← 返回 Skills 市场
Caprover CI Deployments
作者
Thiago Guimarães
· GitHub ↗
· v1.0.0
377
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install caprover-ci-deploys
功能描述
Deploy apps to CapRover and set up GitHub Actions CI/CD workflows for new or existing projects. Use when the user says things like "deploy X", "trigger a dep...
使用说明 (SKILL.md)
CapRover Deploy
Overview
This skill enables deploying apps to CapRover just by asking. It supports two primary strategies:
- GitHub workflow_dispatch — triggers an existing CI/CD workflow (build + deploy)
- CapRover App Token / Webhook — directly triggers a CapRover build/deploy
Configuration
All credentials live in a config.json file in the skill directory (gitignored).
config.json Format
{
"caprover": {
"url": "https://captain.example.com",
"password": "YOUR_MASTER_PASSWORD"
},
"github": {
"token": "ghp_YOUR_GITHUB_PAT",
"owner": "your-github-username"
},
"apps": {
"myapp": {
"caprover_app_name": "myapp",
"github_repo": "your-username/myapp",
"github_workflow": "deploy.yml",
"default_branch": "main",
"caprover_app_token": "OPTIONAL_PER_APP_TOKEN",
"caprover_webhook_url": "OPTIONAL_WEBHOOK_URL_FROM_CAPROVER_DASHBOARD"
}
}
}
What each credential does
| Credential | Where to get it | Purpose |
|---|---|---|
caprover.url |
Your CapRover server | Base URL for API calls |
caprover.password |
CapRover dashboard | Master password for API auth |
github.token |
GitHub → Settings → Developer Settings → PAT | For triggering workflow_dispatch |
apps.*.caprover_app_token |
App → Deployment tab → Enable App Token | Per-app deploy without master password |
apps.*.caprover_webhook_url |
App → Deployment tab → Webhook URL | Trigger rebuild from configured git repo |
apps.*.github_workflow |
.github/workflows/ filename |
Which workflow to trigger |
Deploy Decision Flow
When user says "deploy X" (optionally "to branch Y"):
1. Read config.json
2. Look up app by name (fuzzy match)
3. Choose strategy:
a. If github.token + github_repo + github_workflow → use GitHub workflow_dispatch
b. Else if caprover_webhook_url → POST to webhook URL
c. Else if caprover_app_token → use caprover CLI
d. Ask user for missing config
4. Execute and report result
Strategy 1: GitHub Workflow Dispatch (Recommended)
curl -X POST \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/OWNER/REPO/actions/workflows/deploy.yml/dispatches \
-d '{"ref":"main"}'
Check run status:
curl -H "Authorization: Bearer $GITHUB_TOKEN" \
https://api.github.com/repos/OWNER/REPO/actions/runs?per_page=1
Strategy 2: CapRover Webhook Trigger
curl -X POST "WEBHOOK_URL_FROM_CONFIG"
The webhook URL is found in: CapRover Dashboard → Apps → [App Name] → Deployment Tab → Webhook URL
Strategy 3: CapRover App Token (CLI Deploy)
caprover deploy \
--caproverUrl https://captain.example.com \
--appToken "APP_TOKEN" \
--appName "myapp" \
--imageName "ghcr.io/owner/myapp:latest"
Conversational Triggers
| User says | Action |
|---|---|
| "deploy myapp" | Deploy default branch via best available strategy |
| "deploy myapp to main" | Deploy main branch |
| "deploy branch feat/ui to myapp" | GitHub dispatch with ref=feat/ui |
| "trigger a deploy of myapp" | Same as deploy |
| "check deploy status of myapp" | Fetch latest GitHub Actions run status |
| "what apps can I deploy?" | List apps from config.json |
Setting Up a New Project for CapRover Deploy
Step 1: Choose the right workflow template
| Scenario | Template |
|---|---|
| Has Dockerfile, push image to ghcr.io | assets/templates/deploy-image.yml |
| Node build step + tar deploy | assets/templates/deploy-tar.yml |
| Staging + production environments | assets/templates/deploy-multi-env.yml |
Step 2: Create workflow file in the project
mkdir -p PROJECT/.github/workflows
cp assets/templates/deploy-image.yml PROJECT/.github/workflows/deploy.yml
# Replace __APP_NAME__ with actual CapRover app name
sed -i 's/__APP_NAME__/myapp/g' PROJECT/.github/workflows/deploy.yml
Step 3: Add captain-definition (if needed for tar-based deploy)
cp assets/templates/captain-definition.json PROJECT/captain-definition
Step 4: Configure GitHub Secrets
Add these in GitHub → Repo → Settings → Secrets and variables → Actions:
| Secret name | Value |
|---|---|
CAPROVER_HOST |
CapRover URL, e.g. https://captain.example.com |
CAPROVER_APP_TOKEN |
From CapRover App → Deployment → Enable App Token |
For multi-env:
CAPROVER_APP_PROD,CAPROVER_APP_TOKEN_PRODCAPROVER_APP_STAGING,CAPROVER_APP_TOKEN_STAGING
Step 5: Commit and push
cd PROJECT
git add .github/workflows/deploy.yml captain-definition
git commit -m "ci: add CapRover deploy workflow"
git push
Notes
- The
caproverCLI may not be installed:npm install -g caprover - For private repos, the GitHub token needs
repo+workflowscopes - Always confirm the deploy was triggered (check API response or GitHub Actions UI)
- See
assets/templates/for workflow templates
安全使用建议
