← Back to Skills Marketplace
zlszhonglongshen

docker-ci-release-pipeline

by zlszhonglongshen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
62
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install docker-ci-release-pipeline
Description
Docker镜像构建测试与GitHub Actions发布全链路流水线,自动构建、测试、安全扫描并推送至镜像仓库
README (SKILL.md)

Docker CI Release Pipeline

自动化 Docker 镜像构建、测试、安全扫描与发布全链路流水线。

业务场景

开发团队需要将应用容器化并通过 GitHub Actions 自动发布到镜像仓库。传统做法需要手动编写 Dockerfile、优化构建、配置 CI、设置安全扫描,流程割裂且容易出错。

本 Combo 编排 docker-expert、github-actions-templates、testing-patterns、github 四个 Skill,一次性完成从镜像优化到自动发布的完整闭环。

工作流程

  1. docker-expert 分析项目结构,生成生产级 Dockerfile(含多阶段构建、安全加固、健康检查)
  2. testing-patterns 生成容器内的集成测试用例(Jest + supertest 或 pytest)
  3. github-actions-templates 生成完整的 GitHub Actions 工作流(构建→测试→扫描→推送)
  4. github 验证工作流执行状态,处理失败的构建步骤

核心功能

  • 多阶段构建:构建依赖与运行时分离,镜像体积最小化
  • 安全加固:非root用户、只读文件系统、最小化基础镜像
  • 依赖缓存:利用 BuildKit cache-mount 加速重复构建
  • 安全扫描:Trivy 漏洞扫描 + Snyk 依赖扫描
  • 多架构支持:linux/amd64 + linux/arm64 并行构建
  • 镜像标签策略:branch / PR / semver 自动打标

使用方法

触发词

Docker构建镜像发布CI/CD

输入

提供待容器化的项目目录结构和语言/框架信息

输出

  • 优化后的 Dockerfile(多阶段、安全加固)
  • docker-compose.yml(dev/staging/prod 三环境)
  • .github/workflows/build-push.yml(完整 CI 工作流)
  • 测试文件(在 tests/__tests__/ 目录)
  • .dockerignore(构建上下文优化)

示例工作流

# 触发条件
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  tags: ['v*']

# 流程:Checkout → Setup Buildx → Build & Test → Security Scan → Push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build Docker image
        run: docker build --target production -t app:${{ github.sha }} .
      - name: Run tests in container
        run: docker run --rm app:${{ github.sha }} npm test
      - name: Security scan
        uses: aquasecurity/trivy-action@master
      - name: Push to registry
        if: github.ref == 'refs/heads/main'
        run: docker push ghcr.io/${{ github.repository }}:${{ github.sha }}

技术细节

  • 基础镜像推荐:Alpine / Distroless / Scratch(生产)
  • 多架构构建:docker buildx(linux/amd64, linux/arm64)
  • 构建缓存:GitHub Actions Cache(GHA)驱动
  • 镜像仓库:GHCR(GitHub Container Registry)优先
  • 安全扫描:Trivy(文件系统)+ Snyk(依赖)双扫描
Usage Guidance
This skill appears to do what it says (generate Dockerfiles, tests and GitHub Actions workflows). Before installing or running it: 1) Expect to provide GitHub and registry credentials (GITHUB_TOKEN, GHCR or Docker registry credentials) and any Snyk/Trivy credentials the workflow/actions require — verify where and how those are supplied (use GitHub Secrets). 2) Review any generated .github/workflows/*.yml before committing to ensure they don't echo secrets or push to production unintentionally. 3) Confirm the downstream skills it composes (docker-expert, github, testing-patterns, github-actions-templates) are trusted and understand their own credential requirements. 4) If you need higher assurance, ask the publisher for an explicit list of required env vars/permissions and a sample generated workflow so you can audit actions and permissions.
Capability Analysis
Type: OpenClaw Skill Name: docker-ci-release-pipeline Version: 1.0.0 The skill bundle is a legitimate orchestration tool designed to automate Docker CI/CD pipelines. It coordinates multiple sub-skills (docker-expert, testing-patterns, etc.) to generate Dockerfiles, test cases, and GitHub Actions workflows with a focus on security best practices such as multi-stage builds, non-root users, and vulnerability scanning via Trivy and Snyk. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or workflow.json.
Capability Assessment
Purpose & Capability
The skill claims to produce production-ready Dockerfiles, tests, and GitHub Actions workflows and the README/workflow.json/SKILL.md all align with that purpose. However, it composes other skills (docker-expert, testing-patterns, github-actions-templates, github) that in real usage will typically require credentials and environment configuration (e.g., GITHUB_TOKEN, registry credentials) which this skill does not declare.
Instruction Scope
Runtime instructions are limited to analyzing a project directory, generating Dockerfile/docker-compose/.github workflows and tests, and validating CI runs. They do not instruct the agent to read unrelated system files or exfiltrate data. The only scope concern is that verifying workflow execution (the 'github' step) implies API access to external services.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — lowest install risk. Nothing is written to disk by an installer, though the skill will generate files in the user's project when invoked.
Credentials
The skill declares no required environment variables, but practical operation will need credentials: GitHub API token(s) for workflow verification and pushing to GHCR (or other registry auth), and possibly Snyk/Trivy credentials or third-party action tokens. The lack of declared env vars is a gap — confirm which tokens/secrets are required and that they are provided via appropriate secret stores (e.g., GitHub Secrets), not hard-coded.
Persistence & Privilege
always is false and there are no config-path or system modifications requested. The skill does not request persistent, elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install docker-ci-release-pipeline
  3. After installation, invoke the skill by name or use /docker-ci-release-pipeline
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
docker-ci-release-pipeline v1.0.0 - 首发版本:自动化 Docker 镜像构建、测试、安全扫描与发布全链路流水线 - 集成 docker-expert、github-actions-templates、testing-patterns、github 四个技能模块 - 支持多阶段构建、安全加固、依赖缓存、多架构发布等主流实践 - 自动生成生产级优化 Dockerfile、测试用例、CI 工作流、环境配置文件 - 实现一键自动化从镜像优化到推送的完整 DevOps 闭环
Metadata
Slug docker-ci-release-pipeline
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is docker-ci-release-pipeline?

Docker镜像构建测试与GitHub Actions发布全链路流水线,自动构建、测试、安全扫描并推送至镜像仓库. It is an AI Agent Skill for Claude Code / OpenClaw, with 62 downloads so far.

How do I install docker-ci-release-pipeline?

Run "/install docker-ci-release-pipeline" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is docker-ci-release-pipeline free?

Yes, docker-ci-release-pipeline is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does docker-ci-release-pipeline support?

docker-ci-release-pipeline is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created docker-ci-release-pipeline?

It is built and maintained by zlszhonglongshen (@zlszhonglongshen); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments