swe-workflow-skills 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +144 -0
  3. package/VERSION +1 -0
  4. package/bin/cli.mjs +44 -0
  5. package/catalog.json +225 -0
  6. package/commands/role.md +34 -0
  7. package/hooks/session-start.mjs +118 -0
  8. package/install.mjs +318 -0
  9. package/package.json +47 -0
  10. package/roles.json +194 -0
  11. package/scripts/resolve.mjs +296 -0
  12. package/skills/accessibility-design/SKILL.md +128 -0
  13. package/skills/accessibility-design/evals/evals.json +51 -0
  14. package/skills/accessibility-design/references/accessibility-patterns.md +321 -0
  15. package/skills/api-design/SKILL.md +144 -0
  16. package/skills/api-design/evals/evals.json +48 -0
  17. package/skills/api-design/references/rest-conventions.md +147 -0
  18. package/skills/api-design/templates/api-spec.md +156 -0
  19. package/skills/architecture-design/SKILL.md +86 -0
  20. package/skills/architecture-design/evals/evals.json +44 -0
  21. package/skills/architecture-design/references/clean-architecture.md +147 -0
  22. package/skills/architecture-design/references/component-principles.md +129 -0
  23. package/skills/architecture-design/references/principles.md +81 -0
  24. package/skills/architecture-design/references/solid-principles.md +106 -0
  25. package/skills/architecture-design/templates/adr.md +63 -0
  26. package/skills/architecture-documentation/SKILL.md +126 -0
  27. package/skills/architecture-documentation/evals/evals.json +44 -0
  28. package/skills/architecture-documentation/references/abstraction-levels.md +91 -0
  29. package/skills/architecture-documentation/references/diagram-tooling.md +141 -0
  30. package/skills/architecture-documentation/templates/architecture-doc.md +171 -0
  31. package/skills/bug-investigating/SKILL.md +133 -0
  32. package/skills/bug-investigating/evals/evals.json +56 -0
  33. package/skills/bug-investigating/references/common-bugs.md +62 -0
  34. package/skills/bug-investigating/references/debugging-patterns.md +94 -0
  35. package/skills/cicd-pipeline/SKILL.md +87 -0
  36. package/skills/cicd-pipeline/evals/evals.json +34 -0
  37. package/skills/cicd-pipeline/references/pipeline-patterns.md +206 -0
  38. package/skills/cicd-pipeline/templates/github-actions.md +206 -0
  39. package/skills/code-reviewing/SKILL.md +92 -0
  40. package/skills/code-reviewing/evals/evals.json +62 -0
  41. package/skills/code-reviewing/references/error-handling.md +108 -0
  42. package/skills/code-reviewing/references/review-checklist.md +144 -0
  43. package/skills/configuration-strategy/SKILL.md +109 -0
  44. package/skills/configuration-strategy/evals/evals.json +41 -0
  45. package/skills/configuration-strategy/references/config-patterns.md +161 -0
  46. package/skills/containerization/SKILL.md +90 -0
  47. package/skills/containerization/evals/evals.json +36 -0
  48. package/skills/containerization/references/dockerfile-patterns.md +168 -0
  49. package/skills/containerization/templates/dockerfile.md +154 -0
  50. package/skills/data-modeling/SKILL.md +83 -0
  51. package/skills/data-modeling/evals/evals.json +43 -0
  52. package/skills/data-modeling/references/conventions.md +57 -0
  53. package/skills/data-modeling/templates/schema.md +120 -0
  54. package/skills/dependency-impact-analysis/SKILL.md +113 -0
  55. package/skills/dependency-impact-analysis/evals/evals.json +41 -0
  56. package/skills/dependency-impact-analysis/references/impact-patterns.md +150 -0
  57. package/skills/dependency-management/SKILL.md +161 -0
  58. package/skills/dependency-management/evals/evals.json +48 -0
  59. package/skills/dependency-management/references/evaluation-checklist.md +127 -0
  60. package/skills/deployment-checklist/SKILL.md +132 -0
  61. package/skills/deployment-checklist/evals/evals.json +58 -0
  62. package/skills/deployment-checklist/references/pre-deploy-gates.md +91 -0
  63. package/skills/deployment-repo/SKILL.md +190 -0
  64. package/skills/deployment-repo/evals/evals.json +44 -0
  65. package/skills/deployment-repo/references/deployment-repo-patterns.md +258 -0
  66. package/skills/deployment-repo/references/version-compatibility.md +227 -0
  67. package/skills/deployment-repo/templates/deployment-repo-structure.md +226 -0
