DiscordSign up
SKILLS.SH

ci-cd-best-practices

Comprehensive CI/CD pipeline design, testing strategies, deployment patterns, and DevOps best practices. Covers five core pipeline stages: build, test, security scanning, staging deployment, and production deployment with examples for each Includes four deployment strategies: blue-green, canary, rolling, and feature flags for zero-downtime releases and gradual rollouts Provides testing pyramid guidance with unit, integration, and end-to-end test layers, plus parallelization and flaky test handling techniques Addresses security throughout the pipeline: secrets management, SAST/DAST scanning, dependency checking, and access controls Covers environment management, infrastructure as code, caching optimization, monitoring metrics, and rollback procedures

INSTALLATION
npx skills add https://github.com/mindrally/skills --skill ci-cd-best-practices
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

CI/CD Best Practices

You are an expert in Continuous Integration and Continuous Deployment, following industry best practices for automated pipelines, testing strategies, deployment patterns, and DevOps workflows.

Core Principles

  • Automate everything that can be automated
  • Fail fast with quick feedback loops
  • Build once, deploy many times
  • Implement infrastructure as code
  • Practice continuous improvement
  • Maintain security at every stage

Pipeline Design

Pipeline Stages

A typical CI/CD pipeline includes these stages:

Build -> Test -> Security -> Deploy (Staging) -> Deploy (Production)

#### 1. Build Stage

build:

  stage: build

  script:

    - npm ci --prefer-offline

    - npm run build

  artifacts:

    paths:

      - dist/

    expire_in: 1 day

  cache:

    key: ${CI_COMMIT_REF_SLUG}

    paths:

      - node_modules/

Best practices:

  • Use dependency caching to speed up builds
  • Generate build artifacts for downstream stages
  • Pin dependency versions for reproducibility
  • Use multi-stage Docker builds for smaller images

#### 2. Test Stage

test:

  stage: test

  parallel:

    matrix:

      - TEST_TYPE: [unit, integration, e2e]

  script:

    - npm run test:${TEST_TYPE}

  coverage: '/Coverage: \d+\.\d+%/'

  artifacts:

    reports:

      junit: test-results.xml

      coverage_report:

        coverage_format: cobertura

        path: coverage/cobertura-coverage.xml

Testing layers:

  • Unit tests: Fast, isolated, run on every commit
  • Integration tests: Test component interactions
  • End-to-end tests: Validate user workflows
  • Performance tests: Check for regressions

#### 3. Security Stage

security:

  stage: security

  parallel:

    matrix:

      - SCAN_TYPE: [sast, dependency, secrets]

  script:

    - ./security-scan.sh ${SCAN_TYPE}

  allow_failure: false

Security scanning types:

  • SAST: Static Application Security Testing
  • DAST: Dynamic Application Security Testing
  • Dependency scanning: Check for vulnerable packages
  • Secret detection: Find leaked credentials
  • Container scanning: Analyze Docker images

#### 4. Deploy Stage

deploy:staging:

  stage: deploy

  environment:

    name: staging

    url: https://staging.example.com

  script:

    - ./deploy.sh staging

  rules:

    - if: $CI_COMMIT_BRANCH == "develop"

deploy:production:

  stage: deploy

  environment:

    name: production

    url: https://example.com

  script:

    - ./deploy.sh production

  rules:

    - if: $CI_COMMIT_BRANCH == "main"

      when: manual

Deployment Strategies

Blue-Green Deployment

Maintain two identical environments:

deploy:blue-green:

  script:

    - ./deploy-to-inactive.sh

    - ./run-smoke-tests.sh

    - ./switch-traffic.sh

    - ./cleanup-old-environment.sh

Benefits:

  • Zero-downtime deployments
  • Easy rollback by switching traffic back
  • Full testing in production-like environment

Canary Deployment

Gradually roll out to subset of users:

deploy:canary:

  script:

    - ./deploy-canary.sh --percentage=5

    - ./monitor-metrics.sh --duration=30m

    - ./deploy-canary.sh --percentage=25

    - ./monitor-metrics.sh --duration=30m

    - ./deploy-canary.sh --percentage=100

Canary stages:

  • Deploy to 5% of traffic
  • Monitor error rates and latency
  • Gradually increase if metrics are healthy
  • Full rollout or rollback based on data

Rolling Deployment

Update instances incrementally:

deploy:rolling:

  script:

    - kubectl rollout restart deployment/app

    - kubectl rollout status deployment/app --timeout=5m

Configuration:

  • Set maxUnavailable and maxSurge
  • Health checks determine rollout pace
  • Automatic rollback on failure

Feature Flags

Decouple deployment from release:

// Feature flag implementation

if (featureFlags.isEnabled('new-checkout')) {

  return <NewCheckout />;

} else {

  return <LegacyCheckout />;

}

Benefits:

  • Deploy disabled features to production
  • Gradual feature rollout
  • A/B testing capabilities
  • Quick feature disable without deployment

Environment Management

Environment Hierarchy

Development -> Testing -> Staging -> Production

Each environment should:

  • Mirror production as closely as possible
  • Have isolated data and secrets
  • Use infrastructure as code

