{ "schemaVersion": "1.0", "item": { "slug": "cicd-pipeline", "name": "CI/CD Pipeline", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/gitgoodordietrying/cicd-pipeline", "canonicalUrl": "https://clawhub.ai/gitgoodordietrying/cicd-pipeline", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/cicd-pipeline", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cicd-pipeline", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/cicd-pipeline" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/cicd-pipeline", "agentPageUrl": "https://openagent3.xyz/skills/cicd-pipeline/agent", "manifestUrl": "https://openagent3.xyz/skills/cicd-pipeline/agent.json", "briefUrl": "https://openagent3.xyz/skills/cicd-pipeline/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "CI/CD Pipeline (GitHub Actions)", "body": "Set up and manage CI/CD pipelines using GitHub Actions. Covers workflow creation, testing, deployment, release automation, and debugging." }, { "title": "When to Use", "body": "Setting up automated testing on push/PR\nCreating deployment pipelines (staging, production)\nAutomating releases with changelogs and tags\nDebugging failing CI workflows\nSetting up matrix builds for cross-platform testing\nManaging secrets and environment variables in CI\nOptimizing CI with caching and parallelism" }, { "title": "Node.js project", "body": "# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 20\n cache: npm\n - run: npm ci\n - run: npm test\n - run: npm run lint" }, { "title": "Python project", "body": "# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-python@v5\n with:\n python-version: \"3.12\"\n cache: pip\n - run: pip install -r requirements.txt\n - run: pytest\n - run: ruff check ." }, { "title": "Go project", "body": "# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-go@v5\n with:\n go-version: \"1.22\"\n - run: go test ./...\n - run: go vet ./..." }, { "title": "Rust project", "body": "# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: dtolnay/rust-toolchain@stable\n - uses: Swatinem/rust-cache@v2\n - run: cargo test\n - run: cargo clippy -- -D warnings" }, { "title": "Matrix builds (test across versions/OSes)", "body": "jobs:\n test:\n strategy:\n fail-fast: false\n matrix:\n os: [ubuntu-latest, macos-latest, windows-latest]\n node-version: [18, 20, 22]\n runs-on: ${{ matrix.os }}\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: ${{ matrix.node-version }}\n - run: npm ci\n - run: npm test" }, { "title": "Conditional jobs", "body": "jobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: npm test\n\n deploy:\n needs: test\n if: github.ref == 'refs/heads/main' && github.event_name == 'push'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: ./deploy.sh" }, { "title": "Caching dependencies", "body": "# Node.js (automatic with setup-node)\n- uses: actions/setup-node@v4\n with:\n node-version: 20\n cache: npm # or yarn, pnpm\n\n# Generic caching\n- uses: actions/cache@v4\n with:\n path: |\n ~/.cache/pip\n ~/.cargo/registry\n node_modules\n key: ${{ runner.os }}-deps-${{ hashFiles('**/package-lock.json') }}\n restore-keys: |\n ${{ runner.os }}-deps-" }, { "title": "Artifacts (save build outputs)", "body": "- uses: actions/upload-artifact@v4\n with:\n name: build-output\n path: dist/\n retention-days: 7\n\n# Download in another job\n- uses: actions/download-artifact@v4\n with:\n name: build-output\n path: dist/" }, { "title": "Run on schedule (cron)", "body": "on:\n schedule:\n - cron: \"0 6 * * 1\" # Every Monday at 6 AM UTC\n workflow_dispatch: # Also allow manual trigger" }, { "title": "Deploy to production on tag", "body": "name: Release\n\non:\n push:\n tags:\n - \"v*\"\n\njobs:\n release:\n runs-on: ubuntu-latest\n permissions:\n contents: write\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 20\n cache: npm\n - run: npm ci\n - run: npm run build\n - run: npm test\n\n # Create GitHub release\n - uses: softprops/action-gh-release@v2\n with:\n generate_release_notes: true\n files: |\n dist/*.js\n dist/*.css" }, { "title": "Deploy to multiple environments", "body": "name: Deploy\n\non:\n push:\n branches: [main, staging]\n\njobs:\n deploy:\n runs-on: ubuntu-latest\n environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}\n steps:\n - uses: actions/checkout@v4\n - run: npm ci && npm run build\n - run: |\n if [ \"${{ github.ref }}\" = \"refs/heads/main\" ]; then\n ./deploy.sh production\n else\n ./deploy.sh staging\n fi\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}" }, { "title": "Docker build and push", "body": "name: Docker\n\non:\n push:\n branches: [main]\n tags: [\"v*\"]\n\njobs:\n build:\n runs-on: ubuntu-latest\n permissions:\n packages: write\n steps:\n - uses: actions/checkout@v4\n - uses: docker/setup-buildx-action@v3\n - uses: docker/login-action@v3\n with:\n registry: ghcr.io\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n - uses: docker/build-push-action@v6\n with:\n push: true\n tags: |\n ghcr.io/${{ github.repository }}:latest\n ghcr.io/${{ github.repository }}:${{ github.sha }}\n cache-from: type=gha\n cache-to: type=gha,mode=max" }, { "title": "npm publish on release", "body": "name: Publish\n\non:\n release:\n types: [published]\n\njobs:\n publish:\n runs-on: ubuntu-latest\n permissions:\n id-token: write\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 20\n registry-url: https://registry.npmjs.org\n - run: npm ci\n - run: npm test\n - run: npm publish --provenance\n env:\n NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}" }, { "title": "Set secrets via CLI", "body": "# Set a repository secret\ngh secret set DEPLOY_TOKEN --body \"my-secret-value\"\n\n# Set from a file\ngh secret set SSH_KEY < ~/.ssh/deploy_key\n\n# Set for a specific environment\ngh secret set DB_PASSWORD --env production --body \"p@ssw0rd\"\n\n# List secrets\ngh secret list\n\n# Delete a secret\ngh secret delete OLD_SECRET" }, { "title": "Use secrets in workflows", "body": "env:\n # Available to all steps in this job\n DATABASE_URL: ${{ secrets.DATABASE_URL }}\n\nsteps:\n - run: echo \"Deploying...\"\n env:\n # Available to this step only\n API_KEY: ${{ secrets.API_KEY }}" }, { "title": "Environment protection rules", "body": "Set up via GitHub UI or API:\n\nRequired reviewers before deployment\nWait timers\nBranch restrictions\nCustom deployment branch policies\n\n# View environments\ngh api repos/{owner}/{repo}/environments | jq '.environments[].name'" }, { "title": "Re-run failed jobs", "body": "# List recent workflow runs\ngh run list --limit 10\n\n# View a specific run\ngh run view \n\n# View failed job logs\ngh run view --log-failed\n\n# Re-run failed jobs only\ngh run rerun --failed\n\n# Re-run entire workflow\ngh run rerun " }, { "title": "Debug with SSH (using tmate)", "body": "# Add this step before the failing step\n- uses: mxschmitt/action-tmate@v3\n if: failure()\n with:\n limit-access-to-actor: true" }, { "title": "Common failures and fixes", "body": "\"Permission denied\" on scripts\n\n- run: chmod +x ./scripts/deploy.sh && ./scripts/deploy.sh\n\n\"Node modules not found\"\n\n# Make sure npm ci runs before npm test\n- run: npm ci # Install exact lockfile versions\n- run: npm test # Now node_modules exists\n\n\"Resource not accessible by integration\"\n\n# Add permissions block\npermissions:\n contents: write\n packages: write\n pull-requests: write\n\nCache not restoring\n\n# Check cache key matches - use hashFiles for lockfile\nkey: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}\n# NOT: key: ${{ runner.os }}-node-${{ hashFiles('package.json') }}\n\nWorkflow not triggering\n\nCheck: is the workflow file on the default branch?\nCheck: does the trigger event match? (push vs pull_request)\nCheck: is the branch filter correct?