  68. package/skills/effort-estimation/SKILL.md +95 -0
  69. package/skills/effort-estimation/evals/evals.json +32 -0
  70. package/skills/effort-estimation/references/estimation-methods.md +154 -0
  71. package/skills/feature-planning/SKILL.md +84 -0
  72. package/skills/feature-planning/evals/evals.json +44 -0
  73. package/skills/feature-planning/templates/plan.md +55 -0
  74. package/skills/feature-planning/templates/task.md +26 -0
  75. package/skills/frontend-architecture/SKILL.md +154 -0
  76. package/skills/frontend-architecture/evals/evals.json +34 -0
  77. package/skills/frontend-architecture/references/component-patterns.md +264 -0
  78. package/skills/frontend-architecture/templates/folder-structure.md +203 -0
  79. package/skills/git-workflow/SKILL.md +127 -0
  80. package/skills/git-workflow/evals/evals.json +44 -0
  81. package/skills/git-workflow/references/conventions.md +142 -0
  82. package/skills/git-workflow/templates/pull-request.md +57 -0
  83. package/skills/gitops-delivery/SKILL.md +319 -0
  84. package/skills/gitops-delivery/evals/evals.json +44 -0
  85. package/skills/gitops-delivery/references/gitops-patterns.md +478 -0
  86. package/skills/gitops-delivery/templates/gitops-config.md +196 -0
  87. package/skills/incident-response/SKILL.md +130 -0
  88. package/skills/incident-response/evals/evals.json +55 -0
  89. package/skills/incident-response/references/communication-templates.md +134 -0
  90. package/skills/incident-response/references/severity-levels.md +77 -0
  91. package/skills/incident-response/templates/incident-timeline.md +57 -0
  92. package/skills/infrastructure-as-code/SKILL.md +86 -0
  93. package/skills/infrastructure-as-code/evals/evals.json +33 -0
  94. package/skills/infrastructure-as-code/references/iac-patterns.md +179 -0
  95. package/skills/infrastructure-as-code/templates/terraform-module.md +158 -0
  96. package/skills/metrics-and-okrs/SKILL.md +113 -0
  97. package/skills/metrics-and-okrs/evals/evals.json +33 -0
  98. package/skills/metrics-and-okrs/references/metric-catalog.md +90 -0
  99. package/skills/metrics-and-okrs/templates/okr-document.md +61 -0
  100. package/skills/ml-experiment-tracking/SKILL.md +96 -0
  101. package/skills/ml-experiment-tracking/evals/evals.json +32 -0
  102. package/skills/ml-experiment-tracking/references/tracking-tools.md +127 -0
  103. package/skills/ml-model-deployment/SKILL.md +106 -0
  104. package/skills/ml-model-deployment/evals/evals.json +34 -0
  105. package/skills/ml-model-deployment/references/serving-patterns.md +162 -0
  106. package/skills/ml-pipeline-design/SKILL.md +162 -0
  107. package/skills/ml-pipeline-design/evals/evals.json +34 -0
  108. package/skills/ml-pipeline-design/references/pipeline-components.md +174 -0
  109. package/skills/observability-design/SKILL.md +162 -0
  110. package/skills/observability-design/evals/evals.json +52 -0
  111. package/skills/observability-design/references/logging-patterns.md +229 -0
  112. package/skills/observability-design/references/slo-framework.md +151 -0
  113. package/skills/observability-design/templates/slo-document.md +80 -0
  114. package/skills/performance-optimization/SKILL.md +83 -0
  115. package/skills/performance-optimization/evals/evals.json +47 -0
  116. package/skills/performance-optimization/references/bottleneck-patterns.md +256 -0
  117. package/skills/performance-optimization/references/concurrency.md +101 -0
  118. package/skills/prd-writing/SKILL.md +109 -0
  119. package/skills/prd-writing/evals/evals.json +33 -0
  120. package/skills/prd-writing/references/prd-examples.md +132 -0
  121. package/skills/prd-writing/templates/prd.md +71 -0
  122. package/skills/prd-writing/templates/rfc.md +79 -0
  123. package/skills/project-documentation/SKILL.md +104 -0
  124. package/skills/project-documentation/evals/evals.json +48 -0
  125. package/skills/project-documentation/references/contributing-guide.md +100 -0
  126. package/skills/project-documentation/templates/changelog.md +59 -0
  127. package/skills/project-documentation/templates/readme.md +121 -0
  128. package/skills/project-proposal/SKILL.md +90 -0
  129. package/skills/project-proposal/evals/evals.json +31 -0
