swe-workflow-skills 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +144 -0
- package/VERSION +1 -0
- package/bin/cli.mjs +44 -0
- package/catalog.json +225 -0
- package/commands/role.md +34 -0
- package/hooks/session-start.mjs +118 -0
- package/install.mjs +318 -0
- package/package.json +47 -0
- package/roles.json +194 -0
- package/scripts/resolve.mjs +296 -0
- package/skills/accessibility-design/SKILL.md +128 -0
- package/skills/accessibility-design/evals/evals.json +51 -0
- package/skills/accessibility-design/references/accessibility-patterns.md +321 -0
- package/skills/api-design/SKILL.md +144 -0
- package/skills/api-design/evals/evals.json +48 -0
- package/skills/api-design/references/rest-conventions.md +147 -0
- package/skills/api-design/templates/api-spec.md +156 -0
- package/skills/architecture-design/SKILL.md +86 -0
- package/skills/architecture-design/evals/evals.json +44 -0
- package/skills/architecture-design/references/clean-architecture.md +147 -0
- package/skills/architecture-design/references/component-principles.md +129 -0
- package/skills/architecture-design/references/principles.md +81 -0
- package/skills/architecture-design/references/solid-principles.md +106 -0
- package/skills/architecture-design/templates/adr.md +63 -0
- package/skills/architecture-documentation/SKILL.md +126 -0
- package/skills/architecture-documentation/evals/evals.json +44 -0
- package/skills/architecture-documentation/references/abstraction-levels.md +91 -0
- package/skills/architecture-documentation/references/diagram-tooling.md +141 -0
- package/skills/architecture-documentation/templates/architecture-doc.md +171 -0
- package/skills/bug-investigating/SKILL.md +133 -0
- package/skills/bug-investigating/evals/evals.json +56 -0
- package/skills/bug-investigating/references/common-bugs.md +62 -0
- package/skills/bug-investigating/references/debugging-patterns.md +94 -0
- package/skills/cicd-pipeline/SKILL.md +87 -0
- package/skills/cicd-pipeline/evals/evals.json +34 -0
- package/skills/cicd-pipeline/references/pipeline-patterns.md +206 -0
- package/skills/cicd-pipeline/templates/github-actions.md +206 -0
- package/skills/code-reviewing/SKILL.md +92 -0
- package/skills/code-reviewing/evals/evals.json +62 -0
- package/skills/code-reviewing/references/error-handling.md +108 -0
- package/skills/code-reviewing/references/review-checklist.md +144 -0
- package/skills/configuration-strategy/SKILL.md +109 -0
- package/skills/configuration-strategy/evals/evals.json +41 -0
- package/skills/configuration-strategy/references/config-patterns.md +161 -0
- package/skills/containerization/SKILL.md +90 -0
- package/skills/containerization/evals/evals.json +36 -0
- package/skills/containerization/references/dockerfile-patterns.md +168 -0
- package/skills/containerization/templates/dockerfile.md +154 -0
- package/skills/data-modeling/SKILL.md +83 -0
- package/skills/data-modeling/evals/evals.json +43 -0
- package/skills/data-modeling/references/conventions.md +57 -0
- package/skills/data-modeling/templates/schema.md +120 -0
- package/skills/dependency-impact-analysis/SKILL.md +113 -0
- package/skills/dependency-impact-analysis/evals/evals.json +41 -0
- package/skills/dependency-impact-analysis/references/impact-patterns.md +150 -0
- package/skills/dependency-management/SKILL.md +161 -0
- package/skills/dependency-management/evals/evals.json +48 -0
- package/skills/dependency-management/references/evaluation-checklist.md +127 -0
- package/skills/deployment-checklist/SKILL.md +132 -0
- package/skills/deployment-checklist/evals/evals.json +58 -0
- package/skills/deployment-checklist/references/pre-deploy-gates.md +91 -0
- package/skills/deployment-repo/SKILL.md +190 -0
- package/skills/deployment-repo/evals/evals.json +44 -0
- package/skills/deployment-repo/references/deployment-repo-patterns.md +258 -0
- package/skills/deployment-repo/references/version-compatibility.md +227 -0
- package/skills/deployment-repo/templates/deployment-repo-structure.md +226 -0
- package/skills/effort-estimation/SKILL.md +95 -0
- package/skills/effort-estimation/evals/evals.json +32 -0
- package/skills/effort-estimation/references/estimation-methods.md +154 -0
- package/skills/feature-planning/SKILL.md +84 -0
- package/skills/feature-planning/evals/evals.json +44 -0
- package/skills/feature-planning/templates/plan.md +55 -0
- package/skills/feature-planning/templates/task.md +26 -0
- package/skills/frontend-architecture/SKILL.md +154 -0
- package/skills/frontend-architecture/evals/evals.json +34 -0
- package/skills/frontend-architecture/references/component-patterns.md +264 -0
- package/skills/frontend-architecture/templates/folder-structure.md +203 -0