\n\n# Manually trigger a workflow\ngh workflow run ci.yml --ref main" }, { "title": "Validate locally before pushing", "body": "# Check YAML syntax\npython3 -c \"import yaml; yaml.safe_load(open('.github/workflows/ci.yml'))\" && echo \"Valid\"\n\n# Use actionlint (if installed)\nactionlint .github/workflows/ci.yml\n\n# Or via Docker\ndocker run --rm -v \"$(pwd):/repo\" -w /repo rhysd/actionlint:latest" }, { "title": "View workflow as graph", "body": "# List all workflows\ngh workflow list\n\n# View workflow definition\ngh workflow view ci.yml\n\n# Watch a running workflow\ngh run watch" }, { "title": "Reusable workflows", "body": "# .github/workflows/reusable-test.yml\nname: Reusable Test\non:\n workflow_call:\n inputs:\n node-version:\n required: false\n type: string\n default: \"20\"\n secrets:\n npm-token:\n required: false\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: ${{ inputs.node-version }}\n - run: npm ci\n - run: npm test\n\n# .github/workflows/ci.yml - caller\nname: CI\non: [push, pull_request]\njobs:\n test:\n uses: ./.github/workflows/reusable-test.yml\n with:\n node-version: \"20\"" }, { "title": "Concurrency (prevent duplicate runs)", "body": "concurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true # Cancel previous runs for same branch" }, { "title": "Path filters (only run for relevant changes)", "body": "on:\n push:\n paths:\n - \"src/**\"\n - \"package.json\"\n - \"package-lock.json\"\n - \".github/workflows/ci.yml\"\n paths-ignore:\n - \"docs/**\"\n - \"*.md\"" }, { "title": "Monorepo: only test changed packages", "body": "jobs:\n changes:\n runs-on: ubuntu-latest\n outputs:\n api: ${{ steps.filter.outputs.api }}\n web: ${{ steps.filter.outputs.web }}\n steps:\n - uses: actions/checkout@v4\n - uses: dorny/paths-filter@v3\n id: filter\n with:\n filters: |\n api:\n - 'packages/api/**'\n web:\n - 'packages/web/**'\n\n test-api:\n needs: changes\n if: needs.changes.outputs.api == 'true'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: cd packages/api && npm ci && npm test\n\n test-web:\n needs: changes\n if: needs.changes.outputs.web == 'true'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: cd packages/web && npm ci && npm test" }, { "title": "Tips", "body": "Use workflow_dispatch on every workflow for manual triggering during debugging\nPin action versions to SHA for supply chain security: uses: actions/checkout@b4ffde...\nUse continue-on-error: true for non-critical steps (like linting)\nSet timeout-minutes on jobs to prevent runaway builds (default is 360 minutes)\nUse job outputs to pass data between jobs: outputs: result: ${{ steps.step-id.outputs.value }}\nFor self-hosted runners: runs-on: self-hosted with labels for targeting specific machines" } ], "body": "CI/CD Pipeline (GitHub Actions)\n\nSet up and manage CI/CD pipelines using GitHub Actions. Covers workflow creation, testing, deployment, release automation, and debugging.\n\nWhen to Use\nSetting up automated testing on push/PR\nCreating deployment pipelines (staging, production)\nAutomating releases with changelogs and tags\nDebugging failing CI workflows\nSetting up matrix builds for cross-platform testing\nManaging secrets and environment variables in CI\nOptimizing CI with caching and parallelism\nQuick Start: Add CI to a Project\nNode.js project\n# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 20\n cache: npm\n - run: npm ci\n - run: npm test\n - run: npm run lint\n\nPython project\n# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-python@v5\n with:\n python-version: \"3.12\"\n cache: pip\n - run: pip install -r requirements.txt\n - run: pytest\n - run: ruff check .\n\nGo project\n# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-go@v5\n with:\n go-version: \"1.22\"\n - run: go test ./...\n - run: go vet ./...\n\nRust project\n# .github/workflows/ci.yml\nname: CI\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: dtolnay/rust-toolchain@stable\n - uses: Swatinem/rust-cache@v2\n - run: cargo test\n - run: cargo clippy -- -D warnings\n\nCommon Patterns\nMatrix builds (test across versions/OSes)\njobs:\n test:\n strategy:\n fail-fast: false\n matrix:\n os: [ubuntu-latest, macos-latest, windows-latest]\n node-version: [18, 20, 22]\n runs-on: ${{ matrix.os }}\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: ${{ matrix.node-version }}\n - run: npm ci\n - run: npm test\n\nConditional jobs\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: npm test\n\n deploy:\n needs: test\n if: github.ref == 'refs/heads/main' && github.event_name == 'push'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: ./deploy.sh\n\nCaching dependencies\n# Node.js (automatic with setup-node)\n- uses: actions/setup-node@v4\n with:\n node-version: 20\n cache: npm # or yarn, pnpm\n\n# Generic caching\n- uses: actions/cache@v4\n with:\n path: |\n ~/.cache/pip\n ~/.cargo/registry\n node_modules\n key: ${{ runner.os }}-deps-${{ hashFiles('**/package-lock.json') }}\n restore-keys: |\n ${{ runner.os }}-deps-\n\nArtifacts (save build outputs)\n- uses: actions/upload-artifact@v4\n with:\n name: build-output\n path: dist/\n retention-days: 7\n\n# Download in another job\n- uses: actions/download-artifact@v4\n with:\n name: build-output\n path: dist/\n\nRun on schedule (cron)\non:\n schedule:\n - cron: \"0 6 * * 1\" # Every Monday at 6 AM UTC\n workflow_dispatch: # Also allow manual trigger\n\nDeployment Workflows\nDeploy to production on tag\nname: Release\n\non:\n push:\n tags:\n - \"v*\"\n\njobs:\n release:\n runs-on: ubuntu-latest\n permissions:\n contents: write\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 20\n cache: npm\n - run: npm ci\n - run: npm run build\n - run: npm test\n\n # Create GitHub release\n - uses: softprops/action-gh-release@v2\n with:\n generate_release_notes: true\n files: |\n dist/*.js\n dist/*.css\n\nDeploy to multiple environments\nname: Deploy\n\non:\n push:\n branches: [main, staging]\n\njobs:\n deploy:\n runs-on: ubuntu-latest\n environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}\n steps:\n - uses: actions/checkout@v4\n - run: npm ci && npm run build\n - run: |\n if [ \"${{ github.ref }}\" = \"refs/heads/main\" ]; then\n ./deploy.sh production\n else\n ./deploy.sh staging\n fi\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n\nDocker build and push\nname: Docker\n\non:\n push:\n branches: [main]\n tags: [\"v*\"]\n\njobs:\n build:\n runs-on: ubuntu-latest\n permissions:\n packages: write\n steps:\n - uses: actions/checkout@v4\n - uses: docker/setup-buildx-action@v3\n - uses: docker/login-action@v3\n with:\n registry: ghcr.io\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n - uses: docker/build-push-action@v6\n with:\n push: true\n tags: |\n ghcr.io/${{ github.repository }}:latest\n ghcr.io/${{ github.repository }}:${{ github.sha }}\n cache-from: type=gha\n cache-to: type=gha,mode=max\n\nnpm publish on release\nname: Publish\n\non:\n release:\n types: [published]\n\njobs:\n publish:\n runs-on: ubuntu-latest\n permissions:\n id-token: write\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 20\n registry-url: https://registry.npmjs.org\n - run: npm ci\n - run: npm test\n - run: npm publish --provenance\n env:\n NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}\n\nSecrets Management\nSet secrets via CLI\n# Set a repository secret\ngh secret set DEPLOY_TOKEN --body \"my-secret-value\"\n\n# Set from a file\ngh secret set SSH_KEY < ~/.ssh/deploy_key\n\n# Set for a specific environment\ngh secret set DB_PASSWORD --env production --body \"p@ssw0rd\"\n\n# List secrets\ngh secret list\n\n# Delete a secret\ngh secret delete OLD_SECRET\n\nUse secrets in workflows\nenv:\n # Available to all steps in this job\n DATABASE_URL: ${{ secrets.DATABASE_URL }}\n\nsteps:\n - run: echo \"Deploying...\"\n env:\n # Available to this step only\n API_KEY: ${{ secrets.API_KEY }}\n\nEnvironment protection rules\n\nSet up via GitHub UI or API:\n\nRequired reviewers before deployment\nWait timers\nBranch restrictions\nCustom deployment branch policies\n# View environments\ngh api repos/{owner}/{repo}/environments | jq '.environments[].name'\n\nWorkflow Debugging\nRe-run failed jobs\n# List recent workflow runs\ngh run list --limit 10\n\n# View a specific run\ngh run view \n\n# View failed job logs\ngh run view --log-failed\n\n# Re-run failed jobs only\ngh run rerun --failed\n\n# Re-run entire workflow\ngh run rerun \n\nDebug with SSH (using tmate)\n# Add this step before the failing step\n- uses: mxschmitt/action-tmate@v3\n if: failure()\n with:\n limit-access-to-actor: true\n\nCommon failures and fixes\n\n\"Permission denied\" on scripts\n\n- run: chmod +x ./scripts/deploy.sh && ./scripts/deploy.sh\n\n\n\"Node modules not found\"\n\n# Make sure npm ci runs before npm test\n- run: npm ci # Install exact lockfile versions\n- run: npm test # Now node_modules exists\n\n\n\"Resource not accessible by integration\"\n\n# Add permissions block\npermissions:\n contents: write\n packages: write\n pull-requests: write\n\n\nCache not restoring\n\n# Check cache key matches - use hashFiles for lockfile\nkey: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}\n# NOT: key: ${{ runner.os }}-node-${{ hashFiles('package.json') }}\n\n\nWorkflow not triggering\n\nCheck: is the workflow file on the default branch?\nCheck: does the trigger event match? (push vs pull_request)\nCheck: is the branch filter correct?\n# Manually trigger a workflow\ngh workflow run ci.yml --ref main\n\nWorkflow Validation\nValidate locally before pushing\n# Check YAML syntax\npython3 -c \"import yaml; yaml.safe_load(open('.github/workflows/ci.yml'))\" && echo \"Valid\"\n\n# Use actionlint (if installed)\nactionlint .github/workflows/ci.yml\n\n# Or via Docker\ndocker run --rm -v \"$(pwd):/repo\" -w /repo rhysd/actionlint:latest\n\nView workflow as graph\n# List all workflows\ngh workflow list\n\n# View workflow definition\ngh workflow view ci.yml\n\n# Watch a running workflow\ngh run watch\n\nAdvanced Patterns\nReusable workflows\n# .github/workflows/reusable-test.yml\nname: Reusable Test\non:\n workflow_call:\n inputs:\n node-version:\n required: false\n type: string\n default: \"20\"\n secrets:\n npm-token:\n required: false\n\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: ${{ inputs.node-version }}\n - run: npm ci\n - run: npm test\n\n# .github/workflows/ci.yml - caller\nname: CI\non: [push, pull_request]\njobs:\n test:\n uses: ./.github/workflows/reusable-test.yml\n with:\n node-version: \"20\"\n\nConcurrency (prevent duplicate runs)\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true # Cancel previous runs for same branch\n\nPath filters (only run for relevant changes)\non:\n push:\n paths:\n - \"src/**\"\n - \"package.json\"\n - \"package-lock.json\"\n - \".github/workflows/ci.yml\"\n paths-ignore:\n - \"docs/**\"\n - \"*.md\"\n\nMonorepo: only test changed packages\njobs:\n changes:\n runs-on: ubuntu-latest\n outputs:\n api: ${{ steps.filter.outputs.api }}\n web: ${{ steps.filter.outputs.web }}\n steps:\n - uses: actions/checkout@v4\n - uses: dorny/paths-filter@v3\n id: filter\n with:\n filters: |\n api:\n - 'packages/api/**'\n web:\n - 'packages/web/**'\n\n test-api:\n needs: changes\n if: needs.changes.outputs.api == 'true'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: cd packages/api && npm ci && npm test\n\n test-web:\n needs: changes\n if: needs.changes.outputs.web == 'true'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - run: cd packages/web && npm ci && npm test\n\nTips\nUse workflow_dispatch on every workflow for manual triggering during debugging\nPin action versions to SHA for supply chain security: uses: actions/checkout@b4ffde...\nUse continue-on-error: true for non-critical steps (like linting)\nSet timeout-minutes on jobs to prevent runaway builds (default is 360 minutes)\nUse job outputs to pass data between jobs: outputs: result: ${{ steps.step-id.outputs.value }}\nFor self-hosted runners: runs-on: self-hosted with labels for targeting specific machines" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/gitgoodordietrying/cicd-pipeline", "publisherUrl": "https://clawhub.ai/gitgoodordietrying/cicd-pipeline", "owner": "gitgoodordietrying", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/cicd-pipeline", "downloadUrl": "https://openagent3.xyz/downloads/cicd-pipeline", "agentUrl": "https://openagent3.xyz/skills/cicd-pipeline/agent", "manifestUrl": "https://openagent3.xyz/skills/cicd-pipeline/agent.json", "briefUrl": "https://openagent3.xyz/skills/cicd-pipeline/agent.md" } }