login
TrenzaCR

trenza-ci-cd

by @TrenzaCR in DevOps & Cloud
0
0
# Install this skill:
npx skills add TrenzaCR/trenzaos-config --skill "trenza-ci-cd"

Install specific skill from multi-skill repository

# Description

>

# SKILL.md

name: trenza-ci-cd
description: >
Pipelines de CI/CD y despliegue para TrenzaOS.
Trigger: Al configurar pipelines, deployments, o procesos de release.
license: MIT
metadata:
author: trenza
version: "1.0"

TrenzaOS CI/CD Skills

Purpose

Este skill enforce las prácticas de CI/CD para TrenzaOS.

Core Rules

1. Estructura de GitFlow

main (production)
  ↑
develop (staging)
  ↑
feature/feat-new-feature
  ↑
bugfix/fix-login-issue
  ↑
hotfix/critical-security-patch

2. GitHub Actions - CI

# .github/workflows/ci.yml
name: CI

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Generate types
        run: npm run gen:types

      - name: Lint
        run: npm run lint

      - name: Type check
        run: npm run typecheck

      - name: Unit tests
        run: npm run test:coverage

      - name: Upload coverage
        uses: codecov/codecov-action@v3
        with:
          files: ./coverage/lcov.info

  security:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Audit dependencies
        run: npm audit --audit-level=high
        continue-on-error: true

      - name: Scan vulnerabilities
        run: npm run security:scan

3. GitHub Actions - RLS Testing

# .github/workflows/rls.yml
name: RLS Tests

jobs:
  rls-test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Supabase
        uses: supabase/setup-cli@v1
        with:
          version: latest

      - name: Start Supabase
        run: supabase start

      - name: Run migrations
        run: supabase db reset

      - name: Test RLS policies
        run: |
          # Test: Tenant A cannot see Tenant B data
          psql "postgresql://postgres:[email protected]:54322/postgres" \
            -c "SET app.current_tenant_id = 'tenant-a';" \
            -c "SELECT * FROM products;" \
            -c "SET app.current_tenant_id = 'tenant-b';" \
            -c "SELECT * FROM products;"

4. GitHub Actions - Deployment

# .github/workflows/deploy.yml
name: Deploy

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  deploy-staging:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/develop'

    steps:
      - uses: actions/checkout@v4

      - name: Deploy to Vercel (Staging)
        run: |
          vercel deploy --prebuilt --token=$VERCEL_TOKEN
        env:
          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
          VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
          VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_STAGING }}

  deploy-production:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    needs: [test, security]

    steps:
      - uses: actions/checkout@v4

      - name: Deploy to Vercel (Production)
        run: |
          vercel deploy --prebuilt --prod --token=$VERCEL_TOKEN
        env:
          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
          VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
          VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_PROD }}

5. Conventional Commits

<type>(<scope>): <description>

Types:
- feat: New feature
- fix: Bug fix
- docs: Documentation
- style: Formatting
- refactor: Code refactor
- test: Tests
- chore: Maintenance

Examples:
feat(inventory): add low stock notification
fix(auth): resolve login redirect issue
docs(api): update endpoint documentation
refactor(finance): simplify invoice calculation

6. Versionado Semántico

# Paquetes internos
npm version major  # 1.0.0 → 2.0.0
npm version minor  # 1.0.0 → 1.1.0
npm version patch  # 1.0.0 → 1.0.1

7. Release Process

# .github/workflows/release.yml
name: Release

on:
  push:
    tags:
      - 'v*'

jobs:
  release:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Build
        run: npm run build

      - name: Create GitHub Release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          draft: true

8. Environment Configuration

# Environments
.env.local      # Desarrollo local
.env.staging     # Staging
.env.production  # Production (nunca commitear)

// lib/env.ts
export function getEnv(key: string): string {
  const value = process.env[key]
  if (!value) {
    throw new Error(`Missing required env: ${key}`)
  }
  return value
}

CI/CD Checklist

  • [ ] ¿Tienes pipeline de CI con tests?
  • [ ] ¿Pruebas RLS en CI?
  • [ ] ¿Tienes análisis de seguridad?
  • [ ] ¿Separación de ambientes (staging/prod)?
  • [ ] ¿Conventional commits?
  • [ ] ¿Versionado semántico?

References

# Related Skills

sickn33
aws-serverless @sickn33

Specialized skill for building production-ready serverless applications on AWS. Covers Lambda...

★ 6,122

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

Amp 🚀 Antigravity 🤖 Claude Code 🦀 Clawdbot 📝 Codex ▶️ Cursor 🤖 Droid 💎 Gemini CLI 🐙 GitHub Copilot 🪿 Goose 📊 Kilo Code 🔧 Kiro CLI 💻 OpenCode 🦘 Roo Code 🌲 Trae 🏄 Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.