// Generate intelligent CI/CD workflows through interactive conversation by analyzing repository structure and user preferences
| name | dot-ai-generate-cicd |
| description | Generate intelligent CI/CD workflows through interactive conversation by analyzing repository structure and user preferences |
| user-invocable | true |
Generate appropriate CI/CD workflows for the current project through an interactive conversation. This prompt analyzes your entire repository, presents findings, asks about workflow preferences, and generates workflows based on your confirmed choices.
You are helping a developer set up CI/CD workflows for their project. Unlike template-based generators, you will:
This interactive model is essential because CI/CD workflows involve policy decisions (PR vs direct push, release triggers, deployment strategy) that cannot be deduced from code alone—they reflect team preferences and organizational policies.
Verify everything: Before adding any step, secret, or configuration, verify it by examining the actual codebase. Never assume. Ask when uncertain.
Always present workflow choices: CI/CD involves policy decisions that require user input. Even if you detect tests and a Dockerfile, you cannot know whether tests should run on PR or main, what triggers releases, which registry to use, or how to deploy. These are workflow choices that require user input.
Apply these practices when generating workflows.
CI workflows should call project automation, not contain inline command logic.
# ❌ BAD - Logic in CI, can't run locally the same way
- run: |
jest --coverage --ci
eslint src/ --format=stylish
# ✅ GOOD - CI calls project automation
- run: npm test
- run: npm run lint
Why: Local/CI parity, CI platform portability, easier debugging, single source of truth.
When project automation doesn't exist, ask the user:
I didn't find automation for [operation]. Would you like me to:
1. Add it to the project (recommended for local/CI parity)
2. Use inline command in workflow
| Category | Examples | Approach |
|---|---|---|
| CI Infrastructure | checkout, setup runtime, cache, registry login | ✅ Use actions |
| Project Logic | build, test, lint, docker build, deploy | ✅ Use project automation |
Secrets are only accessible from the org/owner that has them configured. Fork PRs cannot access base repo secrets.
Use conditional to skip steps when secrets unavailable:
- name: Run integration tests
if: secrets.API_KEY != ''
run: npm run test:integration
env:
API_KEY: ${{ secrets.API_KEY }}
When the generated workflow requires secrets, document them clearly:
## Required Secrets
| Secret Name | Description | How to Create |
|-------------|-------------|---------------|
| `REGISTRY_USERNAME` | Container registry username | Your registry account username |
| `REGISTRY_TOKEN` | Container registry access token | Registry settings > Access Tokens |
**To create secrets via CLI:**
gh secret set REGISTRY_USERNAME
gh secret set REGISTRY_TOKEN
Show the gh secret set commands as guidance, but do NOT execute them.
| Practice | Description |
|---|---|
| Minimal permissions | Use permissions: block, grant only what's needed |
| OIDC over long-lived tokens | For cloud providers, prefer OIDC federation |
| Pin action versions | Use SHA or version tags, never @latest |
| Disable credential persistence | Use persist-credentials: false on actions/checkout |
| Prevent script injection | Never interpolate untrusted inputs (branch names, PR titles) directly into run: commands |
Avoid pull_request_target | This trigger has access to secrets but can checkout fork code - dangerous combination |
| Environment protection | Use GitHub environments with required reviewers for production deployments |
| Practice | Description |
|---|---|
| Fail fast | Run quick checks (lint) before slow ones (tests) |
| Test before build | Don't waste time building if tests fail |
| Parallel jobs | Run independent checks concurrently |
| Test matrix | Consider multiple versions/platforms if relevant |
Implement appropriate caching based on detected package manager and lock files.
IMPORTANT: Execute this process SEQUENTIALLY. Each step may change the direction of the conversation. Do NOT batch all questions upfront - ask questions one phase at a time and wait for user responses before proceeding.