  130. package/skills/project-proposal/references/proposal-examples.md +140 -0
  131. package/skills/project-proposal/templates/proposal.md +76 -0
  132. package/skills/project-review/SKILL.md +111 -0
  133. package/skills/project-review/evals/evals.json +42 -0
  134. package/skills/refactoring/SKILL.md +90 -0
  135. package/skills/refactoring/evals/evals.json +44 -0
  136. package/skills/refactoring/references/transformations.md +132 -0
  137. package/skills/retrospective/SKILL.md +157 -0
  138. package/skills/retrospective/evals/evals.json +34 -0
  139. package/skills/retrospective/references/facilitation-guide.md +130 -0
  140. package/skills/retrospective/templates/post-mortem.md +121 -0
  141. package/skills/rollback-strategy/SKILL.md +116 -0
  142. package/skills/rollback-strategy/evals/evals.json +55 -0
  143. package/skills/rollback-strategy/references/rollback-patterns.md +125 -0
  144. package/skills/rollback-strategy/templates/rollback-plan.md +69 -0
  145. package/skills/security-audit/SKILL.md +146 -0
  146. package/skills/security-audit/evals/evals.json +66 -0
  147. package/skills/security-audit/references/owasp-top-10.md +167 -0
  148. package/skills/security-audit/templates/security-report.md +79 -0
  149. package/skills/skill-router/SKILL.md +171 -0
  150. package/skills/skill-router/evals/evals.json +39 -0
  151. package/skills/strategic-review/SKILL.md +106 -0
  152. package/skills/strategic-review/evals/evals.json +42 -0
  153. package/skills/strategic-review/templates/full-review-prompt.md +84 -0
  154. package/skills/tdd-workflow/SKILL.md +147 -0
  155. package/skills/tdd-workflow/evals/evals.json +58 -0
  156. package/skills/tdd-workflow/references/test-quality.md +71 -0
  157. package/skills/technical-debt-review/SKILL.md +113 -0
  158. package/skills/technical-debt-review/evals/evals.json +41 -0
  159. package/skills/technical-debt-review/references/debt-taxonomy.md +124 -0
  160. package/skills/technical-debt-review/templates/debt-audit.md +85 -0
  161. package/skills/test-data-strategy/SKILL.md +129 -0
  162. package/skills/test-data-strategy/evals/evals.json +49 -0
  163. package/skills/test-data-strategy/references/data-generation-patterns.md +341 -0
  164. package/skills/test-suite-design/SKILL.md +137 -0
  165. package/skills/test-suite-design/evals/evals.json +69 -0
  166. package/skills/test-suite-design/references/test-infrastructure.md +175 -0
  167. package/skills/test-suite-design/references/testing-pyramid.md +140 -0
  168. package/skills/ui-ux-design/SKILL.md +117 -0
  169. package/skills/ui-ux-design/evals/evals.json +35 -0
  170. package/skills/ui-ux-design/references/interaction-patterns.md +145 -0
  171. package/skills/ui-ux-design/templates/screen-spec.md +97 -0
  172. package/skills/verification-before-completion/SKILL.md +85 -0
  173. package/skills/verification-before-completion/evals/evals.json +53 -0
  174. package/skills/writing-skills/SKILL.md +87 -0
  175. package/skills/writing-skills/evals/evals.json +41 -0
  176. package/skills/writing-skills/references/pressure-testing.md +69 -0
  177. package/uninstall.mjs +182 -0
@@ -0,0 +1,142 @@
1
+ # Git Conventions
2
+
3
+ ## Contents
4
+ - Conventional Commits types
5
+ - Branch naming conventions
6
+ - Commit message examples
7
+ - When to squash vs keep history
8
+ - Interactive rebase patterns
9
+
10
+ ## Conventional Commits Types
11
+
12
+ | Type | When to Use | Triggers Version Bump |
13
+ |------|-------------|----------------------|
14
+ | `feat` | New feature visible to users | Minor (0.X.0) |
15
+ | `fix` | Bug fix | Patch (0.0.X) |
16
+ | `refactor` | Code change that neither fixes a bug nor adds a feature | None |
17
+ | `test` | Adding or correcting tests | None |
18
+ | `docs` | Documentation only changes | None |
19
+ | `chore` | Maintenance (deps, configs, scripts) | None |
20
+ | `perf` | Performance improvement | Patch (0.0.X) |
21
+ | `ci` | CI/CD pipeline changes | None |
22
+ | `build` | Build system or dependency changes | None |
23
+ | `style` | Formatting, whitespace (no logic change) | None |
24
+ | `revert` | Reverts a previous commit | Depends on reverted type |
25
+
26
+ `BREAKING CHANGE:` in the footer bumps the major version (X.0.0) regardless of type.
