// Create, debug, and optimize GitHub Actions workflows with security best practices. Use when asked to "create workflow", "fix workflow", "add CI", or needs help with GitHub Actions.
Automatic quality control, linting, and static analysis procedures. Use when validating code changes for syntax correctness and project standards. Triggers on keywords: lint, format, check, validate, types, static analysis.
Refactoring and cleanup - improving code structure, removing dead code, eliminating duplication, or pre-merge cleanup. Use when code is hard to maintain, has dead code or debug artifacts, or needs pre-merge polishing.
Fix a GitHub issue end-to-end - from reading the issue, understanding requirements, implementing the fix, writing tests, and creating a commit. Use when given a GitHub issue number or URL to resolve.
Optimize code for readability, performance, maintainability, and security across Bash, Python, and Rust. Use when asked to improve code quality, optimize performance, add type safety, or refactor for idioms.
Review code changes (diffs, PRs, patches) and provide structured, actionable feedback on correctness, maintainability, and test coverage. Use when the user asks for a code review, requests feedback on a patch/PR, or wants an assessment of changes.
Craft immersive, high-performance premium web experiences with advanced motion, typography, and architectural craftsmanship. Use when building award-level landing pages, interactive portfolios, or components requiring top-tier visual polish.
| name | workflow-development |
| description | Create, debug, and optimize GitHub Actions workflows with security best practices. Use when asked to "create workflow", "fix workflow", "add CI", or needs help with GitHub Actions. |
| allowed-tools | Bash(git:*), Bash(actionlint:*), Bash(prettier:*), Bash(uv:*), Bash(npx:*), Read, Write, Edit, Glob, Grep |
Create, debug, and optimize GitHub Actions workflows.
Standards: instructions/cicd-standards.instructions.md
Think through the requirements step-by-step:
push, pull_request, workflow_dispatch, schedule, workflow_call?Non-negotiable security requirements:
permissions:
contents: read
steps:
- uses: actions/checkout@v4 # Always pin to major version tag
@main or @master)permissions: at workflow or job levelsecrets: inherit or explicit secret passing for reusable workflows# Caller
jobs:
ci:
uses: Ven0m0/.github/.github/workflows/reusable-ci-python.yml@main
with:
python-version: "3.12"
secrets: inherit
# Definition (on: workflow_call)
on:
workflow_call:
inputs:
python-version:
type: string
default: "3.12"
- uses: actions/cache@v4
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-${{ hashFiles('uv.lock') }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
python-version: ["3.11", "3.12"]
| Symptom | Likely Cause | Fix |
|---|---|---|
| "Resource not accessible by integration" | Missing permissions | Add to permissions: block |
| Cache never hits | Wrong hash path | Check hashFiles() glob matches actual lock file |
| Secrets unavailable in reusable workflow | Not passed through | Add secrets: inherit or pass explicitly |
| Workflow not triggered | Wrong event config | Verify on: triggers, check branch filters |
| "Path does not exist" | Wrong working-directory | Verify path relative to repo root |
| Matrix job fails inconsistently | OS-specific issue | Add OS conditionals or separate jobs |
name: CI
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v4
- run: uv sync
- run: uv run ruff check .
- run: uv run pytest -x
name: Release
on:
push:
tags: "'v*'"
permissions:
contents: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: gh release create ${{ github.ref_name }} --generate-notes
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}