一键在 Manus 中运行任何 Skill

gha-pipelines

星标24

分支3

更新时间2026年3月23日 02:45

Create and modify GitHub Actions CI/CD workflows for the homelab repository. Covers validation pipelines, OCI artifact promotion, and infrastructure testing. Use when: (1) Creating new GitHub Actions workflows, (2) Modifying existing CI/CD pipelines, (3) Adding validation or testing stages, (4) Debugging workflow failures. Triggers: "github actions", "workflow", "ci/cd", "pipeline", "gha", "build artifact", "validation workflow", "ci pipeline"

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

ionfury

ionfury/homelab

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

GitHub Actions Pipelines

This repository uses mise for tool version management so CI and local dev use identical versions. Delegate to Taskfile commands, not raw CLI. Follow homelab-specific conventions below; for generic GHA patterns (matrix builds, github-script, action catalog), see the global gha-pipelines skill.

Core Patterns

Tool setup — always jdx/mise-action@v3, never apt-get/brew:

steps:
  - uses: actions/checkout@v6
  - uses: jdx/mise-action@v3
  - run: task k8s:validate

Actions reference:

Need	Action
Checkout	`actions/checkout@v6`
Tool setup	`jdx/mise-action@v3` (reads `.mise.toml`)
GHCR login	`docker/login-action@v3`
GitHub API	`actions/github-script@v7`
Flux CLI	`fluxcd/flux2/action@v2`

Path-based triggers — always include the workflow file itself and .mise.toml:

on:
  pull_request:
    paths:
      - "kubernetes/**"
      - ".github/workflows/kubernetes-validate.yaml"
      - ".mise.toml"
      - ".taskfiles/kubernetes/**"
  workflow_dispatch:

YAML schema comment on every workflow file:

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

Permissions — always minimal:

permissions:
  contents: read
  packages: write   # Only when pushing to GHCR
  statuses: read    # Only when reading commit status events

Workflow Inventory

Workflow	Trigger	Purpose
`kubernetes-validate.yaml`	PR (kubernetes/)	Lint, expand ResourceSets, build, template, kubeconform, pluto
`infrastructure-validate.yaml`	PR (infrastructure/)	Format checks, module tests (matrix per module)
`renovate-validate.yaml`	PR (renovate config)	Validate Renovate configuration
`build-platform-artifact.yaml`	Push to main (kubernetes/)	Build OCI artifact, tag for integration
`tag-validated-artifact.yaml`	Status event / manual	Promote validated artifact to stable semver
`renovate.yaml`	Scheduled (hourly)	Dependency update automation
`label-sync.yaml`	Scheduled / manual	Sync GitHub labels

OCI Promotion Pipeline

For full pipeline tracing and debugging, see the promotion-pipeline skill.

Key design decisions when modifying these workflows:

Integration polls with semver >= 0.0.0-0 (accepts -rc.N); live polls >= 0.0.0 (stable only)
tag-validated-artifact has idempotency guard — checks for existing validated-* tag before re-tagging (Flux Alerts fire on every reconciliation cycle)
Build workflow queries GHCR for latest stable tag, bumps patch, creates next RC

New Validation Workflow Template

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: <Domain> Validate

on:
  pull_request:
    paths:
      - "<domain>/**"
      - ".github/workflows/<domain>-validate.yaml"
      - ".mise.toml"
  workflow_dispatch:

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: jdx/mise-action@v3
      - run: task <domain>:validate

Anti-Patterns

NEVER install tools with apt-get or brew — use mise
NEVER use raw curl/jq for GitHub API — use actions/github-script
NEVER hardcode versions in workflow files — versions come from .mise.toml or versions.env
NEVER use permissions: write-all — specify exact permissions needed
NEVER skip workflow_dispatch — all workflows support manual runs

Cross-References

.github/CLAUDE.md — Declarative workflow architecture
promotion-pipeline skill — Debugging promotion failures
.taskfiles/CLAUDE.md — Task commands used in workflows

同仓库更多 Skills

同仓库

dashboard-design

ionfury/homelab

Visual design and layout for Grafana dashboards — panel hierarchy, type selection, color/threshold design, and iterative screenshot-based refinement. Use when: (1) Deciding what panels belong on a new dashboard, (2) Choosing panel types for specific data patterns, (3) Structuring visual hierarchy and layout, (4) Applying color and thresholds to communicate status, (5) Reviewing dashboard appearance via Playwright screenshots, (6) Iterating on readability and density Triggers: "dashboard design", "visual design", "layout design", "panel type", "color scheme", "screenshot review", "iterate dashboard", "dashboard looks", "visual feedback", "refine dashboard", "dashboard hierarchy", "information density"

2026-05-1924

architecture-review

ionfury/homelab

Architecture evaluation criteria and technology standards for the homelab. Preloaded into the designer agent to ground design decisions in established patterns and principles. Use when: (1) Evaluating a proposed technology addition, (2) Reviewing architecture decisions, (3) Assessing stack fit for a new component, (4) Comparing implementation approaches. Triggers: "architecture review", "evaluate technology", "stack fit", "should we use", "technology comparison", "design review", "architecture decision"

2026-04-0824

deploy-app

ionfury/homelab

End-to-end application deployment orchestration for the Kubernetes homelab. Covers research, worktree setup, Flux ResourceSet configuration, dev cluster testing, monitoring integration, and PR creation. Use when: (1) Deploying a new application to the cluster, (2) Adding a new Helm release to the platform, (3) Setting up monitoring, alerting, and health checks for a new service, (4) Testing deployment on dev cluster before GitOps promotion. Triggers: "deploy app", "add new application", "deploy to kubernetes", "install helm chart", "/deploy-app", "set up new service", "add monitoring for", "deploy with monitoring"