27
+
28
+ ## Branch Naming Conventions
29
+
30
+ Pattern: `<type>/<short-description>`
31
+
32
+ - `feat/user-notifications` — new feature
33
+ - `fix/login-redirect-loop` — bug fix
34
+ - `refactor/extract-payment-service` — code improvement
35
+ - `docs/api-endpoint-reference` — documentation
36
+ - `chore/upgrade-node-20` — maintenance
37
+ - `hotfix/payment-double-charge` — urgent production fix
38
+ - `release/2.1.0` — release preparation
39
+
40
+ Rules:
41
+ - Lowercase, kebab-case
42
+ - Short but descriptive (3-5 words max)
43
+ - Include ticket number if your team uses one: `feat/PROJ-123-user-notifications`
44
+
45
+ ## Commit Message Examples
46
+
47
+ **Good: Simple feature**
48
+ ```
49
+ feat(auth): add password reset via email
50
+
51
+ Users can now request a password reset link sent to their registered
52
+ email address. The link expires after 1 hour.
53
+
54
+ Closes #234
55
+ ```
56
+
57
+ **Good: Bug fix with context**
58
+ ```
59
+ fix(orders): prevent duplicate charge on retry
60
+
61
+ When a payment API call timed out, the retry logic would create a
62
+ second charge because it didn't check for an existing pending charge.
63
+ Added idempotency key to prevent duplicate transactions.
64
+
65
+ Fixes #456
66
+ ```
67
+
68
+ **Good: Refactoring with rationale**
69
+ ```
70
+ refactor(api): extract validation middleware from controllers
71
+
72
+ Controller files were growing large because each one duplicated
73
+ request validation logic. Extracted shared validation into middleware
74
+ that runs before the controller, reducing average controller size
75
+ by ~40%.
76
+ ```
77
+
78
+ **Good: Breaking change**
79
+ ```
80
+ feat(api): require API key for all endpoints
81
+
82
+ Previously, read-only endpoints were public. Now all endpoints
83
+ require authentication via API key header.
84
+
85
+ BREAKING CHANGE: All API requests must include X-API-Key header.
86
+ Existing integrations will receive 401 until they add the header.
87
+
88
+ Closes #567
89
+ ```
90
+
91
+ **Bad examples and why:**
92
+ ```
93
+ # Too vague — what was updated?
94
+ chore: update stuff
95
+
96
+ # Describes WHAT not WHY — the diff shows what
97
+ fix: change line 42 in user.js
98
+
99
+ # Too many things in one commit
100
+ feat: add login, registration, password reset, and profile page
101
+
102
+ # Useless body that repeats the subject
103
+ fix: fix the bug
104
+ This commit fixes the bug that was reported.
105
+ ```
106
+
107
+ ## When to Squash vs Keep History
108
+
109
+ **Squash into a single commit when:**
110
+ - The branch has "WIP", "fix typo", "oops" commits
111
+ - The intermediate commits are meaningless on their own
112
+ - The change is a single logical unit
113
+
114
+ **Keep multiple commits when:**
115
+ - Each commit represents a meaningful step (e.g., "add migration", "add model", "add API endpoint")
116
+ - The commits tell a useful story about the development process
117
+ - Reviewers might want to review step-by-step
118
+
119
+ **Recommendation**: Default to squash-merge for PRs, unless the author deliberately structured commits for readability.
120
+
121
+ ## Interactive Rebase Patterns
122
+
123
+ Clean up history before requesting review:
124
+
125
+ ```bash
126
+ # Rebase the last N commits
127
+ git rebase -i HEAD~N
128
+
129
+ # In the editor:
130
+ pick abc1234 feat(auth): add login endpoint # keep
131
+ squash def5678 fix typo # fold into previous
132
+ squash ghi9012 WIP # fold into previous
133
+ pick jkl3456 feat(auth): add registration endpoint # keep as separate commit
134
+ drop mno7890 debugging leftovers # delete entirely
135
+ ```
136
+
137
+ Common operations:
138
+ - `pick` — keep the commit as-is
139
+ - `squash` — merge into the previous commit (combine messages)
140
+ - `fixup` — merge into the previous commit (discard this message)
141
+ - `reword` — keep the commit but edit the message
142
+ - `drop` — delete the commit entirely
@@ -0,0 +1,57 @@
1
+ # Pull Request Description Template
2
+
3
+ ```markdown
4
+ ## What
5
+
6
+ [1-2 sentences: what this PR does. Complete the sentence "This PR..."]
7
+
8
+ ## Why
9
+
10
+ [Why is this change needed? Link to issue, task, or feature plan.]
