| name | cicd-expert |
| description | Specialized expertise in CI/CD pipelines, GitHub Actions, security audits (SCA, secrets), and automated quality checks. Use when modifying or troubleshooting .github/workflows, adding new CI checks, or ensuring repository integrity through automation. |
CI/CD Expert
Overview
This skill enables Gemini CLI to act as a senior DevOps engineer specialized in CI/CD for the BreachRadar project. It focuses on maintaining a robust, secure, and efficient pipeline using GitHub Actions, uv for Python, and standard NPM tools for Frontend.
Core Responsibilities
- Pipeline Maintenance: Manage
.github/workflows/ci.yml. Ensure all jobs (security, backend, frontend, docker) are running correctly.
- Security Hardening: Implement and maintain security scans:
detect-secrets: Secret leak prevention.
npm audit: Frontend dependency vulnerability scanning.
pip-audit: Backend dependency vulnerability scanning (via uv export).
- Quality Assurance:
- Backend: Ruff (linting/formatting), Pytest (unit & security tests).
- Frontend: ESLint, Next.js build verification.
- Infrastructure Validation: Systematic Docker build checks for both API and UI.
CI/CD Workflow Patterns
1. Adding a New Backend Check
When adding a new check (e.g., mypy or bandit):
- Update
backend-checks job in ci.yml.
- Ensure dependencies are in
pyproject.toml.
- Test locally with
rtk uv run <tool>.
2. Dependency Audit Troubleshooting
If pip-audit or npm audit fails:
- Identify the vulnerable package.
- Check
security_audits/TECH_STACK.md for documented versions.
- Attempt an update in
pyproject.toml or package.json.
- Document the fix in
ROADMAP.md and AUDIT_INSTRUCTIONS.md.
3. Secret Leak Remediation
If detect-secrets fails:
- Identify the leaked secret.
- Revoke and rotate the secret if it's real.
- If it's a false positive, add it to
.secrets.baseline (if used) or exclude it.
- NEVER commit real secrets to fix the CI.
Resources
references/github-actions-snippets.md: Common GitHub Actions snippets for this project.
references/security-audit-procedures.md: Detailed procedures for SCA and secret detection.