- package/skills/git-workflow/SKILL.md +127 -0
- package/skills/git-workflow/evals/evals.json +44 -0
- package/skills/git-workflow/references/conventions.md +142 -0
- package/skills/git-workflow/templates/pull-request.md +57 -0
- package/skills/gitops-delivery/SKILL.md +319 -0
- package/skills/gitops-delivery/evals/evals.json +44 -0
- package/skills/gitops-delivery/references/gitops-patterns.md +478 -0
- package/skills/gitops-delivery/templates/gitops-config.md +196 -0
- package/skills/incident-response/SKILL.md +130 -0
- package/skills/incident-response/evals/evals.json +55 -0
- package/skills/incident-response/references/communication-templates.md +134 -0
- package/skills/incident-response/references/severity-levels.md +77 -0
- package/skills/incident-response/templates/incident-timeline.md +57 -0
- package/skills/infrastructure-as-code/SKILL.md +86 -0
- package/skills/infrastructure-as-code/evals/evals.json +33 -0
- package/skills/infrastructure-as-code/references/iac-patterns.md +179 -0
- package/skills/infrastructure-as-code/templates/terraform-module.md +158 -0
- package/skills/metrics-and-okrs/SKILL.md +113 -0
- package/skills/metrics-and-okrs/evals/evals.json +33 -0
- package/skills/metrics-and-okrs/references/metric-catalog.md +90 -0
- package/skills/metrics-and-okrs/templates/okr-document.md +61 -0
- package/skills/ml-experiment-tracking/SKILL.md +96 -0
- package/skills/ml-experiment-tracking/evals/evals.json +32 -0
- package/skills/ml-experiment-tracking/references/tracking-tools.md +127 -0
- package/skills/ml-model-deployment/SKILL.md +106 -0
- package/skills/ml-model-deployment/evals/evals.json +34 -0
- package/skills/ml-model-deployment/references/serving-patterns.md +162 -0
- package/skills/ml-pipeline-design/SKILL.md +162 -0
- package/skills/ml-pipeline-design/evals/evals.json +34 -0
- package/skills/ml-pipeline-design/references/pipeline-components.md +174 -0
- package/skills/observability-design/SKILL.md +162 -0
- package/skills/observability-design/evals/evals.json +52 -0
- package/skills/observability-design/references/logging-patterns.md +229 -0
- package/skills/observability-design/references/slo-framework.md +151 -0
- package/skills/observability-design/templates/slo-document.md +80 -0
- package/skills/performance-optimization/SKILL.md +83 -0
- package/skills/performance-optimization/evals/evals.json +47 -0
- package/skills/performance-optimization/references/bottleneck-patterns.md +256 -0
- package/skills/performance-optimization/references/concurrency.md +101 -0
- package/skills/prd-writing/SKILL.md +109 -0
- package/skills/prd-writing/evals/evals.json +33 -0
- package/skills/prd-writing/references/prd-examples.md +132 -0
- package/skills/prd-writing/templates/prd.md +71 -0
- package/skills/prd-writing/templates/rfc.md +79 -0
- package/skills/project-documentation/SKILL.md +104 -0
- package/skills/project-documentation/evals/evals.json +48 -0
- package/skills/project-documentation/references/contributing-guide.md +100 -0
- package/skills/project-documentation/templates/changelog.md +59 -0
- package/skills/project-documentation/templates/readme.md +121 -0
- package/skills/project-proposal/SKILL.md +90 -0
- package/skills/project-proposal/evals/evals.json +31 -0
- package/skills/project-proposal/references/proposal-examples.md +140 -0
- package/skills/project-proposal/templates/proposal.md +76 -0
- package/skills/project-review/SKILL.md +111 -0
- package/skills/project-review/evals/evals.json +42 -0
- package/skills/refactoring/SKILL.md +90 -0
- package/skills/refactoring/evals/evals.json +44 -0
- package/skills/refactoring/references/transformations.md +132 -0
- package/skills/retrospective/SKILL.md +157 -0
- package/skills/retrospective/evals/evals.json +34 -0
- package/skills/retrospective/references/facilitation-guide.md +130 -0
- package/skills/retrospective/templates/post-mortem.md +121 -0
- package/skills/rollback-strategy/SKILL.md +116 -0
- package/skills/rollback-strategy/evals/evals.json +55 -0
- package/skills/rollback-strategy/references/rollback-patterns.md +125 -0
- package/skills/rollback-strategy/templates/rollback-plan.md +69 -0
- package/skills/security-audit/SKILL.md +146 -0
- package/skills/security-audit/evals/evals.json +66 -0
- package/skills/security-audit/references/owasp-top-10.md +167 -0
- package/skills/security-audit/templates/security-report.md +79 -0
- package/skills/skill-router/SKILL.md +171 -0
- package/skills/skill-router/evals/evals.json +39 -0
- package/skills/strategic-review/SKILL.md +106 -0
- package/skills/strategic-review/evals/evals.json +42 -0
- package/skills/strategic-review/templates/full-review-prompt.md +84 -0
- package/skills/tdd-workflow/SKILL.md +147 -0