11
+
12
+ Closes #[issue-number]
13
+
14
+ ## How
15
+
16
+ [Brief description of the approach. Highlight key decisions, trade-offs,
17
+ or anything non-obvious about the implementation.]
18
+
19
+ ## Changes
20
+
21
+ [Bullet list of the main changes, grouped logically. Not every file —
22
+ just the meaningful changes.]
23
+
24
+ - Added `OrderService.calculateDiscount()` for percentage-based discounts
25
+ - Updated `Order` model with `discount_code` field and migration
26
+ - Added validation for discount codes in `POST /orders` endpoint
27
+
28
+ ## Testing
29
+
30
+ [How were these changes tested? Be specific.]
31
+
32
+ - Unit tests for discount calculation (including edge cases: 0%, 100%, expired codes)
33
+ - Integration test for the order creation endpoint with discount
34
+ - Manual testing on staging with real Stripe test keys
35
+
36
+ ## Screenshots
37
+
38
+ [For UI changes — before/after. Delete this section if not applicable.]
39
+
40
+ | Before | After |
41
+ |--------|-------|
42
+ | [screenshot] | [screenshot] |
43
+
44
+ ## Checklist
45
+
46
+ - [ ] Tests pass
47
+ - [ ] No linting errors
48
+ - [ ] Documentation updated (if applicable)
49
+ - [ ] Migration is reversible
50
+ - [ ] No hardcoded secrets or environment-specific values
51
+ - [ ] PR is a reasonable size (< 400 lines changed)
52
+
53
+ ## Notes for Reviewers
54
+
55
+ [Optional: anything the reviewer should pay special attention to,
56
+ areas of uncertainty, or questions you have about the approach.]
57
+ ```
@@ -0,0 +1,319 @@
1
+ ---
2
+ name: gitops-delivery
3
+ description: "Design GitOps continuous delivery with ArgoCD or Flux — declarative reconciliation, cross-repo CI/CD triggers, drift detection, progressive delivery. Triggers: ArgoCD, Flux, FluxCD, GitOps, git-based deployment, declarative delivery, auto-sync, drift detection, cross-repo trigger, reconciliation loop, pull-based deployment, canary GitOps."
4
+ model: sonnet
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # GitOps Delivery
9
+
10
+ GitOps makes Git the single source of truth for deployment state. An operator watches a Git repository and continuously reconciles the cluster to match what's declared in Git. The deployment repo defines the desired state — the GitOps operator enforces it.
11
+
12
+ ## Step 1: Choose the GitOps Model
13
+
14
+ **Pull-based (recommended):** An operator running in the cluster watches the deployment repo and applies changes. No CI system needs cluster credentials.
15
+ - **ArgoCD**: Application-centric, strong UI, sync waves for ordering, multi-cluster support
16
+ - **Flux**: Toolkit-based, composable, native Kustomize/Helm support, image automation
17
+
18
+ **Push-based (simpler but less robust):** CI pipeline runs `kubectl apply` or `helm upgrade` after building. Simpler to set up but has drawbacks: CI needs cluster credentials, no drift detection, no self-healing.
19
+
20
+ **Decision guide:**
21
+
22
+ | Factor | Push-based | Pull-based (GitOps) |
23
+ |--------|-----------|-------------------|
24
+ | **Setup complexity** | Lower | Higher initial setup |
25
+ | **Cluster credentials** | CI needs them | Only operator needs them |
26
+ | **Drift detection** | None | Automatic |
27
+ | **Self-healing** | None | Operator reverts manual changes |
28
+ | **Audit trail** | CI logs | Git history (stronger) |
29
+ | **Multi-cluster** | Duplicated CI jobs | Native support |
30
+
31
+ **When push-based is fine:** Single cluster, single environment, small team, no compliance requirements. See `cicd-pipeline` for push-based patterns.
32
+
33
+ **When GitOps is worth it:** Multiple environments, compliance/audit needs, multi-cluster, or you want drift detection and self-healing.
34
+
35
+ ## Step 2: Design Cross-Repo Triggers
36
+
37
+ The critical bridge: when an app repo builds a new image, the deployment repo must be updated. This is the most common source of friction in GitOps setups.
