← Back to Skills Marketplace
1947
Downloads
3
Stars
18
Active Installs
1
Versions
Install in OpenClaw
/install ci-cd
Description
Automate builds, tests, and deployments across web, mobile, and backend applications.
README (SKILL.md)
When to Use
Trigger on: automated deployment, continuous integration, pipeline setup, GitHub Actions, GitLab CI, build failing, deploy automatically, CI configuration, release automation.
Platform Selection
| Stack | Recommended | Why |
|---|---|---|
| Web (Next.js, Nuxt, static) | Vercel, Netlify | Zero-config, auto-deploys, preview URLs |
| Mobile (iOS/Android/Flutter) | Codemagic, Bitrise + Fastlane | Pre-configured signing, app store upload |
| Backend/Docker | GitHub Actions, GitLab CI | Full control, self-hosted runners option |
| Monorepo | Nx/Turborepo + GHA | Affected detection, build caching |
Decision tree: If platform handles deploy automatically (Vercel, Netlify) → skip custom CI. Only add GitHub Actions when you need tests, custom builds, or deploy to your own infra.
Quick Start Templates
For copy-paste workflows, see templates.md.
Common Pipeline Pitfalls
| Mistake | Impact | Fix |
|---|---|---|
Using latest image tags |
Builds break randomly | Pin versions: node:20.11.0 |
| Not caching dependencies | +5-10 min per build | Cache node_modules, .next/cache |
| Secrets in workflow files | Leaked in logs/PRs | Use platform secrets, OIDC for cloud |
Missing timeout-minutes |
Stuck jobs burn budget | Always set: timeout-minutes: 15 |
No concurrency control |
Redundant runs on rapid pushes | Group by branch/PR |
| Building on every push | Wasted resources | Build on push to main, test on PRs |
Mobile-Specific: Code Signing
The #1 pain point. iOS requires certificates + provisioning profiles. Android requires keystores.
The fix: Use Fastlane Match — stores certs/profiles in git repo, syncs across team and CI.
# One-time setup
fastlane match init
fastlane match appstore
# In CI
fastlane match appstore --readonly
For detailed mobile CI/CD patterns (iOS, Android, Flutter), see mobile.md.
Web-Specific: Build Caching
Next.js/Nuxt builds are slow without cache. The No Cache Detected warning = full rebuild.
# GitHub Actions: persist Next.js cache
- uses: actions/cache@v4
with:
path: .next/cache
key: nextjs-${{ hashFiles('**/package-lock.json') }}
For framework-specific configs, see web.md.
Debugging Failed Builds
| Error Pattern | Likely Cause | Check |
|---|---|---|
| Works locally, fails in CI | Environment drift | Node version, env vars, OS |
| Intermittent failures | Flaky tests, resource limits | Retry logic, increase timeout |
ENOENT / file not found |
Build order, missing artifact | Check needs: dependencies |
| Exit code 137 | Out of memory | Use larger runner or optimize |
| Certificate/signing errors | Expired or mismatched creds | Regenerate with Match/Fastlane |
What This Doesn't Cover
- Container orchestration (Kubernetes) → see
k8sskill - Server configuration → see
serverskill - Monitoring and observability → see
monitoringskill
Usage Guidance
This skill is a coherent CI/CD guide and contains useful templates, but it references many secrets and sensitive actions (mobile code-signing, decoding keystores, SSH deploy keys, registry tokens) while the registry metadata declares no required env vars. Before installing or using it: (1) review every template and workflow it suggests and only copy what you understand; (2) never paste real credentials into example files — use your CI platform's secret store or short-lived OIDC tokens; (3) avoid storing private keys/certificates in plain git unless you understand Fastlane Match's encryption and access controls; (4) because the skill owner is unknown, treat these templates as untrusted third-party guidance and audit any generated workflows for accidental secret leakage or overly broad access (e.g., ensure deploy jobs only run on protected branches); (5) if you need the agent to apply templates automatically, restrict which secrets it can access and consider running in a least-privilege CI environment. If you want a cleaner security posture, ask the skill author to declare required env vars in metadata and to provide guidance for secure secret handling (OIDC, ephemeral tokens) rather than base64-decoding or embedding keys.
Capability Analysis
Type: OpenClaw Skill
Name: ci-cd
Version: 1.0.0
The OpenClaw AgentSkills skill bundle for CI-CD provides documentation and templates for common continuous integration and deployment tasks. It demonstrates standard practices for handling sensitive data like code signing credentials and SSH keys using platform-specific secret management (e.g., GitHub Secrets). While actions such as deploying via SSH/SCP and decoding base64-encoded keystores involve powerful capabilities, they are directly aligned with the stated purpose of automating builds and deployments and do not exhibit any indicators of intentional malicious behavior, data exfiltration, persistence, or prompt injection against the agent. All commands and configurations are standard and transparent.
Capability Assessment
Purpose & Capability
Name and description (CI/CD automation) match the content: workflow templates, mobile signing, build caching, and deployment patterns are all relevant to CI/CD tasks.
Instruction Scope
The runtime docs instruct use of many CI secrets and file operations (e.g., MATCH_PASSWORD, MATCH_GIT_AUTH, KEYSTORE_BASE64 decoding, KEYSTORE_PASSWORD, SSH_KEY, GITHUB_TOKEN) and recommend storing code signing artifacts in a git-backed Fastlane Match repo. The skill files instruct reading and injecting secrets into CI jobs and decoding/uploading private keys — actions that go beyond simple templating and involve handling sensitive credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads or archive extraction are present, which keeps disk-write and remote-install risk low.
Credentials
Registry metadata lists no required environment variables, but the SKILL.md and included templates explicitly reference many secrets and env vars needed for real-world use (match secrets, keystore secrets, SSH credentials, Docker/GHCR auth). The skill therefore under-declares its credential needs, creating a transparency gap about what will be required/used.
Persistence & Privilege
Skill is not always-enabled, has no install steps that modify agent config, and doesn't request persistence or system-wide changes. Autonomous invocation is allowed by default (normal) but not combined here with other elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ci-cd - After installation, invoke the skill by name or use
/ci-cd - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is CI-CD?
Automate builds, tests, and deployments across web, mobile, and backend applications. It is an AI Agent Skill for Claude Code / OpenClaw, with 1947 downloads so far.
How do I install CI-CD?
Run "/install ci-cd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is CI-CD free?
Yes, CI-CD is completely free (open-source). You can download, install and use it at no cost.
Which platforms does CI-CD support?
CI-CD is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created CI-CD?
It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.
More Skills