- package/skills/tdd-workflow/evals/evals.json +58 -0
- package/skills/tdd-workflow/references/test-quality.md +71 -0
- package/skills/technical-debt-review/SKILL.md +113 -0
- package/skills/technical-debt-review/evals/evals.json +41 -0
- package/skills/technical-debt-review/references/debt-taxonomy.md +124 -0
- package/skills/technical-debt-review/templates/debt-audit.md +85 -0
- package/skills/test-data-strategy/SKILL.md +129 -0
- package/skills/test-data-strategy/evals/evals.json +49 -0
- package/skills/test-data-strategy/references/data-generation-patterns.md +341 -0
- package/skills/test-suite-design/SKILL.md +137 -0
- package/skills/test-suite-design/evals/evals.json +69 -0
- package/skills/test-suite-design/references/test-infrastructure.md +175 -0
- package/skills/test-suite-design/references/testing-pyramid.md +140 -0
- package/skills/ui-ux-design/SKILL.md +117 -0
- package/skills/ui-ux-design/evals/evals.json +35 -0
- package/skills/ui-ux-design/references/interaction-patterns.md +145 -0
- package/skills/ui-ux-design/templates/screen-spec.md +97 -0
- package/skills/verification-before-completion/SKILL.md +85 -0
- package/skills/verification-before-completion/evals/evals.json +53 -0
- package/skills/writing-skills/SKILL.md +87 -0
- package/skills/writing-skills/evals/evals.json +41 -0
- package/skills/writing-skills/references/pressure-testing.md +69 -0
- package/uninstall.mjs +182 -0
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
# Git Conventions
|
|
2
|
+
|
|
3
|
+
## Contents
|
|
4
|
+
- Conventional Commits types
|
|
5
|
+
- Branch naming conventions
|
|
6
|
+
- Commit message examples
|
|
7
|
+
- When to squash vs keep history
|
|
8
|
+
- Interactive rebase patterns
|
|
9
|
+
|
|
10
|
+
## Conventional Commits Types
|
|
11
|
+
|
|
12
|
+
| Type | When to Use | Triggers Version Bump |
|
|
13
|
+
|------|-------------|----------------------|
|
|
14
|
+
| `feat` | New feature visible to users | Minor (0.X.0) |
|
|
15
|
+
| `fix` | Bug fix | Patch (0.0.X) |
|
|
16
|
+
| `refactor` | Code change that neither fixes a bug nor adds a feature | None |
|
|
17
|
+
| `test` | Adding or correcting tests | None |
|
|
18
|
+
| `docs` | Documentation only changes | None |
|
|
19
|
+
| `chore` | Maintenance (deps, configs, scripts) | None |
|
|
20
|
+
| `perf` | Performance improvement | Patch (0.0.X) |
|
|
21
|
+
| `ci` | CI/CD pipeline changes | None |
|
|
22
|
+
| `build` | Build system or dependency changes | None |
|
|
23
|
+
| `style` | Formatting, whitespace (no logic change) | None |
|
|
24
|
+
| `revert` | Reverts a previous commit | Depends on reverted type |
|
|
25
|
+
|
|
26
|
+
`BREAKING CHANGE:` in the footer bumps the major version (X.0.0) regardless of type.
|
|
27
|
+
|
|
28
|
+
## Branch Naming Conventions
|
|
29
|
+
|
|
30
|
+
Pattern: `<type>/<short-description>`
|
|
31
|
+
|
|
32
|
+
- `feat/user-notifications` — new feature
|
|
33
|
+
- `fix/login-redirect-loop` — bug fix
|
|
34
|
+
- `refactor/extract-payment-service` — code improvement
|
|
35
|
+
- `docs/api-endpoint-reference` — documentation
|
|
36
|
+
- `chore/upgrade-node-20` — maintenance
|
|
37
|
+
- `hotfix/payment-double-charge` — urgent production fix
|
|
38
|
+
- `release/2.1.0` — release preparation
|
|
39
|
+
|
|
40
|
+
Rules:
|
|
41
|
+
- Lowercase, kebab-case
|
|
42
|
+
- Short but descriptive (3-5 words max)
|
|
43
|
+
- Include ticket number if your team uses one: `feat/PROJ-123-user-notifications`
|
|
44
|
+
|
|
45
|
+
## Commit Message Examples
|
|
46
|
+
|
|
47
|
+
**Good: Simple feature**
|
|
48
|
+
```
|
|
49
|
+
feat(auth): add password reset via email
|
|
50
|
+
|
|
51
|
+
Users can now request a password reset link sent to their registered
|
|
52
|
+
email address. The link expires after 1 hour.
|
|
53
|
+
|
|
54
|
+
Closes #234
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
**Good: Bug fix with context**
|
|
58
|
+
```
|
|
59
|
+
fix(orders): prevent duplicate charge on retry
|
|
60
|
+
|
|
61
|
+
When a payment API call timed out, the retry logic would create a
|
|
62
|
+
second charge because it didn't check for an existing pending charge.
|
|
63
|
+
Added idempotency key to prevent duplicate transactions.
|
|
64
|
+
|
|
65
|
+
Fixes #456
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
**Good: Refactoring with rationale**
|
|
69
|
+
```
|
|
70
|
+
refactor(api): extract validation middleware from controllers
|
|
71
|
+
|
|
72
|
+
Controller files were growing large because each one duplicated
|
|
73
|
+
request validation logic. Extracted shared validation into middleware
|
|
74
|
+
that runs before the controller, reducing average controller size
|
|
75
|
+
by ~40%.