38
+
39
+ **Pattern A: Automated PR via GitHub Actions `repository_dispatch`**
40
+
41
+ App repo CI triggers a workflow in the deployment repo:
42
+
43
+ ```yaml
44
+ # In app repo: .github/workflows/release.yml
45
+ - name: Trigger deployment repo update
46
+ uses: peter-evans/repository-dispatch@v3
47
+ with:
48
+ token: ${{ secrets.DEPLOY_REPO_TOKEN }}
49
+ repository: org/deployment-repo
50
+ event-type: version-bump
51
+ client-payload: |
52
+ {
53
+ "service": "user-service",
54
+ "version": "v1.8.0",
55
+ "image": "ghcr.io/org/user-service:v1.8.0"
56
+ }
57
+ ```
58
+
59
+ ```yaml
60
+ # In deployment repo: .github/workflows/version-bump.yml
61
+ on:
62
+ repository_dispatch:
63
+ types: [version-bump]
64
+
65
+ jobs:
66
+ update-version:
67
+ steps:
68
+ - uses: actions/checkout@v4
69
+ - name: Update versions.yaml
70
+ run: |
71
+ yq e ".services.${{ github.event.client_payload.service }}.version = \"${{ github.event.client_payload.version }}\"" \
72
+ -i environments/dev/versions.yaml
73
+ - name: Create PR
74
+ uses: peter-evans/create-pull-request@v6
75
+ with:
76
+ title: "bump ${{ github.event.client_payload.service }} to ${{ github.event.client_payload.version }}"
77
+ branch: "bump/${{ github.event.client_payload.service }}-${{ github.event.client_payload.version }}"
78
+ ```
79
+
80
+ **Pattern B: Renovate / Dependabot for image tags**
81
+
82
+ Configure Renovate to watch container registries and create PRs when new tags appear:
83
+
84
+ ```json
85
+ {
86
+ "packageRules": [
87
+ {
88
+ "matchDatasources": ["docker"],
89
+ "matchPackagePatterns": ["ghcr.io/org/*"],
90
+ "automerge": false,
91
+ "labels": ["version-bump"]
92
+ }
93
+ ]
94
+ }
95
+ ```
96
+
97
+ **Pattern C: GitLab CI downstream pipeline**
98
+
99
+ ```yaml
100
+ # In app repo: .gitlab-ci.yml
101
+ trigger-deployment:
102
+ stage: deploy
103
+ trigger:
104
+ project: org/deployment-repo
105
+ branch: main
106
+ strategy: depend
107
+ variables:
108
+ SERVICE_NAME: user-service
109
+ SERVICE_VERSION: $CI_COMMIT_TAG
110
+ ```
111
+
112
+ **Recommendation:** Pattern A (repository_dispatch + PR) for most teams. It creates an auditable PR, allows contract tests to run before merge, and doesn't require additional tooling. Use Pattern B (Renovate) if you want fully automated version tracking without custom workflows.
113
+
114
+ ## Step 3: Configure the GitOps Operator
115
+
116
+ ### ArgoCD Setup
117
+
118
+ **Application per service per environment:**
119
+
120
+ ```yaml
121
+ # argocd/staging/user-service.yaml
122
+ apiVersion: argoproj.io/v1alpha1
123
+ kind: Application
124
+ metadata:
125
+ name: user-service-staging
126
+ namespace: argocd
127
+ labels:
128
+ environment: staging
129
+ service: user-service
130
+ spec:
131
+ project: default
132
+ source:
133
+ repoURL: https://github.com/org/deployment-repo
134
+ targetRevision: main
135
+ path: helm/user-service
136
+ helm:
137
+ valueFiles:
138
+ - ../../environments/staging/user-service-values.yaml
139
+ destination:
140
+ server: https://kubernetes.default.svc
141
+ namespace: staging
142
+ syncPolicy:
143
+ automated: # Auto-sync for staging
144
+ prune: true # Remove resources not in Git
145
+ selfHeal: true # Revert manual changes
146
+ syncOptions:
147
+ - CreateNamespace=true
148
+ retry:
149
+ limit: 3
150
+ backoff:
151
+ duration: 5s
152
+ factor: 2
153
+ ```
154
+
155
+ **Production — manual sync with approval:**
156
+
157
+ ```yaml
158
+ # argocd/production/user-service.yaml
159
+ spec:
160
+ syncPolicy: {} # No automated sync — requires manual sync or CI trigger
161
+ # Add sync windows to restrict when syncs can happen:
162
+ syncPolicy:
163
+ syncOptions:
164
+ - CreateNamespace=true
165
+ # Sync windows defined in the ArgoCD project
166
+ ```
167
+
168
+ **App of Apps pattern (manage all Applications as a single unit):**
169
+
170
+ ```yaml
171
+ apiVersion: argoproj.io/v1alpha1
172
+ kind: Application
173
+ metadata:
174
+ name: platform-staging
175
+ spec:
176
+ source:
177
+ repoURL: https://github.com/org/deployment-repo
178
+ path: argocd/staging # Directory containing all Application YAMLs
179
+ destination:
180
+ server: https://kubernetes.default.svc
181
+ ```
182
+
183
+ **Sync waves (control deployment order):**
184
+
185
+ ```yaml
186
