메뉴
Scaffold Netlify deployment for an Angular SPA project. Generates netlify.toml, a Makefile deploy target, and a GitHub Actions workflow. Use when asked to "deploy to Netlify", "set up Netlify for Angular", or "add Netlify CI/CD".
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Install and configure Prettier for JavaScript/TypeScript projects. Use when setting up a dev environment, fixing formatting issues, or asked to "install prettier", "configure prettier", or "set up code formatting".
Core principles and golden rules for writing production-quality Ansible automation, covering FQCN requirements, module selection guidance, and execution patterns using uv run.
Production-grade Ansible role structure patterns for directory layout, variable organization (defaults vs vars), handlers, and task organization, derived from analysis of 7 geerlingguy production roles.
Build scalable design systems with Tailwind CSS v4, design tokens, component libraries, and responsive patterns. Use when creating component libraries, implementing design systems, or standardizing UI patterns.
Configure or update Go projects with opinionated best practices using Go modules, golangci-lint, and built-in testing. Use when a repo should contain a Go project with modern tooling, idiomatic Go code, and 80% test coverage requirements.
Configure or update Python projects using uv, ruff, and pytest with opinionated best practices. Use when a repo should contain a Python project with modern tooling, PEP standards, and 80% test coverage requirements.
| name | jeff-skill-angular-netlify |
| description | Scaffold Netlify deployment for an Angular SPA project. Generates netlify.toml, a Makefile deploy target, and a GitHub Actions workflow. Use when asked to "deploy to Netlify", "set up Netlify for Angular", or "add Netlify CI/CD". |
Use this skill to scaffold Netlify deployment for an Angular SPA project.
Before asking the user anything, read these files and extract the values below.
| What | Where to find it |
|---|---|
| Angular app directory | Find angular.json |
dist/ output path | angular.json → projects.<name>.architect.build.options.outputPath |
| Node version | .nvmrc at repo root, or package.json engines.node |
package-lock.json path | Relative to repo root, alongside package.json |
Existing Makefile | Check if one exists in the Angular app directory; note which targets are already defined (lint, test, build) |
CI working-directory | Same directory that contains angular.json |
/demo page at public/demo/index.html)? If yes, what URL paths?prod)deploy-web)netlify.tomlPlace in the Angular app directory (same level as angular.json).
# --- Only include this block if the user has static sub-pages ---
# Redirect /demo → /demo/ so Netlify serves the directory index, not a 404
[[redirects]]
from = "/demo"
to = "/demo/"
status = 301
# ----------------------------------------------------------------
# SPA catch-all: all Angular routes serve index.html (status 200 = rewrite, not redirect)
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
# index.html: browser must always revalidate; Netlify CDN holds it durably
[[headers]]
for = "/index.html"
[headers.values]
Cache-Control = "no-cache"
Netlify-CDN-Cache-Control = "public, max-age=31536000, durable"
# Hashed JS assets: immutable on the browser (filename changes every build)
[[headers]]
for = "/*.js"
[headers.values]
Cache-Control = "public, max-age=31536000, immutable"
Netlify-CDN-Cache-Control = "public, max-age=31536000, durable"
# Hashed CSS assets: same immutable strategy
[[headers]]
for = "/*.css"
[headers.values]
Cache-Control = "public, max-age=31536000, immutable"
Netlify-CDN-Cache-Control = "public, max-age=31536000, durable"
Caching strategy explained:
index.html uses a split strategy: no-cache forces the browser to revalidate on every load, while Netlify-CDN-Cache-Control: durable lets Netlify's CDN cache it long-term and serve it globally at edge speed. When you deploy, Netlify invalidates its own CDN cache automatically.immutable tells browsers they never need to revalidate; durable keeps them cached at the CDN edge indefinitely.Makefile — deploy targetAdd to the existing Makefile in the Angular app directory, or create one if absent. Fill in <app-name> from the outputPath discovered in Step 1.
.PHONY: all build test lint deploy
all: lint test build
lint:
npm run prettier:check
test:
npx ng test --watch=false --browsers=ChromeHeadlessNoSandbox
build:
npm run update-csp
npm run build:prod
# netlify-cli is NOT added as a devDependency — npx downloads it at deploy time.
# Update --dir to match angular.json outputPath (typically dist/<app-name>/browser).
deploy: build
npx netlify-cli deploy --prod --dir=dist/<app-name>/browser
If
lint,test, orbuildtargets already exist in the Makefile, only add thedeploytarget and update the.PHONYline.
.github/workflows/deploy-web.ymlFill in <app-directory>, <node-version>, and <lockfile-path> from Step 1. Add any additional environment secrets your app needs (e.g. API URLs, feature flags) alongside NETLIFY_AUTH_TOKEN and NETLIFY_SITE_ID in the Deploy step.
name: deploy-web
on:
push:
branches: [main]
workflow_dispatch: # also triggerable ad-hoc from the GitHub Actions UI
concurrency:
group: deploy-web
cancel-in-progress: false # never cancel an in-flight deploy
jobs:
deploy:
name: Angular — lint, test & deploy to Netlify
runs-on: ubuntu-latest
environment: prod # GitHub environment gate; secrets live here
defaults:
run:
working-directory: <app-directory>
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: '<node-version>'
cache: npm
cache-dependency-path: <lockfile-path>
- name: Install dependencies
run: npm ci
- name: Lint
run: make lint
- name: Test
run: make test
- name: Commit netlify.toml if CSP hash was updated
working-directory: ${{ github.workspace }}
run: |
git diff --quiet <app-directory>/netlify.toml && exit 0
git config user.name "JEFF-bot"
git config user.email "actions@users.noreply.github.com"
git add <app-directory>/netlify.toml
git commit -m "chore: update PostHog CSP hash [skip ci]"
git push
- name: Deploy
run: make deploy
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
# Add any additional secrets the app needs at build/deploy time:
# MY_API_URL: ${{ secrets.MY_API_URL }}
Triggers: Deploys automatically on every merge to main, and can also be triggered ad-hoc from the GitHub Actions UI or via gh workflow run deploy-web.
Why cancel-in-progress: false?
An in-flight deploy to Netlify should never be interrupted mid-upload. A new deploy queues behind the current one.
Only needed if the user answered "yes" in Step 2, question 1.
ng serve uses historyApiFallback, which intercepts every URL and returns Angular's index.html. A static file at public/demo/index.html would never be reached in development without this guard.
Add to app.routes.ts for each static sub-page path:
{
path: 'demo', // replace with the actual path, without leading slash
canActivate: [
() => {
// In production, Netlify serves public/demo/index.html directly.
// In development, ng serve intercepts this route — redirect to escape the SPA router.
window.location.href = '/demo/index.html';
return false;
}
],
component: AppComponent, // placeholder, never rendered
},
In production, Netlify serves the real file and the 301 redirect in netlify.toml handles the /demo → /demo/ trailing-slash normalisation. The route guard only fires locally.
If the project uses PostHog analytics, keep the init snippet inline in src/index.html. Do not extract it to an external file.
Why inline is required: Angular's build tool (Beasties) generates <link onload="..."> event handlers for CSS preloading. These are inline event handlers that require 'unsafe-hashes' in the CSP script-src — regardless of PostHog. Since 'unsafe-hashes' must be present anyway, the PostHog inline script needs only a sha256-... hash added alongside it. Removing 'unsafe-hashes' to avoid the hash breaks CSS entirely.