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
**Good: Breaking change**
|
|
79
|
+
```
|
|
80
|
+
feat(api): require API key for all endpoints
|
|
81
|
+
|
|
82
|
+
Previously, read-only endpoints were public. Now all endpoints
|
|
83
|
+
require authentication via API key header.
|
|
84
|
+
|
|
85
|
+
BREAKING CHANGE: All API requests must include X-API-Key header.
|
|
86
|
+
Existing integrations will receive 401 until they add the header.
|
|
87
|
+
|
|
88
|
+
Closes #567
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
**Bad examples and why:**
|
|
92
|
+
```
|
|
93
|
+
# Too vague — what was updated?
|
|
94
|
+
chore: update stuff
|
|
95
|
+
|
|
96
|
+
# Describes WHAT not WHY — the diff shows what
|
|
97
|
+
fix: change line 42 in user.js
|
|
98
|
+
|
|
99
|
+
# Too many things in one commit
|
|
100
|
+
feat: add login, registration, password reset, and profile page
|
|
101
|
+
|
|
102
|
+
# Useless body that repeats the subject
|
|
103
|
+
fix: fix the bug
|
|
104
|
+
This commit fixes the bug that was reported.
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
## When to Squash vs Keep History
|
|
108
|
+
|
|
109
|
+
**Squash into a single commit when:**
|
|
110
|
+
- The branch has "WIP", "fix typo", "oops" commits
|
|
111
|
+
- The intermediate commits are meaningless on their own
|
|
112
|
+
- The change is a single logical unit
|
|
113
|
+
|
|
114
|
+
**Keep multiple commits when:**
|
|
115
|
+
- Each commit represents a meaningful step (e.g., "add migration", "add model", "add API endpoint")
|
|
116
|
+
- The commits tell a useful story about the development process
|
|
117
|
+
- Reviewers might want to review step-by-step
|
|
118
|
+
|
|
119
|
+
**Recommendation**: Default to squash-merge for PRs, unless the author deliberately structured commits for readability.
|
|
120
|
+
|
|
121
|
+
## Interactive Rebase Patterns
|
|
122
|
+
|
|
123
|
+
Clean up history before requesting review:
|
|
124
|
+
|
|
125
|
+
```bash
|
|
126
|
+
# Rebase the last N commits
|
|
127
|
+
git rebase -i HEAD~N
|
|
128
|
+
|
|
129
|
+
# In the editor:
|
|
130
|
+
pick abc1234 feat(auth): add login endpoint # keep
|
|
131
|
+
squash def5678 fix typo # fold into previous
|
|
132
|
+
squash ghi9012 WIP # fold into previous
|
|
133
|
+
pick jkl3456 feat(auth): add registration endpoint # keep as separate commit
|
|
134
|
+
drop mno7890 debugging leftovers # delete entirely
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
Common operations:
|
|
138
|
+
- `pick` — keep the commit as-is
|
|
139
|
+
- `squash` — merge into the previous commit (combine messages)
|
|
140
|
+
- `fixup` — merge into the previous commit (discard this message)
|
|
141
|
+
- `reword` — keep the commit but edit the message
|
|
142
|
+
- `drop` — delete the commit entirely
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# Pull Request Description Template
|
|
2
|
+
|
|
3
|
+
```markdown
|
|
4
|
+
## What
|
|
5
|
+
|
|
6
|
+
[1-2 sentences: what this PR does. Complete the sentence "This PR..."]
|
|
7
|
+
|
|
8
|
+
## Why
|
|
9
|
+
|
|
10
|
+
[Why is this change needed? Link to issue, task, or feature plan.]
|
|
11
|
+
|
|
12
|
+
Closes #[issue-number]
|
|
13
|
+
|
|
14
|
+
## How
|
|
15
|
+
|
|
16
|
+
[Brief description of the approach. Highlight key decisions, trade-offs,
|
|
17
|
+
or anything non-obvious about the implementation.]
|
|
18
|
+
|
|
19
|
+
## Changes
|
|
20
|
+
|
|
21
|
+
[Bullet list of the main changes, grouped logically. Not every file —
|
|
22
|
+
just the meaningful changes.]
|
|
23
|
+
|
|
24
|
+
- Added `OrderService.calculateDiscount()` for percentage-based discounts
|
|
25
|
+
- Updated `Order` model with `discount_code` field and migration
|
|
26
|
+
- Added validation for discount codes in `POST /orders` endpoint
|
|
27
|
+
|
|
28
|
+
## Testing
|
|
29
|
+
|
|
30
|
+
[How were these changes tested? Be specific.]
|
|
31
|
+
|
|
32
|
+
- Unit tests for discount calculation (including edge cases: 0%, 100%, expired codes)
|
|
33
|
+
- Integration test for the order creation endpoint with discount
|
|
34
|
+
- Manual testing on staging with real Stripe test keys
|
|
35
|
+
|
|
36
|
+
## Screenshots
|
|
37
|
+
|
|
38
|
+
[For UI changes — before/after. Delete this section if not applicable.]
|
|
39
|
+
|
|
40
|
+
| Before | After |
|
|
41
|
+
|--------|-------|
|
|
42
|
+
| [screenshot] | [screenshot] |
|
|
43
|
+
|
|
44
|
+
## Checklist
|
|
45
|
+
|
|
46
|
+
- [ ] Tests pass
|
|
47
|
+
- [ ] No linting errors
|
|
48
|
+
- [ ] Documentation updated (if applicable)
|
|
49
|
+
- [ ] Migration is reversible
|
|
50
|
+
- [ ] No hardcoded secrets or environment-specific values
|
|
51
|
+
- [ ] PR is a reasonable size (< 400 lines changed)
|
|
52
|
+
|
|
53
|
+
## Notes for Reviewers
|
|
54
|
+
|
|
55
|
+
[Optional: anything the reviewer should pay special attention to,
|
|
56
|
+
areas of uncertainty, or questions you have about the approach.]
