{ "schemaVersion": "1.0", "item": { "slug": "devops", "name": "DevOps", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/ivangdavila/devops", "canonicalUrl": "https://clawhub.ai/ivangdavila/devops", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/devops", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=devops", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "devops", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-02T11:58:34.583Z", "expiresAt": "2026-05-09T11:58:34.583Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=devops", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=devops", "contentDisposition": "attachment; filename=\"devops-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "devops" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/devops" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/devops", "agentPageUrl": "https://openagent3.xyz/skills/devops/agent", "manifestUrl": "https://openagent3.xyz/skills/devops/agent.json", "briefUrl": "https://openagent3.xyz/skills/devops/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "CI/CD Pipelines", "body": "Fail fast: run linting and unit tests before expensive integration tests — saves time and compute\nCache dependencies between runs — npm install on every build wastes minutes\nPin action versions with SHA, not tags — actions/checkout@v3 can change, SHA is immutable\nSecrets in environment variables, never in code or logs — mask them in CI output\nParallel jobs for independent steps — test, lint, and build can run simultaneously" }, { "title": "Deployment Strategies", "body": "Blue-green: run new version alongside old, switch traffic atomically — instant rollback by switching back\nCanary: route percentage of traffic to new version — catch issues before full rollout\nRolling: update instances incrementally — balance between speed and risk\nAlways have rollback plan before deploying — know exactly how to revert\nDeploy the same artifact to all environments — build once, promote through stages" }, { "title": "Infrastructure as Code", "body": "Version control all infrastructure — terraform, ansible, cloudformation in git\nNever apply changes without plan/diff review — terraform plan before apply\nState files contain secrets — store remotely with encryption, never in git\nModules for reusable components — don't copy-paste infrastructure definitions\nSeparate environments with workspaces or directories — dev changes shouldn't affect prod" }, { "title": "Containers", "body": "One process per container — containers are not VMs\nHealth checks are mandatory — orchestrators need them for routing and restarts\nDon't run as root — use non-root USER in Dockerfile\nImmutable images: config via environment, not baked in — same image in all environments\nTag images with git SHA, not just latest — know exactly what's deployed" }, { "title": "Secrets Management", "body": "Never store secrets in environment files committed to git — use vault, sealed secrets, or CI secret storage\nRotate secrets regularly — automation makes rotation painless\nDifferent secrets per environment — dev leak shouldn't compromise prod\nAudit secret access — know who accessed what and when\nSecrets in memory, not disk when possible — temp files persist longer than expected" }, { "title": "Monitoring & Alerting", "body": "Four golden signals: latency, traffic, errors, saturation — start here\nAlert on symptoms, not causes — \"users seeing errors\" not \"CPU high\"\nEvery alert must be actionable — if you can't do anything, it's noise\nDashboard per service with key metrics — one glance shows health\nStructured logs (JSON) for machine parsing — grep works, but queries are better" }, { "title": "Reliability", "body": "Define SLOs before building alerting — what does \"healthy\" mean for this service?\nError budgets: some failures are acceptable — 99.9% means 8 hours downtime/year is OK\nChaos engineering in staging — break things intentionally before prod breaks accidentally\nRunbooks for common incidents — 3am is not the time to figure out recovery steps\nPost-mortems without blame — focus on systems, not people" }, { "title": "Common Mistakes", "body": "SSH into prod to fix things — all changes through automation, or you'll forget what you did\nNo staging environment — \"works on my machine\" doesn't mean works in prod\nIgnoring flaky tests — they erode trust in CI, either fix or delete\nManual steps in deployment — if it's not automated, it'll be done wrong eventually\nMonitoring only happy paths — check error rates and edge cases too" }, { "title": "Networking", "body": "Internal services don't need public IPs — use private subnets, expose only load balancers\nTLS everywhere, including internal traffic — zero trust, even behind firewall\nDNS for service discovery — hardcoded IPs break when things move\nLoad balancer health checks separate from app health — LB needs fast response, app health can be thorough\nFirewall default deny — explicitly allow what's needed, block everything else" } ], "body": "DevOps Rules\nCI/CD Pipelines\nFail fast: run linting and unit tests before expensive integration tests — saves time and compute\nCache dependencies between runs — npm install on every build wastes minutes\nPin action versions with SHA, not tags — actions/checkout@v3 can change, SHA is immutable\nSecrets in environment variables, never in code or logs — mask them in CI output\nParallel jobs for independent steps — test, lint, and build can run simultaneously\nDeployment Strategies\nBlue-green: run new version alongside old, switch traffic atomically — instant rollback by switching back\nCanary: route percentage of traffic to new version — catch issues before full rollout\nRolling: update instances incrementally — balance between speed and risk\nAlways have rollback plan before deploying — know exactly how to revert\nDeploy the same artifact to all environments — build once, promote through stages\nInfrastructure as Code\nVersion control all infrastructure — terraform, ansible, cloudformation in git\nNever apply changes without plan/diff review — terraform plan before apply\nState files contain secrets — store remotely with encryption, never in git\nModules for reusable components — don't copy-paste infrastructure definitions\nSeparate environments with workspaces or directories — dev changes shouldn't affect prod\nContainers\nOne process per container — containers are not VMs\nHealth checks are mandatory — orchestrators need them for routing and restarts\nDon't run as root — use non-root USER in Dockerfile\nImmutable images: config via environment, not baked in — same image in all environments\nTag images with git SHA, not just latest — know exactly what's deployed\nSecrets Management\nNever store secrets in environment files committed to git — use vault, sealed secrets, or CI secret storage\nRotate secrets regularly — automation makes rotation painless\nDifferent secrets per environment — dev leak shouldn't compromise prod\nAudit secret access — know who accessed what and when\nSecrets in memory, not disk when possible — temp files persist longer than expected\nMonitoring & Alerting\nFour golden signals: latency, traffic, errors, saturation — start here\nAlert on symptoms, not causes — \"users seeing errors\" not \"CPU high\"\nEvery alert must be actionable — if you can't do anything, it's noise\nDashboard per service with key metrics — one glance shows health\nStructured logs (JSON) for machine parsing — grep works, but queries are better\nReliability\nDefine SLOs before building alerting — what does \"healthy\" mean for this service?\nError budgets: some failures are acceptable — 99.9% means 8 hours downtime/year is OK\nChaos engineering in staging — break things intentionally before prod breaks accidentally\nRunbooks for common incidents — 3am is not the time to figure out recovery steps\nPost-mortems without blame — focus on systems, not people\nCommon Mistakes\nSSH into prod to fix things — all changes through automation, or you'll forget what you did\nNo staging environment — \"works on my machine\" doesn't mean works in prod\nIgnoring flaky tests — they erode trust in CI, either fix or delete\nManual steps in deployment — if it's not automated, it'll be done wrong eventually\nMonitoring only happy paths — check error rates and edge cases too\nNetworking\nInternal services don't need public IPs — use private subnets, expose only load balancers\nTLS everywhere, including internal traffic — zero trust, even behind firewall\nDNS for service discovery — hardcoded IPs break when things move\nLoad balancer health checks separate from app health — LB needs fast response, app health can be thorough\nFirewall default deny — explicitly allow what's needed, block everything else" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/devops", "publisherUrl": "https://clawhub.ai/ivangdavila/devops", "owner": "ivangdavila", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/devops", "downloadUrl": "https://openagent3.xyz/downloads/devops", "agentUrl": "https://openagent3.xyz/skills/devops/agent", "manifestUrl": "https://openagent3.xyz/skills/devops/agent.json", "briefUrl": "https://openagent3.xyz/skills/devops/agent.md" } }