+ # Database migration job runs first (wave 0), then services (wave 1), then ingress (wave 2)
187
+ metadata:
188
+ annotations:
189
+ argocd.argoproj.io/sync-wave: "0" # Lower runs first
190
+ ```
191
+
192
+ ### Flux Setup
193
+
194
+ ```yaml
195
+ # flux/staging/kustomization.yaml
196
+ apiVersion: kustomize.toolkit.fluxcd.io/v1
197
+ kind: Kustomization
198
+ metadata:
199
+ name: staging-apps
200
+ namespace: flux-system
201
+ spec:
202
+ interval: 5m
203
+ sourceRef:
204
+ kind: GitRepository
205
+ name: deployment-repo
206
+ path: ./overlays/staging
207
+ prune: true
208
+ healthChecks:
209
+ - apiVersion: apps/v1
210
+ kind: Deployment
211
+ name: user-service
212
+ namespace: staging
213
+ timeout: 3m
214
+ ```
215
+
216
+ **Flux image automation (auto-update image tags):**
217
+
218
+ ```yaml
219
+ apiVersion: image.toolkit.fluxcd.io/v1beta2
220
+ kind: ImagePolicy
221
+ metadata:
222
+ name: user-service
223
+ spec:
224
+ imageRepositoryRef:
225
+ name: user-service
226
+ policy:
227
+ semver:
228
+ range: ">=1.0.0"
229
+ ```
230
+
231
+ See [references/gitops-patterns.md](references/gitops-patterns.md) for complete manifests and [templates/gitops-config.md](templates/gitops-config.md) for ready-to-use templates.
232
+
233
+ ## Step 4: Implement Progressive Delivery
234
+
235
+ Layer progressive delivery on top of GitOps for safer production rollouts. This step is optional for lightweight setups but critical at scale.
236
+
237
+ **Argo Rollouts (works with ArgoCD):**
238
+
239
+ ```yaml
240
+ apiVersion: argoproj.io/v1alpha1
241
+ kind: Rollout
242
+ metadata:
243
+ name: user-service
244
+ spec:
245
+ strategy:
246
+ canary:
247
+ steps:
248
+ - setWeight: 10 # Send 10% of traffic to new version
249
+ - pause: { duration: 5m }
250
+ - analysis:
251
+ templates:
252
+ - templateName: success-rate
253
+ - setWeight: 50
254
+ - pause: { duration: 10m }
255
+ - analysis:
256
+ templates:
257
+ - templateName: success-rate
258
+ # Auto-rollback if analysis fails
259
+ ```
260
+
261
+ **Analysis template (gate on metrics):**
262
+
263
+ ```yaml
264
+ apiVersion: argoproj.io/v1alpha1
265
+ kind: AnalysisTemplate
266
+ metadata:
267
+ name: success-rate
268
+ spec:
269
+ metrics:
270
+ - name: success-rate
271
+ interval: 1m
272
+ successCondition: result[0] >= 0.99
273
+ provider:
274
+ prometheus:
275
+ address: http://prometheus:9090
276
+ query: |
277
+ sum(rate(http_requests_total{service="user-service",status=~"2.."}[5m]))
278
+ /
279
+ sum(rate(http_requests_total{service="user-service"}[5m]))
280
+ ```
281
+
282
+ **Flagger (works with Flux):** Similar concept — canary analysis using Prometheus, Datadog, or other metrics providers. Flagger automatically manages the canary/primary services and traffic splitting.
283
+
284
+ **When to skip progressive delivery:** Dev and staging environments (just deploy directly). Small teams with low traffic. Services with comprehensive E2E tests that catch issues before deploy.
285
+
286
+ ## Step 5: Validate End-to-End
287
+
288
+ Test the full GitOps pipeline:
289
+
290
+ - [ ] **Trigger flow**: Merge a change in an app repo -> verify a PR appears in the deployment repo
291
+ - [ ] **Contract validation**: The deployment repo PR CI runs contract tests against the new version combination
292
+ - [ ] **GitOps sync**: After merging the deployment repo PR, the operator detects the change and syncs
293
+ - [ ] **Health checks**: The operator reports healthy status after sync
294
+ - [ ] **Drift detection**: Manually modify a resource in the cluster -> verify the operator reverts it
295
+ - [ ] **Rollback**: Revert a commit in the deployment repo -> verify the operator rolls back the cluster
296
+ - [ ] **Sync windows** (if configured): Verify syncs are blocked outside allowed windows
297
+ - [ ] **Progressive delivery** (if configured): Verify canary analysis runs and gates promotion
298
+
299
+ **Monitoring the GitOps pipeline:**
300
+ - ArgoCD: Built-in UI shows sync status, health, and history per Application
301
+ - Flux: `flux get kustomizations` shows reconciliation status
302
+ - Both: Export metrics to Prometheus for alerting on sync failures
303
+
304
+ ## Principles Applied
305
+
306
+ - **Git is the source of truth**: If it's not in Git, it doesn't exist. No `kubectl edit` in production, no manual Helm upgrades.