|
|
57
|
+
```
|
|
@@ -0,0 +1,319 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: gitops-delivery
|
|
3
|
+
description: "Design GitOps continuous delivery with ArgoCD or Flux — declarative reconciliation, cross-repo CI/CD triggers, drift detection, progressive delivery. Triggers: ArgoCD, Flux, FluxCD, GitOps, git-based deployment, declarative delivery, auto-sync, drift detection, cross-repo trigger, reconciliation loop, pull-based deployment, canary GitOps."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# GitOps Delivery
|
|
9
|
+
|
|
10
|
+
GitOps makes Git the single source of truth for deployment state. An operator watches a Git repository and continuously reconciles the cluster to match what's declared in Git. The deployment repo defines the desired state — the GitOps operator enforces it.
|
|
11
|
+
|
|
12
|
+
## Step 1: Choose the GitOps Model
|
|
13
|
+
|
|
14
|
+
**Pull-based (recommended):** An operator running in the cluster watches the deployment repo and applies changes. No CI system needs cluster credentials.
|
|
15
|
+
- **ArgoCD**: Application-centric, strong UI, sync waves for ordering, multi-cluster support
|
|
16
|
+
- **Flux**: Toolkit-based, composable, native Kustomize/Helm support, image automation
|
|
17
|
+
|
|
18
|
+
**Push-based (simpler but less robust):** CI pipeline runs `kubectl apply` or `helm upgrade` after building. Simpler to set up but has drawbacks: CI needs cluster credentials, no drift detection, no self-healing.
|
|
19
|
+
|
|
20
|
+
**Decision guide:**
|
|
21
|
+
|
|
22
|
+
| Factor | Push-based | Pull-based (GitOps) |
|
|
23
|
+
|--------|-----------|-------------------|
|
|
24
|
+
| **Setup complexity** | Lower | Higher initial setup |
|
|
25
|
+
| **Cluster credentials** | CI needs them | Only operator needs them |
|
|
26
|
+
| **Drift detection** | None | Automatic |
|
|
27
|
+
| **Self-healing** | None | Operator reverts manual changes |
|
|
28
|
+
| **Audit trail** | CI logs | Git history (stronger) |
|
|
29
|
+
| **Multi-cluster** | Duplicated CI jobs | Native support |
|
|
30
|
+
|
|
31
|
+
**When push-based is fine:** Single cluster, single environment, small team, no compliance requirements. See `cicd-pipeline` for push-based patterns.
|
|
32
|
+
|
|
33
|
+
**When GitOps is worth it:** Multiple environments, compliance/audit needs, multi-cluster, or you want drift detection and self-healing.
|
|
34
|
+
|
|
35
|
+
## Step 2: Design Cross-Repo Triggers
|
|
36
|
+
|
|
37
|
+
The critical bridge: when an app repo builds a new image, the deployment repo must be updated. This is the most common source of friction in GitOps setups.
|
|
38
|
+
|
|
39
|
+
**Pattern A: Automated PR via GitHub Actions `repository_dispatch`**
|
|
40
|
+
|
|
41
|
+
App repo CI triggers a workflow in the deployment repo:
|
|
42
|
+
|
|
43
|
+
```yaml
|
|
44
|
+
# In app repo: .github/workflows/release.yml
|
|
45
|
+
- name: Trigger deployment repo update
|
|
46
|
+
uses: peter-evans/repository-dispatch@v3
|
|
47
|
+
with:
|
|
48
|
+
token: ${{ secrets.DEPLOY_REPO_TOKEN }}
|
|
49
|
+
repository: org/deployment-repo
|
|
50
|
+
event-type: version-bump
|
|
51
|
+
client-payload: |
|
|
52
|
+
{
|
|
53
|
+
"service": "user-service",
|
|
54
|
+
"version": "v1.8.0",
|
|
55
|
+
"image": "ghcr.io/org/user-service:v1.8.0"
|
|
56
|
+
}
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
```yaml
|
|
60
|
+
# In deployment repo: .github/workflows/version-bump.yml
|
|
61
|
+
on:
|
|
62
|
+
repository_dispatch:
|
|
63
|
+
types: [version-bump]
|
|
64
|
+
|
|
65
|
+
jobs:
|
|
66
|
+
update-version:
|
|
67
|
+
steps:
|
|
68
|
+
- uses: actions/checkout@v4
|
|
69
|
+
- name: Update versions.yaml
|
|
70
|
+
run: |
|
|
71
|
+
yq e ".services.${{ github.event.client_payload.service }}.version = \"${{ github.event.client_payload.version }}\"" \
|
|
72
|
+
-i environments/dev/versions.yaml
|
|
73
|
+
- name: Create PR
|
|
74
|
+
uses: peter-evans/create-pull-request@v6
|
|
75
|
+
with:
|
|
76
|
+
title: "bump ${{ github.event.client_payload.service }} to ${{ github.event.client_payload.version }}"
|
|
77
|
+
branch: "bump/${{ github.event.client_payload.service }}-${{ github.event.client_payload.version }}"
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
**Pattern B: Renovate / Dependabot for image tags**
|
|
81
|
+
|
|
82
|
+
Configure Renovate to watch container registries and create PRs when new tags appear:
|
|
83
|
+
|
|
84
|
+
```json
|
|
85
|
+
{
|
|
86
|
+
"packageRules": [
|
|
87
|
+
{
|
|
88
|
+
"matchDatasources": ["docker"],
|
|
89
|
+
"matchPackagePatterns": ["ghcr.io/org/*"],
|
|
90
|
+
"automerge": false,
|
|
91
|
+
"labels": ["version-bump"]
|
|
92
|
+
}
|
|
93
|
+
]
|
|
94
|
+
}
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
