|
+
### Cost & Optimization
|
|
380
|
+
- [ ] Resource sizes appropriate for expected load
|
|
381
|
+
- [ ] Spot instances or reserved capacity considered
|
|
382
|
+
- [ ] Auto-scaling configured to prevent over-provisioning
|
|
383
|
+
- [ ] Unused resources identified and removed
|
|
384
|
+
- [ ] Cost estimates reviewed
|
|
385
|
+
|
|
386
|
+
### Maintainability
|
|
387
|
+
- [ ] Code is clear and well-organized
|
|
388
|
+
- [ ] Variable naming is descriptive
|
|
389
|
+
- [ ] Complex logic is documented with comments
|
|
390
|
+
- [ ] DRY principle applied (no duplication)
|
|
391
|
+
- [ ] Modules are reusable and properly abstracted
|
|
392
|
+
- [ ] Version constraints specified for dependencies
|
|
393
|
+
|
|
394
|
+
### Operability
|
|
395
|
+
- [ ] Monitoring and logging integrated
|
|
396
|
+
- [ ] Health checks configured
|
|
397
|
+
- [ ] Backup procedures configured
|
|
398
|
+
- [ ] Disaster recovery tested
|
|
399
|
+
- [ ] Operational runbooks referenced or included
|
|
400
|
+
|
|
401
|
+
### Documentation
|
|
402
|
+
- [ ] README explains infrastructure purpose and design
|
|
403
|
+
- [ ] Variable descriptions are clear and complete
|
|
404
|
+
- [ ] Output descriptions are clear
|
|
405
|
+
- [ ] Usage examples provided
|
|
406
|
+
- [ ] Architectural decisions documented
|
|
407
|
+
|
|
408
|
+
### Testing
|
|
409
|
+
- [ ] Code passes linting and validation
|
|
410
|
+
- [ ] Changes tested in non-production environment first
|
|
411
|
+
- [ ] Infrastructure tested to verify it meets requirements
|
|
412
|
+
- [ ] Rollback procedure tested and documented
|
|
413
|
+
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
# CI/CD Pipeline Guidance
|
|
2
|
+
|
|
3
|
+
This folder provides guidance for designing and implementing continuous integration and
|
|
4
|
+
continuous deployment pipelines that enable fast, safe, and repeatable deployments.
|
|
5
|
+
|
|
6
|
+
## Scope
|
|
7
|
+
|
|
8
|
+
Use this guidance when:
|
|
9
|
+
|
|
10
|
+
- Building CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, CircleCI)
|
|
11
|
+
- Implementing automated testing in pipelines
|
|
12
|
+
- Designing deployment automation and strategies
|
|
13
|
+
- Setting up security scanning in pipelines
|
|
14
|
+
- Configuring artifact management and versioning
|
|
15
|
+
- Implementing deployment approval workflows
|
|
16
|
+
|
|
17
|
+
## Core Principles
|
|
18
|
+
|
|
19
|
+
1. **Automation First** – Eliminate manual operations and repetitive tasks.
|
|
20
|
+
2. **Fast Feedback** – Detect issues as early as possible in the pipeline.
|
|
21
|
+
3. **Safe Deployments** – Use staged rollouts and automated validation.
|
|
22
|
+
4. **Auditability** – Track every build, test, and deployment decision.
|
|
23
|
+
5. **Failure Recovery** – Enable quick rollbacks and issue diagnosis.
|
|
24
|
+
|
|
25
|
+
## Pipeline Stages
|
|
26
|
+
|
|
27
|
+
### 1. Source Control
|
|
28
|
+
- Code committed to version control (Git)
|
|
29
|
+
- Branch strategy defined (main, develop, feature branches)
|
|
30
|
+
- Commit messages follow convention
|
|
31
|
+
- Code review process enforced before merge
|
|
32
|
+
|
|
33
|
+
### 2. Build Stage
|
|
34
|
+
- Source code compiled or packaged
|
|
35
|
+
- Dependencies downloaded and verified
|
|
36
|
+
- Build artifacts created and versioned
|
|
37
|
+
- Build failures block downstream stages
|
|
38
|
+
- Build logs retained for troubleshooting
|
|
39
|
+
|
|
40
|
+
### 3. Test Stage
|
|
41
|
+
- Unit tests run automatically
|
|
42
|
+
- Test results reported and thresholds enforced
|
|
43
|
+
- Test coverage measured and tracked
|
|
44
|
+
- Failed tests block deployment
|
|
45
|
+
|
|
46
|
+
### 4. Security Scanning
|
|
47
|
+
- Dependency scanning (known vulnerabilities)
|
|
48
|
+
- SAST scanning (static application security testing)
|
|
49
|
+
- Container/artifact scanning (if applicable)
|
|
50
|
+
- Secrets scanning (API keys, passwords, tokens)
|
|
51
|
+
- Security issues block or flag for review
|
|
52
|
+
|
|
53
|
+
### 5. Artifact Management
|
|
54
|
+
- Build artifacts versioned uniquely
|
|
55
|
+
- Container images tagged with commit/version
|
|
56
|
+
- Artifacts signed for integrity
|
|
57
|
+
- Artifact retention policy enforced
|
|
58
|
+
- Artifact provenance tracked
|
|
59
|
+
|
|
60
|
+
### 6. Deployment to Staging
|
|
61
|
+
- Automated deployment to staging environment
|
|
62
|
+
- Infrastructure identical to production
|
|
63
|
+
- Health checks and smoke tests run
|
|
64
|
+
- Database migrations applied automatically
