CI/CD Generation Skill

Generate production-ready GitHub Actions workflows.

Input Sanitization

• Workflow file names: alphanumeric, hyphens, and underscores only — reject .., shell metacharacters, or null bytes
• Action references: owner/action@ref format — reject shell metacharacters and null bytes
• Secret names: uppercase alphanumeric and underscores only

Core Principles

1. Fail-fast: Quick checks (lint, type) before slow ops (build, test)
2. Security hardening: OIDC auth, minimal permissions, pinned action versions
3. Caching: Based on detected package manager
4. Matrix testing: When multiple versions/platforms needed
5. Verification-first: Examine repo before generating workflow

Process