**Pattern C: GitLab CI downstream pipeline**
|
|
98
|
+
|
|
99
|
+
```yaml
|
|
100
|
+
# In app repo: .gitlab-ci.yml
|
|
101
|
+
trigger-deployment:
|
|
102
|
+
stage: deploy
|
|
103
|
+
trigger:
|
|
104
|
+
project: org/deployment-repo
|
|
105
|
+
branch: main
|
|
106
|
+
strategy: depend
|
|
107
|
+
variables:
|
|
108
|
+
SERVICE_NAME: user-service
|
|
109
|
+
SERVICE_VERSION: $CI_COMMIT_TAG
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
**Recommendation:** Pattern A (repository_dispatch + PR) for most teams. It creates an auditable PR, allows contract tests to run before merge, and doesn't require additional tooling. Use Pattern B (Renovate) if you want fully automated version tracking without custom workflows.
|
|
113
|
+
|
|
114
|
+
## Step 3: Configure the GitOps Operator
|
|
115
|
+
|
|
116
|
+
### ArgoCD Setup
|
|
117
|
+
|
|
118
|
+
**Application per service per environment:**
|
|
119
|
+
|
|
120
|
+
```yaml
|
|
121
|
+
# argocd/staging/user-service.yaml
|
|
122
|
+
apiVersion: argoproj.io/v1alpha1
|
|
123
|
+
kind: Application
|
|
124
|
+
metadata:
|
|
125
|
+
name: user-service-staging
|
|
126
|
+
namespace: argocd
|
|
127
|
+
labels:
|
|
128
|
+
environment: staging
|
|
129
|
+
service: user-service
|
|
130
|
+
spec:
|
|
131
|
+
project: default
|
|
132
|
+
source:
|
|
133
|
+
repoURL: https://github.com/org/deployment-repo
|
|
134
|
+
targetRevision: main
|
|
135
|
+
path: helm/user-service
|
|
136
|
+
helm:
|
|
137
|
+
valueFiles:
|
|
138
|
+
- ../../environments/staging/user-service-values.yaml
|
|
139
|
+
destination:
|
|
140
|
+
server: https://kubernetes.default.svc
|
|
141
|
+
namespace: staging
|
|
142
|
+
syncPolicy:
|
|
143
|
+
automated: # Auto-sync for staging
|
|
144
|
+
prune: true # Remove resources not in Git
|
|
145
|
+
selfHeal: true # Revert manual changes
|
|
146
|
+
syncOptions:
|
|
147
|
+
- CreateNamespace=true
|
|
148
|
+
retry:
|
|
149
|
+
limit: 3
|
|
150
|
+
backoff:
|
|
151
|
+
duration: 5s
|
|
152
|
+
factor: 2
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
**Production — manual sync with approval:**
|
|
156
|
+
|
|
157
|
+
```yaml
|
|
158
|
+
# argocd/production/user-service.yaml
|
|
159
|
+
spec:
|
|
160
|
+
syncPolicy: {} # No automated sync — requires manual sync or CI trigger
|
|
161
|
+
# Add sync windows to restrict when syncs can happen:
|
|
162
|
+
syncPolicy:
|
|
163
|
+
syncOptions:
|
|
164
|
+
- CreateNamespace=true
|
|
165
|
+
# Sync windows defined in the ArgoCD project
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
**App of Apps pattern (manage all Applications as a single unit):**
|
|
169
|
+
|
|
170
|
+
```yaml
|
|
171
|
+
apiVersion: argoproj.io/v1alpha1
|
|
172
|
+
kind: Application
|
|
173
|
+
metadata:
|
|
174
|
+
name: platform-staging
|
|
175
|
+
spec:
|
|
176
|
+
source:
|
|
177
|
+
repoURL: https://github.com/org/deployment-repo
|
|
178
|
+
path: argocd/staging # Directory containing all Application YAMLs
|
|
179
|
+
destination:
|
|
180
|
+
server: https://kubernetes.default.svc
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
**Sync waves (control deployment order):**
|
|
184
|
+
|
|
185
|
+
```yaml
|
|
186
|
+
# Database migration job runs first (wave 0), then services (wave 1), then ingress (wave 2)
|
|
187
|
+
metadata:
|
|
188
|
+
annotations:
|
|
189
|
+
argocd.argoproj.io/sync-wave: "0" # Lower runs first
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
### Flux Setup
|
|
193
|
+
|
|
194
|
+
```yaml
|
|
195
|
+
# flux/staging/kustomization.yaml
|
|
196
|
+
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
197
|
+
kind: Kustomization
|
|
198
|
+
metadata:
|
|
199
|
+
name: staging-apps
|
|
200
|
+
namespace: flux-system
|
|
201
|
+
spec:
|
|
202
|
+
interval: 5m
|
|
203
|
+
sourceRef:
|
|
204
|
+
kind: GitRepository
|
|
205
|
+
name: deployment-repo
|
|
206
|
+
path: ./overlays/staging
|
|
207
|
+
prune: true
|
|
208
|
+
healthChecks:
|
|
209
|
+
- apiVersion: apps/v1
|
|
210
|
+
kind: Deployment
|
|
211
|
+
name: user-service
|
|
212
|
+
namespace: staging
|
|
213
|
+
timeout: 3m
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
**Flux image automation (auto-update image tags):**
|
|
217
|
+
|
|
218
|
+
```yaml
|
|
219
|
+
apiVersion: image.toolkit.fluxcd.io/v1beta2
|
|
220
|
+
kind: ImagePolicy
|
|
221
|
+
metadata:
|
|
222
|
+
name: user-service
|
|
223
|
+
spec:
|
|
224
|
+
imageRepositoryRef:
|
|
225
|
+
name: user-service
|
|
226
|
+
policy:
|
|
227
|
+
semver:
|
|
228
|
+
range: ">=1.0.0"
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
See [references/gitops-patterns.md](references/gitops-patterns.md) for complete manifests and [templates/gitops-config.md](templates/gitops-config.md) for ready-to-use templates.