|
|
65
|
+
- Deployment process documented
|
|
66
|
+
|
|
67
|
+
### 7. Validation & Testing
|
|
68
|
+
- Automated smoke tests validate deployment
|
|
69
|
+
- Integration tests run against deployed app
|
|
70
|
+
- Performance tests (if applicable)
|
|
71
|
+
- Security tests (DAST, penetration testing)
|
|
72
|
+
- Failed validations block production deployment
|
|
73
|
+
|
|
74
|
+
### 8. Approval & Release
|
|
75
|
+
- Manual approval required for production (if policy)
|
|
76
|
+
- Release notes generated automatically
|
|
77
|
+
- Change tickets created
|
|
78
|
+
- Notification sent to stakeholders
|
|
79
|
+
|
|
80
|
+
### 9. Production Deployment
|
|
81
|
+
- Blue-green or canary deployment strategy
|
|
82
|
+
- Gradual traffic shift (if using canary)
|
|
83
|
+
- Health monitoring during deployment
|
|
84
|
+
- Automatic rollback on failures
|
|
85
|
+
- Deployment completion notification
|
|
86
|
+
|
|
87
|
+
### 10. Post-Deployment
|
|
88
|
+
- Metrics and logs monitored
|
|
89
|
+
- Error rate tracked
|
|
90
|
+
- Performance validated
|
|
91
|
+
- Incident response procedures ready
|
|
92
|
+
|
|
93
|
+
## Platform Considerations
|
|
94
|
+
|
|
95
|
+
### GitHub Actions
|
|
96
|
+
- Built into GitHub, no separate infrastructure
|
|
97
|
+
- Good for GitHub-hosted repositories
|
|
98
|
+
- Workflow files stored in `.github/workflows/`
|
|
99
|
+
- Secrets managed through GitHub settings
|
|
100
|
+
- Supports self-hosted runners for complex workloads
|
|
101
|
+
|
|
102
|
+
### GitLab CI
|
|
103
|
+
- CI/CD integrated with GitLab platform
|
|
104
|
+
- `.gitlab-ci.yml` pipeline definition
|
|
105
|
+
- Supports on-premise installation
|
|
106
|
+
- Built-in container registry
|
|
107
|
+
- Advanced features (Auto DevOps, Environment-specific deployment)
|
|
108
|
+
|
|
109
|
+
### Jenkins
|
|
110
|
+
- Self-hosted CI/CD server
|
|
111
|
+
- Highly customizable with plugins
|
|
112
|
+
- Supports complex workflows
|
|
113
|
+
- Requires infrastructure investment
|
|
114
|
+
- Good for complex, non-standard pipelines
|
|
115
|
+
|
|
116
|
+
### CircleCI
|
|
117
|
+
- Cloud-hosted CI/CD platform
|
|
118
|
+
- YAML-based configuration
|
|
119
|
+
- Free tier available for open source
|
|
120
|
+
- Supports Docker and machine executors
|
|
121
|
+
- Good balance of simplicity and power
|
|
122
|
+
|
|
123
|
+
## Common Patterns
|
|
124
|
+
|
|
125
|
+
### Rolling Deployment
|
|
126
|
+
- Gradually replace old instances with new ones
|
|
127
|
+
- Minimal downtime, allows quick rollback
|
|
128
|
+
- Suitable for most applications
|
|
129
|
+
- Requires good health checks
|
|
130
|
+
|
|
131
|
+
### Blue-Green Deployment
|
|
132
|
+
- Maintain two identical production environments
|
|
133
|
+
- Switch all traffic at once
|
|
134
|
+
- Instant rollback by switching back
|
|
135
|
+
- Requires doubled infrastructure
|
|
136
|
+
- Good for critical applications
|
|
137
|
+
|
|
138
|
+
### Canary Deployment
|
|
139
|
+
- Deploy to small percentage of instances/users first
|
|
140
|
+
- Monitor metrics and error rates
|
|
141
|
+
- Gradually increase traffic if healthy
|
|
142
|
+
- Automatic rollback if thresholds exceeded
|
|
143
|
+
- Good for high-risk changes
|
|
144
|
+
|
|
145
|
+
## Related Folders
|
|
146
|
+
|
|
147
|
+
- `kubernetes/` – Kubernetes-specific deployment considerations
|
|
148
|
+
- `infrastructure-as-code/` – Terraform/Helm for infrastructure provisioning
|
|
149
|
+
- `monitoring/` – Metrics and alerting for deployment validation
|
|
150
|
+
- `security/` – Security scanning in pipelines
|
|
151
|
+
|
|
152
|
+
## Key Checklist Items
|
|
153
|
+
|
|
154
|
+
- [ ] Pipeline stages defined and automated
|
|
155
|
+
- [ ] Build failures prevent downstream execution
|
|
156
|
+
- [ ] Tests run automatically and block on failure
|
|
157
|
+
- [ ] Security scanning integrated (dependencies, SAST, secrets)
|
|
158
|
+
- [ ] Deployment strategy chosen (rolling, blue-green, canary)
|
|
159
|
+
- [ ] Rollback procedure documented and tested
|
|
160
|
+
- [ ] Monitoring and alerting configured for deployments
|
|
161
|
+
- [ ] Deployment notifications sent to stakeholders
|
|
162
|
+
- [ ] Pipeline documentation and runbooks created
|
|
163
|
+
- [ ] On-call team trained on pipeline operations
|
|
164
|
+
|
|
165
|
+
## Files in This Folder
|
|
166
|
+
|
|
167
|
+
- `README.md` – This file
|
|
168
|
+
- `checklists.md` – Detailed CI/CD implementation checklist
|
|
169
|
+
- `examples.md` – Concrete CI/CD pipeline examples
|