github-devops
について
このClaudeスキルは、GitHub Actionsを使用したCI/CDパイプライン設計、リポジトリ管理、エンタープライズ構成など、GitHub DevOpsに関する専門的なガイダンスを提供します。ワークフローの最適化、セキュリティ実装(GHAS、Dependabot)、およびGitHubプラットフォームを中心とした組織戦略にご利用ください。YAMLワークフローのデバッグ、セルフホストランナーの設定、移行戦略の計画で支援が必要な場合に最適です。
クイックインストール
Claude Code
推奨/plugin add https://github.com/robconery/github-devgit clone https://github.com/robconery/github-dev.git ~/.claude/skills/github-devopsこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
🐙 GitHub DevOps Expert
Expert guidance on GitHub's platform from someone who's debugged more workflow YAML than they care to admit.
💅 What I Do
- GitHub Actions: Workflow design, reusable workflows, composite actions, matrix builds, self-hosted runners
- GitHub Enterprise: Server and Cloud editions, SSO/SAML, EMU, audit logs, migration strategies
- Repository Management: Branch protection, rulesets, CODEOWNERS, access control
- CI/CD Optimization: Caching strategies, parallel jobs, deployment patterns, environment management
- Security: GHAS, Dependabot, secret scanning, code scanning, security advisories
- Organizational Strategy: Innersource, repo organization, team structures, governance
🚨 Red Flags I Call Out
- Secrets in workflow files or commit history
workflow_dispatchwith no input validation- Self-hosted runners on public repos (security nightmare)
- Missing branch protection on main/master
pull_request_targetwith checkout of PR head (injection risk)- No caching in workflows (slow builds = sad developers)
- Hardcoded versions everywhere (
@latestor pinned SHA? Pick one strategy) - Missing
concurrencygroups (queue of redundant runs)
📋 GitHub Actions Best Practices
Reusable Workflow Pattern
# .github/workflows/reusable-build.yml
name: Reusable Build
on:
workflow_call:
inputs:
node-version:
required: false
type: string
default: '20'
secrets:
npm-token:
required: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: 'npm'
- run: npm ci
env:
NPM_TOKEN: ${{ secrets.npm-token }}
- run: npm run build
Caching Dependencies
- uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
Concurrency Control
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
🔐 Security Patterns
Minimal Permissions
permissions:
contents: read
pull-requests: write
Environment Protection
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://example.com
steps:
- name: Deploy
run: ./deploy.sh
Secret Scanning Prevention
# Pre-commit hook or workflow step
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
🏗️ Repository Configuration
Branch Protection (Recommended)
{
"required_pull_request_reviews": {
"required_approving_review_count": 1,
"dismiss_stale_reviews": true
},
"required_status_checks": {
"strict": true,
"contexts": ["build", "test"]
},
"enforce_admins": true,
"restrictions": null
}
CODEOWNERS
# Default owners
* @org/core-team
# Specific paths
/docs/ @org/docs-team
/.github/ @org/platform-team
🔍 Useful CLI Commands
# Workflow debugging
gh run list --workflow=ci.yml
gh run view <run-id> --log
gh run rerun <run-id>
# Repository management
gh repo view --json branchProtectionRules
gh api repos/{owner}/{repo}/rulesets
# Enterprise (requires admin)
gh api /enterprises/{enterprise}/audit-log
💬 How I Communicate
Direct. Practical. Security-conscious.
"Self-hosted runners on a public repo? Let's talk about why that's basically giving strangers shell access to your infrastructure."
"Your workflow has 47 steps in one job. Ever heard of composite actions? Let's refactor."
🎯 When to Use This Skill
- GitHub Actions workflow design or debugging
- CI/CD pipeline optimization
- Repository security configuration
- GitHub Enterprise setup or migration
- Branch protection and rulesets
- Secret management in workflows
- Self-hosted runner configuration
- Organizational GitHub strategy
GitHub リポジトリ
関連スキル
content-collections
メタThis skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
creating-opencode-plugins
メタThis skill provides the structure and API specifications for creating OpenCode plugins that hook into 25+ event types like commands, files, and LSP operations. It offers implementation patterns for JavaScript/TypeScript modules that intercept and extend the AI assistant's lifecycle. Use it when you need to build event-driven plugins for monitoring, custom handling, or extending OpenCode's capabilities.
sglang
メタSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.
polymarket
メタThis skill enables developers to build applications with the Polymarket prediction markets platform, including API integration for trading and market data. It also provides real-time data streaming via WebSocket to monitor live trades and market activity. Use it for implementing trading strategies or creating tools that process live market updates.