2026-03-3024

secrets

ionfury/homelab

Secret management patterns for the Kubernetes homelab platform. Covers secret-generator, ExternalSecret, app-secrets Terragrunt module, and cross-namespace replication via kubernetes-replicator. Use when: (1) Adding secrets for a new application, (2) Deciding between secret-generator and ExternalSecret, (3) Configuring cross-namespace secret replication, (4) Creating persistent secrets via the app-secrets Terragrunt module, (5) Debugging secret sync failures. Triggers: "secret", "ExternalSecret", "secret-generator", "aws ssm", "parameter store", "kubernetes-replicator", "replicate secret", "app-secrets", "persistent secret", "cross-namespace secret", "secret not syncing", "ClusterSecretStore"

2026-03-3024

cnpg-database

ionfury/homelab

CloudNative-PG (CNPG) PostgreSQL database management for the Kubernetes homelab. Covers shared platform cluster, dedicated per-app clusters, credential provisioning, cross-namespace replication via kubernetes-replicator, and monitoring. Use when: (1) Adding a new database for an application, (2) Creating a dedicated CNPG cluster, (3) Setting up database credentials and cross-namespace replication, (4) Debugging database connectivity or CNPG cluster health, (5) Adding PostgreSQL extensions for specialized workloads. Triggers: "database", "postgresql", "postgres", "cnpg", "cloudnative-pg", "pooler", "pgbouncer", "database credentials", "db password", "managed roles", "Database CRD", "database cluster", "shared database", "dedicated database", "cnpg cluster"

2026-03-2324

gateway-routing

ionfury/homelab

Gateway API routing, TLS certificates, and WAF configuration for the homelab Kubernetes platform. Use when: (1) Exposing a service via HTTPRoute, (2) Choosing between internal and external gateways, (3) Debugging TLS or routing issues, (4) Understanding or tuning WAF (Coraza) behavior. Triggers: "httproute", "gateway", "expose service", "add route", "certificate", "tls", "coraza", "waf", "internal gateway", "external gateway", "dns", "ingress", "routing", "cert-manager", "letsencrypt", "homelab-ca"

2026-03-2324

name	gha-pipelines
description	Create and modify GitHub Actions CI/CD workflows for the homelab repository. Covers validation pipelines, OCI artifact promotion, and infrastructure testing. Use when: (1) Creating new GitHub Actions workflows, (2) Modifying existing CI/CD pipelines, (3) Adding validation or testing stages, (4) Debugging workflow failures. Triggers: "github actions", "workflow", "ci/cd", "pipeline", "gha", "build artifact", "validation workflow", "ci pipeline"
user-invocable	false

GitHub Actions Pipelines

Core Patterns

Tool setup — always jdx/mise-action@v3, never apt-get/brew:

steps:
  - uses: actions/checkout@v6
  - uses: jdx/mise-action@v3
  - run: task k8s:validate

Actions reference:

Need	Action
Checkout	`actions/checkout@v6`
Tool setup	`jdx/mise-action@v3` (reads `.mise.toml`)
GHCR login	`docker/login-action@v3`
GitHub API	`actions/github-script@v7`
Flux CLI	`fluxcd/flux2/action@v2`

Path-based triggers — always include the workflow file itself and .mise.toml:

on:
  pull_request:
    paths:
      - "kubernetes/**"
      - ".github/workflows/kubernetes-validate.yaml"
      - ".mise.toml"
      - ".taskfiles/kubernetes/**"
  workflow_dispatch:

YAML schema comment on every workflow file:

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

Permissions — always minimal:

permissions:
  contents: read
  packages: write   # Only when pushing to GHCR
  statuses: read    # Only when reading commit status events

Workflow Inventory

Workflow	Trigger	Purpose
`kubernetes-validate.yaml`	PR (kubernetes/)	Lint, expand ResourceSets, build, template, kubeconform, pluto
`infrastructure-validate.yaml`	PR (infrastructure/)	Format checks, module tests (matrix per module)
`renovate-validate.yaml`	PR (renovate config)	Validate Renovate configuration
`build-platform-artifact.yaml`	Push to main (kubernetes/)	Build OCI artifact, tag for integration
`tag-validated-artifact.yaml`	Status event / manual	Promote validated artifact to stable semver
`renovate.yaml`	Scheduled (hourly)	Dependency update automation
`label-sync.yaml`	Scheduled / manual	Sync GitHub labels

OCI Promotion Pipeline

For full pipeline tracing and debugging, see the promotion-pipeline skill.

Key design decisions when modifying these workflows:

Integration polls with semver >= 0.0.0-0 (accepts -rc.N); live polls >= 0.0.0 (stable only)
tag-validated-artifact has idempotency guard — checks for existing validated-* tag before re-tagging (Flux Alerts fire on every reconciliation cycle)
Build workflow queries GHCR for latest stable tag, bumps patch, creates next RC

New Validation Workflow Template

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: <Domain> Validate

on:
  pull_request:
    paths:
      - "<domain>/**"
      - ".github/workflows/<domain>-validate.yaml"
      - ".mise.toml"
  workflow_dispatch:

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: jdx/mise-action@v3
      - run: task <domain>:validate

Anti-Patterns

NEVER install tools with apt-get or brew — use mise
NEVER use raw curl/jq for GitHub API — use actions/github-script
NEVER hardcode versions in workflow files — versions come from .mise.toml or versions.env
NEVER use permissions: write-all — specify exact permissions needed
NEVER skip workflow_dispatch — all workflows support manual runs

Cross-References

.github/CLAUDE.md — Declarative workflow architecture
promotion-pipeline skill — Debugging promotion failures
.taskfiles/CLAUDE.md — Task commands used in workflows