307
+ - **Pull over push**: The cluster pulls desired state from Git rather than CI pushing to the cluster. This inverts the security model — the cluster needs Git read access, not the other way around.
308
+ - **KISS**: Start with a single ArgoCD Application per environment. Add App of Apps, sync waves, and progressive delivery as complexity demands.
309
+ - **YAGNI**: Don't set up Argo Rollouts for a service with 10 requests per minute. Don't configure multi-cluster GitOps for a single cluster.
310
+ - **Declarative over imperative**: Define the desired state, let the operator figure out how to get there. Avoid custom sync scripts.
311
+
312
+ ## Cross-Skill References
313
+
314
+ - `deployment-repo` — the Git repository that the GitOps operator watches; design the repo structure first
315
+ - `cicd-pipeline` — cross-repo trigger pipelines that update the deployment repo on new builds
316
+ - `rollback-strategy` — in GitOps, rollback = revert a Git commit; the operator handles the rest
317
+ - `observability-design` — metrics and dashboards for monitoring sync status, drift, and progressive delivery analysis
318
+ - `containerization` — Helm chart structure and Kustomize overlay patterns used by the operator
319
+ - `infrastructure-as-code` — Terraform for cluster and infrastructure provisioning (separate from app deployment)
@@ -0,0 +1,44 @@
1
+ {
2
+ "skill_name": "gitops-delivery",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "We have a deployment repo with Helm charts for our 5 services. We want to set up ArgoCD to automatically deploy to our staging cluster when the deployment repo is updated, but require manual sync for production. How should we configure this?",
7
+ "expected_output": "Should create ArgoCD Application resources per service per environment, with automated sync policy for staging and no automated sync for production. Should include health checks, sync waves if ordering matters, and RBAC considerations.",
8
+ "assertions": [
9
+ "Creates ArgoCD Application manifests for each service in staging with automated sync (prune + selfHeal)",
10
+ "Creates ArgoCD Application manifests for production WITHOUT automated sync",
11
+ "Uses the deployment repo as the source (repoURL points to the deployment repo)",
12
+ "Configures per-environment value files (staging vs production Helm values)",
13
+ "Includes health checks in sync policy",
14
+ "Recommends App of Apps pattern for managing all Applications as a unit",
15
+ "References deployment-repo for the repo structure itself"
16
+ ]
17
+ },
18
+ {
19
+ "id": 2,
20
+ "prompt": "Our app repo CI builds a Docker image and pushes it to GHCR. How do I automatically update the deployment repo when a new image is built?",
21
+ "expected_output": "Should present cross-repo trigger patterns with concrete workflow YAML, recommending the PR-based approach for auditability.",
22
+ "assertions": [
23
+ "Presents at least 2 cross-repo trigger patterns (repository_dispatch + PR, Renovate, or similar)",
24
+ "Recommends the pattern that creates a PR (not direct push) for auditability",
25
+ "Shows concrete GitHub Actions workflow YAML for both the app repo trigger and deployment repo receiver",
26
+ "Explains that the deployment repo PR triggers contract/E2E tests before merge",
27
+ "Does not assume the user already has ArgoCD — the trigger pattern works regardless of the delivery mechanism"
28
+ ]
29
+ },
30
+ {
31
+ "id": 3,
32
+ "prompt": "Should I use ArgoCD or just keep deploying from our CI pipeline with kubectl apply? We have a single Kubernetes cluster and 3 services.",
33
+ "expected_output": "Should present an honest trade-off analysis rather than assuming GitOps is always the answer. Should help the user decide based on their scale and needs.",
34
+ "assertions": [
35
+ "Does NOT assume GitOps is always the right answer",
36
+ "Presents trade-offs: setup complexity vs. drift detection, audit trail, self-healing",
37
+ "Acknowledges that push-based (kubectl apply from CI) is simpler and may be sufficient for this scale",
38
+ "Identifies signals that would make GitOps worth it (compliance, multi-env, drift concerns)",
39
+ "References cicd-pipeline for push-based deployment patterns if that's the better fit",
40
+ "References deployment-repo regardless — version pinning is valuable even without GitOps operators"
41
+ ]
42
+ }
43
+ ]
44
+ }