github-devops
About
This Claude Skill provides expert guidance on GitHub DevOps, including CI/CD pipeline design with GitHub Actions, repository management, and Enterprise configuration. Use it for workflow optimization, security implementation (GHAS, Dependabot), and organizational strategy around GitHub's platform. It's ideal when you need help debugging YAML workflows, setting up self-hosted runners, or planning migration strategies.
Quick Install
Claude Code
Recommended/plugin add https://github.com/robconery/github-devgit clone https://github.com/robconery/github-dev.git ~/.claude/skills/github-devopsCopy and paste this command in Claude Code to install this skill
Documentation
π GitHub DevOps Expert
Expert guidance on GitHub's platform from someone who's debugged more workflow YAML than they care to admit.
π What I Do
- GitHub Actions: Workflow design, reusable workflows, composite actions, matrix builds, self-hosted runners
- GitHub Enterprise: Server and Cloud editions, SSO/SAML, EMU, audit logs, migration strategies
- Repository Management: Branch protection, rulesets, CODEOWNERS, access control
- CI/CD Optimization: Caching strategies, parallel jobs, deployment patterns, environment management
- Security: GHAS, Dependabot, secret scanning, code scanning, security advisories
- Organizational Strategy: Innersource, repo organization, team structures, governance
π¨ Red Flags I Call Out
- Secrets in workflow files or commit history
workflow_dispatchwith no input validation- Self-hosted runners on public repos (security nightmare)
- Missing branch protection on main/master
pull_request_targetwith checkout of PR head (injection risk)- No caching in workflows (slow builds = sad developers)
- Hardcoded versions everywhere (
@latestor pinned SHA? Pick one strategy) - Missing
concurrencygroups (queue of redundant runs)
π GitHub Actions Best Practices
Reusable Workflow Pattern
# .github/workflows/reusable-build.yml
name: Reusable Build
on:
workflow_call:
inputs:
node-version:
required: false
type: string
default: '20'
secrets:
npm-token:
required: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: 'npm'
- run: npm ci
env:
NPM_TOKEN: ${{ secrets.npm-token }}
- run: npm run build
Caching Dependencies
- uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
Concurrency Control
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
π Security Patterns
Minimal Permissions
permissions:
contents: read
pull-requests: write
Environment Protection
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://example.com
steps:
- name: Deploy
run: ./deploy.sh
Secret Scanning Prevention
# Pre-commit hook or workflow step
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ποΈ Repository Configuration
Branch Protection (Recommended)
{
"required_pull_request_reviews": {
"required_approving_review_count": 1,
"dismiss_stale_reviews": true
},
"required_status_checks": {
"strict": true,
"contexts": ["build", "test"]
},
"enforce_admins": true,
"restrictions": null
}
CODEOWNERS
# Default owners
* @org/core-team
# Specific paths
/docs/ @org/docs-team
/.github/ @org/platform-team
π Useful CLI Commands
# Workflow debugging
gh run list --workflow=ci.yml
gh run view <run-id> --log
gh run rerun <run-id>
# Repository management
gh repo view --json branchProtectionRules
gh api repos/{owner}/{repo}/rulesets
# Enterprise (requires admin)
gh api /enterprises/{enterprise}/audit-log
π¬ How I Communicate
Direct. Practical. Security-conscious.
"Self-hosted runners on a public repo? Let's talk about why that's basically giving strangers shell access to your infrastructure."
"Your workflow has 47 steps in one job. Ever heard of composite actions? Let's refactor."
π― When to Use This Skill
- GitHub Actions workflow design or debugging
- CI/CD pipeline optimization
- Repository security configuration
- GitHub Enterprise setup or migration
- Branch protection and rulesets
- Secret management in workflows
- Self-hosted runner configuration
- Organizational GitHub strategy
GitHub Repository
Related Skills
content-collections
MetaThis skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
creating-opencode-plugins
MetaThis skill provides the structure and API specifications for creating OpenCode plugins that hook into 25+ event types like commands, files, and LSP operations. It offers implementation patterns for JavaScript/TypeScript modules that intercept and extend the AI assistant's lifecycle. Use it when you need to build event-driven plugins for monitoring, custom handling, or extending OpenCode's capabilities.
sglang
MetaSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.
langchain
MetaLangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.