back
loading skill details...
Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub…
DevOps & Deployment Skill
Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.
Note: If disableSkillShellExecution is enabled (CC 2.1.91), the Docker install check won't run. Verify Docker is available for container operations: docker --version.
Overview
Setting up CI/CD pipelines
Containerizing applications
Deploying to Kubernetes or cloud platforms
Implementing GitOps workflows
Managing infrastructure as code
Planning release strategies
Pipeline Architecture
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Code │──>│ Build │──>│ Test │──>│ Deploy │
│ Commit │ │ & Lint │ │ & Scan │ │ & Release │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
│ │ │ │
v v v v
Triggers Artifacts Reports Monitoring
Key Concepts
CI/CD Pipeline Stages
Lint & Type Check - Code quality gates
Unit Tests - Test coverage with reporting
Security Scan - npm audit + Trivy vulnerability scanner
Build & Push - Docker image to container registry
Deploy Staging - Environment-gated deployment
Deploy Production - Manual approval or automated
Container Best Practices
Multi-stage builds minimize image size:
Stage 1: Install production dependencies only
Stage 2: Build application with dev dependencies
Stage 3: Production runtime with minimal footprint
Security hardening:
Non-root user (uid 1001)
Read-only filesystem where possible
Health checks for orchestrator integration
Kubernetes Deployment
Essential manifests:
Deployment with rolling update strategy
Service for internal routing
Ingress for external access with TLS
HorizontalPodAutoscaler for scaling
Security context:
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
Drop all capabilities
Deployment Strategies
Strategy
Use Case
Risk
Rolling
Default, gradual replacement
Low - automatic rollback
Blue-Green
Instant switch, easy rollback
Medium - double resources
Canary
Progressive traffic shift
Low - gradual exposure
Rolling Update (Kubernetes default):
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0 # Zero downtime
Secrets Management
Use External Secrets Operator to sync from cloud providers:
AWS Secrets Manager
HashiCorp Vault
Azure Key Vault
GCP Secret Manager
References
Docker Patterns
Load: Read("${CLAUDE_SKILL_DIR}/references/docker-patterns.md")
Key topics covered:
Multi-stage build examples with 78% size reduction
Layer caching optimization
Security hardening (non-root, health checks)
Trivy vulnerability scanning
Docker Compose development setup
CI/CD Pipelines
Load: Read("${CLAUDE_SKILL_DIR}/references/ci-cd-pipelines.md")
Key topics covered:
Branch strategy (Git Flow)
GitHub Actions caching (85% time savings)
Artifact management
Matrix testing
Complete backend CI/CD example
Kubernetes Basics
Load: Read("${CLAUDE_SKILL_DIR}/references/kubernetes-basics.md")
Key topics covered:
Health probes (startup, liveness, readiness)
Security context configuration
PodDisruptionBudget
Resource quotas
StatefulSets for databases
Helm chart structure
Environment Management
Load: Read("${CLAUDE_SKILL_DIR}/references/environment-management.md")
Key topics covered:
External Secrets Operator
GitOps with ArgoCD
Terraform patterns (remote state, modules)
Zero-downtime database migrations
Alembic migration workflow
Rollback procedures
Observability
Load: Read("${CLAUDE_SKILL_DIR}/references/observability.md")
Key topics covered:
Prometheus metrics exposition
Grafana dashboard queries (PromQL)
Alerting rules for SLOs
Golden signals (SRE)
Structured logging
Distributed tracing (OpenTelemetry)
Railway Deployment
Load: Read("${CLAUDE_SKILL_DIR}/rules/railway-deployment.md")
Key topics covered:
railway.json configuration, Nixpacks builds
Environment variable management, database provisioning
Multi-service setups, Railway CLI workflows
References: ${CLAUDE_SKILL_DIR}/references/railway-json-config.md, ${CLAUDE_SKILL_DIR}/references/nixpacks-customization.md, ${CLAUDE_SKILL_DIR}/references/multi-service-setup.md
Deployment Strategies
Load: Read("${CLAUDE_SKILL_DIR}/references/deployment-strategies.md")
Key topics covered:
Rolling deployment
Blue-green deployment
Canary releases
Traffic splitting with Istio
Deployment Checklist & Templates
Load: Read("${CLAUDE_SKILL_DIR}/references/checklists-and-templates.md") for pre/during/post-deployment checklists, Helm chart structure, template reference table, and extended thinking triggers.
Related Skills
zero-downtime-migration - Database migration patterns for zero-downtime deployments
security-scanning - Security scanning integration for CI/CD pipelines
ork:monitoring-observability - Monitoring and alerting for deployed applications
ork:database-patterns - Python/Alembic migration workflow for backend deployments
portless (upstream) - Named .localhost URLs for multi-service local dev (portless alias api 8080)
Key Decisions
Decision
Choice
Rationale
Container user
Non-root (uid 1001)
Security best practice, required by many orchestrators
Deployment strategy
Rolling update (default)
Zero downtime, automatic rollback, resource efficient
Secrets management
External Secrets Operator
Syncs from cloud providers, GitOps compatible
Health checks
Separate startup/liveness/readiness
Prevents premature traffic, enables graceful shutdown
Capability Details
Load: Read("${CLAUDE_SKILL_DIR}/references/capability-details.md") for full keyword index and problem-solution mapping across all 6 capabilities (ci-cd, docker, kubernetes, infrastructure-as-code, deployment-strategies, observability).don't have the plugin yet? install it then click "run inline in claude" again.