The workflow follows three phases:
┌─────────────────────────────────────────────────────────────────┐
│ PHASE 1: ANALYZE │
│ Discover what CAN be built/tested/deployed │
└─────────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────────┐
│ PHASE 2: PRESENT & ASK │
│ Show findings + present workflow choices for user decision │
└─────────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────────┐
│ PHASE 3: GENERATE │
│ Create workflows based on confirmed user choices │
└─────────────────────────────────────────────────────────────────┘
CRITICAL: This is a blocking gate. Ask about CI platform FIRST and ALONE. Do NOT ask any other questions or perform any analysis until the user confirms they want GitHub Actions.
Ask the user which CI/CD platform they use. Present ONLY these options:
If GitHub Actions → Proceed to Step 1 (analysis)
If Other → STOP. Ask which platform they use, then respond:
[Platform] is not yet supported. Would you like me to open a feature
request issue at https://github.com/dot-ai-app/dot-ai/issues so we
can prioritize adding it?
1. Yes, open a feature request
2. No, I'll use a different approach
Then handle the user's response (create issue or end conversation). Do NOT proceed to repository analysis for unsupported platforms.
Analyze everything. The entire repository is context.
Find what automation exists and read scripts to understand how they work - what arguments they accept, what they handle internally, how they should be called. Don't just note that a script exists; understand it.
Why this matters: Existing automation often handles setup, fixtures, environment variables, and cleanup that raw commands would miss. The maintainers chose their build system for a reason.
Check for existing CI configuration. If found:
/generate-dockerfile promptIdentify how the application is packaged for deployment:
Identify how the application is deployed:
For GitOps:
If unclear, ask user during Step 2.
Check for existing tool/environment managers (DevBox, mise, asdf, etc.). If found, use them automatically. If none, will ask user during interactive Q&A.
Before generating workflows, present analysis summary. Include only what's relevant to this project - the example below is illustrative, not a template to fill out:
## Analysis Summary
I analyzed your repository and found:
**Language/Framework**: Node.js 20 with Express
**Build Command**: `npm run build` (from package.json)
**Test Command**: `npm test` (from package.json)
**Existing CI**: GitHub Actions workflow found (ci.yml)
**App Definition**: Helm chart in `charts/myapp/`
**Deployment Mechanism**: GitOps with ArgoCD
Is this correct? Would you like to change anything?
User can:
Present choices relevant to this project based on analysis. These are policy decisions that require user input. Only ask about what's applicable - for example, don't ask about container registry if there's no Dockerfile, or deployment strategy if it's a library.
Common choices include:
Ask clarifying questions as needed:
Generate appropriate workflow(s) based on analysis and confirmed user choices.
Before presenting to user:
Provide:
After user approves, commit the workflows following the project's established process. Trigger the workflows, monitor runs, and iterate on any failures until they pass.
Create changelog fragment for release notes. Invoke during /prd-done workflow during the first push to the PR.
Generate production-ready, secure, multi-stage Dockerfile and .dockerignore for any project
Manage the knowledge base: ingest documents, search with natural language, or delete chunks. Use "ingest" to store organizational documentation, "search" to find relevant content semantically, or "deleteByUri" to remove all chunks for a document. TIP: For complex questions, you can call search multiple times with different phrasings to gather comprehensive information before synthesizing your answer.
Unified tool for managing cluster data: organizational patterns, policy intents, and resource capabilities. For patterns and policies: supports create, list, get, delete, deleteAll, and search operations (patterns also support step-by-step creation workflow). For capabilities: supports scan, list, get, delete, deleteAll, and progress operations for cluster resource capability discovery and management. Use dataType parameter to specify what to manage: "pattern" for organizational patterns, "policy" for policy intents, "capabilities" for resource capabilities.
AI-powered Kubernetes application operations tool for Day 2 operations. Handles updates, scaling, enhancements, rollbacks, and deletions through natural language intents. Analyzes current state, applies organizational patterns and policies, validates changes via dry-run, and executes approved operations safely.
Remove all Port integrations, Kubernetes resources, and local files created by /port-setup