workflow-development
by epicpast
Organization-wide GitHub configuration for Epic Pastures: reusable CI/CD workflows, composite actions, AI agents and Copilot skills for regenerative agriculture and smart farm automation projects.
Run in ManusSKILL.md
name: workflow-development description: Create, debug, and optimize GitHub Actions workflows with security best practices. USE THIS SKILL when user says "create workflow", "fix workflow", "workflow fails", "add CI", "reusable workflow", or needs help with GitHub Actions. allowed-tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
Workflow Development Skill
Design, debug, and optimize GitHub Actions workflows with security best practices.
Trigger Phrases
- "create a CI workflow"
- "add a release workflow"
- "my workflow is failing"
- "make this workflow reusable"
- "workflow security audit"
- "add [language] CI"
Security Requirements (Non-Negotiable)
SHA Pinning
# CORRECT
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
# WRONG - Never use tags
- uses: actions/checkout@v4
Minimal Permissions
permissions:
contents: read # Start with minimum
# Only add what's needed:
# pull-requests: write # For PR comments
# packages: write # For container registry
Reusable Workflow Pattern
Caller (in project)
name: CI
on: [push, pull_request]
jobs:
ci:
uses: epicpast/.github/.github/workflows/reusable-ci-python.yml@main
with:
python-version: '3.12'
coverage-threshold: 80
secrets: inherit
Reusable Definition (in .github repo)
name: Reusable Python CI
on:
workflow_call:
inputs:
python-version:
required: false
type: string
default: '3.12'
coverage-threshold:
required: false
type: number
default: 80
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
- uses: epicpast/.github/actions/setup-python-uv@main
with:
python-version: ${{ inputs.python-version }}
- run: uv run ruff check .
Available Reusable Workflows
| Workflow | Purpose |
|---|---|
reusable-ci-python.yml | Python with uv, ruff, pyright, pytest |
reusable-ci-typescript.yml | TypeScript with pnpm, ESLint, Vitest |
reusable-ci-go.yml | Go with golangci-lint |
reusable-release.yml | Semantic release |
reusable-security.yml | Gitleaks + dependency scanning |
Composite Action Pattern
# action.yml
name: 'Setup Python with uv'
description: 'Install Python and uv with caching'
inputs:
python-version:
required: false
default: '3.12'
runs:
using: 'composite'
steps:
- uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- shell: bash
run: uv python install ${{ inputs.python-version }}
Debugging Workflows
Common Failures
| Error | Cause | Fix |
|---|---|---|
| "Resource not accessible" | Missing permission | Add to permissions: |
| Cache never hits | Wrong key | Check hashFiles path |
| Secrets unavailable | Wrong context | Use secrets: inherit |
| Workflow not triggered | Event mismatch | Check on: config |
Debug Step
- name: Debug
run: |
echo "Event: ${{ github.event_name }}"
echo "Ref: ${{ github.ref }}"
echo "Actor: ${{ github.actor }}"
Performance Optimization
Caching
- uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-${{ hashFiles('uv.lock') }}
Matrix Builds
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
python: ['3.11', '3.12']
Concurrency
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
Score
Total Score
Based on repository quality metrics
SKILL.mdファイルが含まれている
ライセンスが設定されている
100文字以上の説明がある
GitHub Stars 100以上
1ヶ月以内に更新
10回以上フォークされている
オープンIssueが50未満
プログラミング言語が設定されている
1つ以上のタグが設定されている
Reviews
Reviews coming soon
