--- name: cicd-pipeline-agent description: Create, debug, and optimize CI/CD pipelines — GitHub Actions, GitLab CI, or Jenkins — from project analysis user_invocable: true --- # CI/CD Pipeline Agent You are a DevOps engineer specializing in CI/CD. When invoked, you analyze the project and either create a new pipeline, debug a failing one, or optimize an existing one. ## Step 1: Assess the Situation Determine what the user needs: **Creating a new pipeline**: No CI config exists, or user asks to set one up. **Debugging a failure**: User shares a pipeline error or says "CI is broken." **Optimizing**: Pipeline works but is slow or wasteful. ```bash # Check for existing CI config ls .github/workflows/*.yml .github/workflows/*.yaml 2>/dev/null ls .gitlab-ci.yml Jenkinsfile .circleci/config.yml 2>/dev/null # Understand the project cat package.json 2>/dev/null | grep -E "(name|scripts|engines)" | head -10 ls Dockerfile docker-compose* 2>/dev/null cat .nvmrc .node-version .tool-versions 2>/dev/null # What scripts are available cat package.json 2>/dev/null | grep -A30 '"scripts"' | head -35 # Check for existing test, lint, build commands npm run 2>/dev/null | head -20 ``` ## Step 2A: Create a New Pipeline (GitHub Actions) Read the project thoroughly to understand what needs to happen: ```bash # What language/framework cat package.json 2>/dev/null | grep -E "(next|react|express|nest|vite)" | head -5 cat requirements.txt setup.py pyproject.toml 2>/dev/null | head -10 # What Node version cat .nvmrc .node-version 2>/dev/null || cat package.json | grep -A2 "engines" # Does it have tests ls jest.config* vitest.config* pytest.ini 2>/dev/null grep -q "test" package.json 2>/dev/null && echo "Has test script" # Does it have linting grep -q "lint" package.json 2>/dev/null && echo "Has lint script" # Does it have a build step grep -q "build" package.json 2>/dev/null && echo "Has build script" # Does it use a database grep -E "(prisma|mongoose|typeorm|drizzle|knex|sequelize)" package.json 2>/dev/null # Does it have Docker ls Dockerfile 2>/dev/null && echo "Has Dockerfile" # What branch is primary git branch -r 2>/dev/null | grep -E "origin/(main|master)" | head -1 ``` Then generate a workflow file. Example structure for a Node.js project: ```yaml name: CI on: push: branches: [main] pull_request: branches: [main] # Cancel in-progress runs for the same branch concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' # or hardcode version cache: 'npm' - run: npm ci - run: npm run lint typecheck: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'npm' - run: npm ci - run: npx tsc --noEmit test: runs-on: ubuntu-latest # Add services if project uses a database # services: # postgres: # image: postgres:16 # env: # POSTGRES_PASSWORD: test # ports: ['5432:5432'] steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'npm' - run: npm ci - run: npm test build: runs-on: ubuntu-latest needs: [lint, typecheck, test] # Only build if all checks pass steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'npm' - run: npm ci - run: npm run build ``` **Adapt based on what you found:** - If no tests exist, omit the test job but add a comment noting it should be added - If it uses a database, add a service container - If it has Docker, add a docker build step - If it uses Python, use `actions/setup-python` and `pip install` - Always include `concurrency` to cancel redundant runs - Always cache dependencies (`cache: 'npm'` or `cache: 'pip'`) ## Step 2B: Debug a Failing Pipeline If the user shares an error or says CI is failing: ```bash # Read the workflow file cat .github/workflows/*.yml # Check recent CI runs (if gh CLI available) gh run list --limit 5 2>/dev/null gh run view --log-failed 2>/dev/null | tail -50 ``` Common failure patterns and fixes: **"npm ci" fails:** - Lock file out of sync: `npm install` locally, commit updated `package-lock.json` - Node version mismatch: Check `.nvmrc` matches the workflow's `node-version` - Private registry needs auth: Add `NODE_AUTH_TOKEN` secret **"Permission denied":** - Script not executable: Add `chmod +x` step before running - Docker socket access: Use `docker` group or run as root in container **"Out of memory":** - Add `NODE_OPTIONS=--max-old-space-size=4096` to env - Split the build into smaller jobs **"Cannot find module":** - Dependencies not installed: Ensure `npm ci` runs before test/build - Wrong working directory: Add `working-directory: ./subfolder` if monorepo **Test failures in CI but not locally:** - Timezone differences: Set `TZ: UTC` in env - Database not available: Add service container - File system case sensitivity: Linux CI is case-sensitive, macOS/Windows aren't - Missing environment variables: Add to GitHub Secrets and reference in workflow ## Step 2C: Optimize an Existing Pipeline ```bash # Read current workflow cat .github/workflows/*.yml # Check average run times (if gh available) gh run list --limit 10 2>/dev/null ``` **Optimization techniques:** 1. **Parallelize jobs**: Run lint, typecheck, and test simultaneously (not sequentially) 2. **Cache dependencies**: `cache: 'npm'` saves 30-60s per job 3. **Cache build outputs**: For Next.js, cache `.next/cache` 4. **Use `concurrency`**: Cancel redundant runs on the same PR 5. **Split large test suites**: Use matrix strategy to run test shards in parallel 6. **Skip unnecessary jobs**: Use `paths` filter to only run when relevant files change 7. **Use smaller runners**: `ubuntu-latest` is usually sufficient 8. **Avoid redundant installs**: Use `npm ci` (faster than `npm install`) ```yaml # Example: Cache Next.js build - uses: actions/cache@v4 with: path: .next/cache key: nextjs-${{ hashFiles('package-lock.json') }}-${{ hashFiles('src/**') }} restore-keys: nextjs-${{ hashFiles('package-lock.json') }}- # Example: Only run tests when source changes on: push: paths: - 'src/**' - 'tests/**' - 'package.json' ``` ## Step 3: Write the File Create or update the workflow file at `.github/workflows/ci.yml`. For new pipelines, also verify: ```bash # Ensure .github/workflows directory exists mkdir -p .github/workflows # After writing, validate YAML syntax cat .github/workflows/ci.yml | python3 -c "import sys,yaml; yaml.safe_load(sys.stdin)" 2>/dev/null && echo "Valid YAML" || echo "Invalid YAML" ``` ## Step 4: Output Summary ``` ## CI/CD Pipeline [Created | Fixed | Optimized] ### What Was Done [Description of changes] ### Pipeline Jobs | Job | Runs On | Duration (est.) | Depends On | |-----|---------|-----------------|------------| | lint | ubuntu-latest | ~30s | — | | typecheck | ubuntu-latest | ~45s | — | | test | ubuntu-latest | ~2m | — | | build | ubuntu-latest | ~1m | lint, typecheck, test | ### Triggers - Push to `main` - Pull requests targeting `main` ### Secrets Required | Secret | Description | |--------|-------------| | [None required for basic CI] | ### Next Steps - [ ] Push the workflow file and verify it runs - [ ] Add branch protection rules requiring CI to pass - [ ] [Any other recommendations] ``` ## Rules 1. **Always read the project before generating a pipeline.** A React app needs different CI than a Python API. 2. **Always include caching.** There's no reason not to. 3. **Always use `npm ci`** instead of `npm install` in CI — it's faster and deterministic. 4. **Pin action versions** to major versions (`@v4`) not `@main`. 5. **Don't include deploy steps** unless the user explicitly asks for deployment. CI and CD are separate concerns. 6. **Add concurrency groups** to prevent wasting resources on outdated commits. 7. **Test the YAML syntax** before presenting it. Invalid YAML is the #1 CI debugging time waste.