What is the cd-pipeline-generator?

A skill that generates GitHub Actions deployment workflows for automated deployments to staging and production across AWS, GCP, and Azure, with templates, approvals, secrets, and rollback features.

How do I configure secrets?

Add required secrets to Settings → Secrets and variables → Actions; use cloud-specific keys such as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION; GCP_PROJECT_ID and GCP_SERVICE_ACCOUNT_KEY; AZURE_CREDENTIALS and AZURE_SUBSCRIPTION_ID.

Where should I place the deployment workflow files?

Place them under .github/workflows (e.g., deploy.yml, deploy-staging.yml, deploy-production.yml) to manage environment-specific deployments.

cd-pipeline-generator

Scanned

npx machina-cli add skill ArabelaTso/Skills-4-SE/cd-pipeline-generator --openclaw

Files (1)

SKILL.md

5.1 KB

CD Pipeline Generator

Overview

Generate production-ready GitHub Actions deployment workflows that automate deployments to staging and production environments with environment protection rules, approval gates, and secrets management.

Workflow

1. Identify Deployment Target

Determine the cloud platform and deployment method:

AWS: ECS, Elastic Beanstalk, EC2, Lambda
GCP: Cloud Run, App Engine, Compute Engine, Cloud Functions
Azure: App Service, Container Instances, Functions

2. Select Template

Use the appropriate template from assets/ based on cloud platform:

deploy-aws.yml - AWS deployments (ECS, Elastic Beanstalk, Lambda)
deploy-gcp.yml - GCP deployments (Cloud Run, App Engine)
deploy-azure.yml - Azure deployments (App Service, Container Instances)

3. Configure Environments

Set up GitHub environment protection rules for staging and production:

Staging environment:

Auto-deploy on merge to main/master
No approval required
Use staging secrets and variables

Production environment:

Manual approval required
Deploy on workflow_dispatch or tag push
Use production secrets and variables
Optional: Restrict to specific branches

4. Configure Secrets

Add required secrets to GitHub repository settings (Settings → Secrets and variables → Actions):

AWS:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION

GCP:

GCP_PROJECT_ID
GCP_SERVICE_ACCOUNT_KEY

Azure:

AZURE_CREDENTIALS
AZURE_SUBSCRIPTION_ID

5. Customize Deployment Steps

Adapt the template to project-specific deployment needs:

Build artifacts: Add build steps before deployment

- name: Build application
  run: npm run build  # or: python -m build, go build, cargo build

Docker images: Build and push container images

- name: Build Docker image
  run: docker build -t $IMAGE_NAME:$TAG .

- name: Push to registry
  run: docker push $IMAGE_NAME:$TAG

Database migrations: Run migrations before deployment

- name: Run migrations
  run: npm run migrate  # or: alembic upgrade head, rails db:migrate

Health checks: Verify deployment success

- name: Health check
  run: curl -f https://$DEPLOYMENT_URL/health || exit 1

6. Set Deployment Triggers

Configure when deployments run:

Staging: Auto-deploy on push to main

on:
  push:
    branches: [main]

Production: Manual trigger or tag-based

on:
  workflow_dispatch:
  push:
    tags:
      - 'v*'

7. Place Workflow File

Create deployment workflow at .github/workflows/deploy.yml. If multiple deployment workflows are needed (e.g., separate staging and production), use descriptive names:

.github/workflows/deploy-staging.yml
.github/workflows/deploy-production.yml

Template Features

All templates include:

Environment separation: Distinct staging and production deployments
Approval gates: Production deployments require manual approval
Secrets management: Secure credential handling via GitHub secrets
Deployment status: Clear success/failure reporting
Rollback support: Easy revert to previous versions
Conditional execution: Deploy only when tests pass

Security Best Practices

Never commit credentials or API keys to the repository
Use GitHub environments to scope secrets appropriately
Enable required reviewers for production deployments
Use OIDC authentication instead of long-lived credentials when possible
Implement deployment windows for production (e.g., business hours only)
Add deployment notifications to Slack/email

Customization Examples

Add deployment notification:

- name: Notify deployment
  if: always()
  uses: 8398a7/action-slack@v3
  with:
    status: ${{ job.status }}
    text: 'Deployment to ${{ github.event.inputs.environment }} ${{ job.status }}'
  env:
    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

Add rollback capability:

- name: Rollback on failure
  if: failure()
  run: |
    echo "Deployment failed, rolling back..."
    # Platform-specific rollback commands

Restrict production deployment time:

- name: Check deployment window
  run: |
    HOUR=$(date +%H)
    if [ $HOUR -lt 9 ] || [ $HOUR -gt 17 ]; then
      echo "Deployments only allowed 9 AM - 5 PM"
      exit 1
    fi

Tips

Start with staging deployments to validate the workflow
Use environment-specific configuration files (e.g., config.staging.json, config.production.json)
Implement blue-green or canary deployments for zero-downtime updates
Add deployment metrics and monitoring
Document rollback procedures in the repository
Test deployment workflows in a separate test environment first

Source

git clone https://github.com/ArabelaTso/Skills-4-SE/blob/main/skills/cd-pipeline-generator/SKILL.mdView on GitHub

Overview

CD Pipeline Generator creates production-ready GitHub Actions workflows that automate deployments to staging and production across AWS, GCP, and Azure. It includes environment-specific templates with approval gates, secrets management, and rollback capabilities to support reliable, risk-controlled releases. Templates are selected from assets and tailored per cloud.

How This Skill Works

Identify the cloud platform and service to deploy (e.g., AWS ECS, GCP Cloud Run, Azure App Service). Then pick the matching template from assets (deploy-aws.yml, deploy-gcp.yml, deploy-azure.yml) and configure environment protections, secrets, and triggers. Finally, tailor build, containerization, migrations, and health checks before saving the workflow under .github/workflows.

When to Use It

When starting a continuous deployment (CD) pipeline for staging and production across AWS, GCP, or Azure.
When you need environment protection rules and manual approvals for production deployments.
When you want to standardize deployment templates with asset-based templates (deploy-aws.yml, deploy-gcp.yml, deploy-azure.yml).
When you need secrets management integrated via GitHub Secrets.
When you want easy rollback support and clear deployment status reporting.

Quick Start

Step 1: Identify deployment target (cloud platform and service).
Step 2: Select the matching template from assets (deploy-aws.yml, deploy-gcp.yml, deploy-azure.yml).
Step 3: Configure environments, add secrets, customize steps, and place the workflow under .github/workflows.

Best Practices

Use separate GitHub environments for staging and production with appropriate protection rules.
Never commit credentials; store them as GitHub Secrets and reference them in workflows.
Require reviewers or approvals for production deployments to enforce governance.
Prefer OIDC-based authentication where possible to minimize long-lived credentials.
Incorporate pre-deployment checks (build, migrations, health checks) and maintain rollback steps.

Example Use Cases

Deploy to AWS ECS using deploy-aws.yml with auto-deploy to staging and a manual-approval prod flow.
Deploy to GCP Cloud Run via deploy-gcp.yml with a production approval gate and secrets for the service.
Deploy to Azure App Service using deploy-azure.yml with a workflow_dispatch trigger for production.
Include database migrations in the deployment steps to ensure schema updates precede user traffic.
Maintain separate workflows (.github/workflows/deploy-staging.yml and deploy-production.yml) for clarity and control.

Frequently Asked Questions

Add this skill to your agents