This skill appears to do what it says: it scaffolds GitHub Actions workflows and triggers CapRover deployments via GitHub API, webhooks, or the caprover CLI. Before installing or running it: 1) Review and keep the skill's config.json out of source control (it recommends gitignore) and avoid storing a CapRover master password unless necessary — prefer per-app tokens or webhooks. 2) Create a GitHub PAT with the minimal required scopes (repo + workflow) rather than a full-privilege token. 3) Inspect the included deploy.py (present in the package) before running it; it performs HTTP calls and may invoke the caprover CLI. 4) When adding workflow templates to repositories, confirm the secrets referenced (CAPROVER_HOST, CAPROVER_APP_TOKEN, etc.) are correct and scoped appropriately. 5) If you don't want the agent to trigger deployments autonomously, restrict invocation policies on your agent; autonomous invocation is platform-default but not a problem by itself. If you want higher assurance, run the script in a controlled environment or review it line-by-line — the only minor inconsistency found is that a 'caprover.password' field is documented but not used by the script, so avoid putting sensitive master credentials there unless you add code that needs them.
功能分析
Type: OpenClaw Skill
Name: caprover-ci-deploys
Version: 1.0.0
The skill is classified as suspicious due to significant vulnerabilities in credential handling and external command execution, despite no clear evidence of malicious intent. The `SKILL.md` and `scripts/deploy.py` explicitly describe and implement storing highly sensitive credentials (CapRover master password, GitHub Personal Access Token) in a local `config.json` file, making them vulnerable to local compromise. Additionally, `scripts/deploy.py` executes the `caprover` CLI via `subprocess.run`, which, while using a list of arguments to mitigate shell injection, still carries risks of argument injection or vulnerabilities within the `caprover` CLI itself.
能力评估
Purpose & Capability
Name/description match the included templates and the deploy.py script. Templates scaffold GitHub Actions workflows and the script implements triggering GitHub workflow_dispatch, posting CapRover webhooks, and invoking the CapRover CLI — all directly relevant to CapRover CI/CD.
Instruction Scope
Runtime instructions and the script limit actions to reading a local config.json, calling GitHub APIs, posting to CapRover webhook URLs, and optionally running the caprover CLI. One minor inconsistency: SKILL.md and config.json schema mention a CapRover master password, but the included deploy.py does not use caprover.password (it prefers app tokens/webhooks). Otherwise instructions do not instruct reading unrelated files or exfiltrating data to unknown endpoints.
Install Mechanism
This is instruction-only with no install spec; it includes a Python script and GitHub workflow templates. No remote downloads or archive extraction are performed by the skill package itself. The only install hint is recommending 'npm install -g caprover' if the CLI is needed — this is normal for the stated functionality.
Credentials
The skill requires storing credentials (GitHub PAT, CapRover app tokens or webhook URLs) in a local config.json and instructs adding GitHub repository secrets. These credentials are proportional to deployment tasks. Metadata does not declare required env vars (the skill is instruction-driven and expects a config.json), which is acceptable but worth noting: users must supply secrets manually. Prefer per-app tokens/webhooks over a CapRover master password; also ensure GitHub PAT has minimal scopes (repo + workflow where required).
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills' configs. It stores credentials in a local config.json (documented) and can be invoked autonomously by the agent (default behavior) — nothing excessive for this type of integration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install caprover-ci-deploys - 安装完成后,直接呼叫该 Skill 的名称或使用
/caprover-ci-deploys触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the CapRover Deploy skill.
- Deploy apps to CapRover and set up CI/CD via GitHub Actions for new or existing projects.
- Supports deploys via GitHub workflow dispatch, CapRover webhooks, or direct CLI.
- Provides workflow scaffolding, captain-definition, and GitHub secrets setup guidance.
- Recognizes conversational triggers for deploy actions and status checks.
- Offers deploy templates for Docker, tarball, and multi-environment setups.
元数据
常见问题
Caprover CI Deployments 是什么?
Deploy apps to CapRover and set up GitHub Actions CI/CD workflows for new or existing projects. Use when the user says things like "deploy X", "trigger a dep... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 377 次。
如何安装 Caprover CI Deployments?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install caprover-ci-deploys」即可一键安装,无需额外配置。
Caprover CI Deployments 是免费的吗?
是的,Caprover CI Deployments 完全免费(开源免费),可自由下载、安装和使用。
Caprover CI Deployments 支持哪些平台?
Caprover CI Deployments 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Caprover CI Deployments?
由 Thiago Guimarães(@guim4dev)开发并维护,当前版本 v1.0.0。
推荐 Skills