src/index.htmlPaste the PostHog snippet as the first inline <script> in <head>. Add a comment so future editors know the hash in netlify.toml must stay in sync:
<!-- PostHog analytics — inline so Beasties CSS preload handlers (which also need
'unsafe-hashes') share the same CSP exception. If you change this snippet,
run `npm run update-csp` to recompute the sha256 hash in netlify.toml. -->
<script>
/* paste PostHog snippet here */
</script>
netlify.tomlAdd a headers block for /*. The sha256-... value covers the PostHog inline script; 'unsafe-hashes' covers Beasties' <link onload="..."> handlers. Add a comment so future editors know only the first sha256- token is replaced by the automation script:
# CRITICAL: PostHog sha256 MUST be first — `npm run update-csp` replaces only the first sha256 token.
# Second sha256 = Beasties CSS preload handler (this.media='all') — static, never changes, do not remove.
[[headers]]
for = "/*"
[headers.values]
Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-hashes' 'sha256-PLACEHOLDER' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' https://p.jeffsoftware.com; connect-src 'self' https://p.jeffsoftware.com; img-src 'self' data:; style-src 'self' 'unsafe-inline';"
Replace PLACEHOLDER by running npm run update-csp (see below). The PostHog custom proxy https://p.jeffsoftware.com must appear in both script-src and connect-src — PostHog's inline init snippet dynamically fetches and injects array.js as a <script> element, so connect-src alone will not unblock it.
scripts/update-csp-hash.jsCreate this file in the Angular app directory. It reads the first inline <script> from index.html, computes its SHA-256, and patches the hash in netlify.toml — so updating the PostHog snippet never requires manually touching the CSP:
#!/usr/bin/env node
// Recomputes the SHA-256 hash of the first inline <script> in src/index.html
// and writes the updated hash into the script-src directive in netlify.toml.
// Run this after changing the PostHog snippet, then commit both files.
const { createHash } = require('node:crypto');
const { readFileSync, writeFileSync } = require('node:fs');
const { join } = require('node:path');
const root = join(__dirname, '..');
const indexHtml = readFileSync(join(root, 'src/index.html'), 'utf8');
const match = indexHtml.match(/<script>([\s\S]*?)<\/script>/);
if (!match) {
console.error('No inline <script> found in src/index.html');
process.exit(1);
}
const hash = `sha256-${createHash('sha256').update(match[1], 'utf8').digest('base64')}`;
const tomlPath = join(root, 'netlify.toml');
const toml = readFileSync(tomlPath, 'utf8');
const updated = toml.replace(/'sha256-[A-Za-z0-9+/=]+'/, `'${hash}'`);
if (updated === toml) {
console.log(`CSP hash already up to date: '${hash}'`);
} else {
writeFileSync(tomlPath, updated);
console.log(`netlify.toml updated with: '${hash}'`);
}
npm run update-csp and wire into make buildIn package.json:
"scripts": {
"update-csp": "node scripts/update-csp-hash.js"
}
In the Makefile, update the build target so the hash is recomputed first, then the Angular build runs:
build:
npm run update-csp
npm run build:prod
scripts/*.js in .gitignoreIf the repo's root .gitignore blocks *.js, add an exception in the Angular app directory's own .gitignore:
!scripts/*.js
.prettierignore entries in the Angular app directoryCreate (or update) a .prettierignore file inside the Angular app directory (same level as angular.json), not only at the repo root. CI invokes prettier from the Angular app directory, and prettier resolves ignore patterns relative to the CWD where it is invoked — patterns in a parent-directory .prettierignore are also resolved relative to that same CWD, so always put these entries in the app-directory .prettierignore to be explicit and safe:
# CommonJS require() in the CSP hash script may be flagged by prettier
scripts/update-csp-hash.js
# PostHog inline snippet in index.html must never be reformatted by prettier
# (reformatting changes whitespace inside the <script> block, invalidating the sha256 hash)
src/index.html
Remind the user to complete these manual steps before the first deploy:
--dir value in the Makefile (e.g. dist/<app-name>/browser)NETLIFY_AUTH_TOKEN to the GitHub <github-environment> environment secrets — generate at: Netlify → User Settings → Applications → Personal access tokensNETLIFY_SITE_ID to the same GitHub environment secrets — find it at: Netlify → Site Settings → General → Site details → Site ID