Environment Variables

variables:

  # Global variables

  APP_NAME: my-app

# Environment-specific

.staging:

  variables:

    ENV: staging

    API_URL: https://api.staging.example.com

.production:

  variables:

    ENV: production

    API_URL: https://api.example.com

Best practices:

  • Never hardcode secrets
  • Use secret management (Vault, AWS Secrets Manager)
  • Separate configuration from code
  • Document all required variables

Infrastructure as Code

# Terraform example

resource "aws_ecs_service" "app" {

  name            = var.app_name

  cluster         = aws_ecs_cluster.main.id

  task_definition = aws_ecs_task_definition.app.arn

  desired_count   = var.environment == "production" ? 3 : 1

  deployment_configuration {

    maximum_percent         = 200

    minimum_healthy_percent = 100

  }

}

Testing Strategies

Test Pyramid

/\

       /  \      E2E Tests (Few)

      /----\

     /      \    Integration Tests (Some)

    /--------\

   /          \  Unit Tests (Many)

  --------------

Test Parallelization

test:

  parallel: 4

  script:

    - npm test -- --shard=$CI_NODE_INDEX/$CI_NODE_TOTAL

Test Data Management

  • Use fixtures for consistent test data
  • Reset database state between tests
  • Use factories for dynamic test data
  • Avoid production data in tests

Flaky Test Handling

test:

  retry:

    max: 2

    when:

      - runner_system_failure

      - stuck_or_timeout_failure

Strategies:

  • Quarantine flaky tests
  • Add retry logic for known issues
  • Investigate and fix root causes
  • Track flaky test metrics

Monitoring and Observability

Pipeline Metrics

Track these metrics:

  • Lead time: Commit to production duration
  • Deployment frequency: How often you deploy
  • Change failure rate: Percentage of failed deployments
  • Mean time to recovery: Time to fix failures

Health Checks

deploy:

  script:

    - ./deploy.sh

    - ./wait-for-healthy.sh --timeout=300

    - ./run-smoke-tests.sh

Implement:

  • Readiness probes
  • Liveness probes
  • Startup probes
  • Smoke tests post-deployment

Alerting

notify:failure:

  stage: notify

  script:

    - ./send-alert.sh --channel=deployments --status=failed

  when: on_failure

notify:success:

  stage: notify

  script:

    - ./send-notification.sh --channel=deployments --status=success

  when: on_success

Security in CI/CD

Secrets Management

# Use CI/CD secret variables

deploy:

  script:

    - echo "$DEPLOY_KEY" | base64 -d > deploy_key

    - chmod 600 deploy_key

    - ./deploy.sh

  after_script:

    - rm -f deploy_key

Best practices:

  • Rotate secrets regularly
  • Use short-lived credentials
  • Audit secret access
  • Never log secrets

Pipeline Security

# Restrict who can run production deploys

deploy:production:

  rules:

    - if: $CI_COMMIT_BRANCH == "main"

      when: manual

      allow_failure: false

  environment:

    name: production

    deployment_tier: production

Controls:

  • Branch protection rules
  • Required approvals
  • Audit logging
  • Signed commits

Dependency Security

dependency_check:

  script:

    - npm audit --audit-level=high

    - ./check-licenses.sh

  allow_failure: false

Optimization Techniques

Caching

cache:

  key:

    files:

      - package-lock.json

  paths:

    - node_modules/

  policy: pull-push

Cache strategies:

  • Cache dependencies between runs
  • Use content-based cache keys
  • Separate cache per branch
  • Clean stale caches periodically

Parallelization

stages:

  - build

  - test

  - deploy

# Run tests in parallel

test:unit:

  stage: test

  script: npm run test:unit

test:integration:

  stage: test

  script: npm run test:integration

test:e2e:

  stage: test

  script: npm run test:e2e

Artifact Management

build:

  artifacts:

    paths:

      - dist/

    expire_in: 1 week

    when: on_success

Best practices:

  • Set appropriate expiration
  • Only store necessary artifacts
  • Use artifact compression
  • Clean up old artifacts

Rollback Strategies

Automatic Rollback

deploy:

  script:

    - ./deploy.sh

    - ./health-check.sh || ./rollback.sh

Manual Rollback

rollback:

  stage: deploy

  when: manual

  script:

    - ./get-previous-version.sh

    - ./deploy.sh --version=$PREVIOUS_VERSION

Database Rollbacks

  • Use reversible migrations
  • Test rollback procedures
  • Consider data compatibility
  • Have backup restoration process

Documentation

Pipeline Documentation

Document in your repository:

  • Pipeline stages and their purpose
  • Required environment variables
  • Deployment procedures
  • Troubleshooting guides
  • Rollback procedures

Runbooks

Create runbooks for:

  • Deployment failures
  • Rollback procedures
  • Environment setup
  • Incident response

Continuous Improvement

Metrics to Track

  • Build success rate
  • Average build time
  • Test coverage trends
  • Deployment frequency
  • Incident frequency

Regular Reviews

  • Weekly pipeline performance review
  • Monthly security assessment
  • Quarterly process improvement
  • Annual tooling evaluation
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card