|
|
232
|
+
|
|
233
|
+
## Step 4: Implement Progressive Delivery
|
|
234
|
+
|
|
235
|
+
Layer progressive delivery on top of GitOps for safer production rollouts. This step is optional for lightweight setups but critical at scale.
|
|
236
|
+
|
|
237
|
+
**Argo Rollouts (works with ArgoCD):**
|
|
238
|
+
|
|
239
|
+
```yaml
|
|
240
|
+
apiVersion: argoproj.io/v1alpha1
|
|
241
|
+
kind: Rollout
|
|
242
|
+
metadata:
|
|
243
|
+
name: user-service
|
|
244
|
+
spec:
|
|
245
|
+
strategy:
|
|
246
|
+
canary:
|
|
247
|
+
steps:
|
|
248
|
+
- setWeight: 10 # Send 10% of traffic to new version
|
|
249
|
+
- pause: { duration: 5m }
|
|
250
|
+
- analysis:
|
|
251
|
+
templates:
|
|
252
|
+
- templateName: success-rate
|
|
253
|
+
- setWeight: 50
|
|
254
|
+
- pause: { duration: 10m }
|
|
255
|
+
- analysis:
|
|
256
|
+
templates:
|
|
257
|
+
- templateName: success-rate
|
|
258
|
+
# Auto-rollback if analysis fails
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
**Analysis template (gate on metrics):**
|
|
262
|
+
|
|
263
|
+
```yaml
|
|
264
|
+
apiVersion: argoproj.io/v1alpha1
|
|
265
|
+
kind: AnalysisTemplate
|
|
266
|
+
metadata:
|
|
267
|
+
name: success-rate
|
|
268
|
+
spec:
|
|
269
|
+
metrics:
|
|
270
|
+
- name: success-rate
|
|
271
|
+
interval: 1m
|
|
272
|
+
successCondition: result[0] >= 0.99
|
|
273
|
+
provider:
|
|
274
|
+
prometheus:
|
|
275
|
+
address: http://prometheus:9090
|
|
276
|
+
query: |
|
|
277
|
+
sum(rate(http_requests_total{service="user-service",status=~"2.."}[5m]))
|
|
278
|
+
/
|
|
279
|
+
sum(rate(http_requests_total{service="user-service"}[5m]))
|
|
280
|
+
```
|
|
281
|
+
|
|
282
|
+
**Flagger (works with Flux):** Similar concept — canary analysis using Prometheus, Datadog, or other metrics providers. Flagger automatically manages the canary/primary services and traffic splitting.
|
|
283
|
+
|
|
284
|
+
**When to skip progressive delivery:** Dev and staging environments (just deploy directly). Small teams with low traffic. Services with comprehensive E2E tests that catch issues before deploy.
|
|
285
|
+
|
|
286
|
+
## Step 5: Validate End-to-End
|
|
287
|
+
|
|
288
|
+
Test the full GitOps pipeline:
|
|
289
|
+
|
|
290
|
+
- [ ] **Trigger flow**: Merge a change in an app repo -> verify a PR appears in the deployment repo
|
|
291
|
+
- [ ] **Contract validation**: The deployment repo PR CI runs contract tests against the new version combination
|
|
292
|
+
- [ ] **GitOps sync**: After merging the deployment repo PR, the operator detects the change and syncs
|
|
293
|
+
- [ ] **Health checks**: The operator reports healthy status after sync
|
|
294
|
+
- [ ] **Drift detection**: Manually modify a resource in the cluster -> verify the operator reverts it
|
|
295
|
+
- [ ] **Rollback**: Revert a commit in the deployment repo -> verify the operator rolls back the cluster
|
|
296
|
+
- [ ] **Sync windows** (if configured): Verify syncs are blocked outside allowed windows
|
|
297
|
+
- [ ] **Progressive delivery** (if configured): Verify canary analysis runs and gates promotion
|
|
298
|
+
|
|
299
|
+
**Monitoring the GitOps pipeline:**
|
|
300
|
+
- ArgoCD: Built-in UI shows sync status, health, and history per Application
|
|
301
|
+
- Flux: `flux get kustomizations` shows reconciliation status
|
|
302
|
+
- Both: Export metrics to Prometheus for alerting on sync failures
|
|
303
|
+
|
|
304
|
+
## Principles Applied
|
|
305
|
+
|
|
306
|
+
- **Git is the source of truth**: If it's not in Git, it doesn't exist. No `kubectl edit` in production, no manual Helm upgrades.
|
|
307
|
+
- **Pull over push**: The cluster pulls desired state from Git rather than CI pushing to the cluster. This inverts the security model — the cluster needs Git read access, not the other way around.
|
|
308
|
+
- **KISS**: Start with a single ArgoCD Application per environment. Add App of Apps, sync waves, and progressive delivery as complexity demands.
|
|
309
|
+
- **YAGNI**: Don't set up Argo Rollouts for a service with 10 requests per minute. Don't configure multi-cluster GitOps for a single cluster.
|
|
310
|
+
- **Declarative over imperative**: Define the desired state, let the operator figure out how to get there. Avoid custom sync scripts.
|
|
311
|
+
|
|
312
|
+
## Cross-Skill References
|
|
313
|
+
|
|
314
|
+
- `deployment-repo` — the Git repository that the GitOps operator watches; design the repo structure first
|
|
315
|
+
- `cicd-pipeline` — cross-repo trigger pipelines that update the deployment repo on new builds
|
|
316
|
+
- `rollback-strategy` — in GitOps, rollback = revert a Git commit; the operator handles the rest
|
|
317
|
+
- `observability-design` — metrics and dashboards for monitoring sync status, drift, and progressive delivery analysis
|
|
318
|
+
- `containerization` — Helm chart structure and Kustomize overlay patterns used by the operator
|
|
319
|
+
- `infrastructure-as-code` — Terraform for cluster and infrastructure provisioning (separate from app deployment)
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "gitops-delivery",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "We have a deployment repo with Helm charts for our 5 services. We want to set up ArgoCD to automatically deploy to our staging cluster when the deployment repo is updated, but require manual sync for production. How should we configure this?",
|
|
7
|
+
"expected_output": "Should create ArgoCD Application resources per service per environment, with automated sync policy for staging and no automated sync for production. Should include health checks, sync waves if ordering matters, and RBAC considerations.",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Creates ArgoCD Application manifests for each service in staging with automated sync (prune + selfHeal)",
|
|
10
|
+
"Creates ArgoCD Application manifests for production WITHOUT automated sync",
|
|
11
|
+
"Uses the deployment repo as the source (repoURL points to the deployment repo)",
|
|
12
|
+
"Configures per-environment value files (staging vs production Helm values)",
|
|
13
|
+
"Includes health checks in sync policy",
|
|
14
|
+
"Recommends App of Apps pattern for managing all Applications as a unit",
|
|
15
|
+
"References deployment-repo for the repo structure itself"
|
|
16
|
+
]
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
"id": 2,
|
|
20
|
+
"prompt": "Our app repo CI builds a Docker image and pushes it to GHCR. How do I automatically update the deployment repo when a new image is built?",
|
|
21
|
+
"expected_output": "Should present cross-repo trigger patterns with concrete workflow YAML, recommending the PR-based approach for auditability.",
|
|
22
|
+
"assertions": [
|
|
23
|
+
"Presents at least 2 cross-repo trigger patterns (repository_dispatch + PR, Renovate, or similar)",
|
|
24
|
+
"Recommends the pattern that creates a PR (not direct push) for auditability",
|
|
25
|
+
"Shows concrete GitHub Actions workflow YAML for both the app repo trigger and deployment repo receiver",
|
|
26
|
+
"Explains that the deployment repo PR triggers contract/E2E tests before merge",
|
|
27
|
+
"Does not assume the user already has ArgoCD — the trigger pattern works regardless of the delivery mechanism"
|
|
28
|
+
]
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"id": 3,
|
|
32
|
+
"prompt": "Should I use ArgoCD or just keep deploying from our CI pipeline with kubectl apply? We have a single Kubernetes cluster and 3 services.",
|
|
33
|
+
"expected_output": "Should present an honest trade-off analysis rather than assuming GitOps is always the answer. Should help the user decide based on their scale and needs.",
|
|
34
|
+
"assertions": [
|
|
35
|
+
"Does NOT assume GitOps is always the right answer",
|
|
36
|
+
"Presents trade-offs: setup complexity vs. drift detection, audit trail, self-healing",
|
|
37
|
+
"Acknowledges that push-based (kubectl apply from CI) is simpler and may be sufficient for this scale",
|
|
38
|
+
"Identifies signals that would make GitOps worth it (compliance, multi-env, drift concerns)",
|
|
39
|
+
"References cicd-pipeline for push-based deployment patterns if that's the better fit",
|
|
40
|
+
"References deployment-repo regardless — version pinning is valuable even without GitOps operators"
|
|
41
|
+
]
|
|
42
|
+
}
|
|
43
|
+
]
|
|
44
|
+
}
|