← 返回 Skills 市场

docker-ci-release-pipeline

Name: docker-ci-release-pipeline
Author: zlszhonglongshen

作者 zlszhonglongshen · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install docker-ci-release-pipeline

功能描述

Docker镜像构建测试与GitHub Actions发布全链路流水线，自动构建、测试、安全扫描并推送至镜像仓库

使用说明 (SKILL.md)

Docker CI Release Pipeline

自动化 Docker 镜像构建、测试、安全扫描与发布全链路流水线。

业务场景

开发团队需要将应用容器化并通过 GitHub Actions 自动发布到镜像仓库。传统做法需要手动编写 Dockerfile、优化构建、配置 CI、设置安全扫描，流程割裂且容易出错。

本 Combo 编排 docker-expert、github-actions-templates、testing-patterns、github 四个 Skill，一次性完成从镜像优化到自动发布的完整闭环。

工作流程

docker-expert 分析项目结构，生成生产级 Dockerfile（含多阶段构建、安全加固、健康检查）
testing-patterns 生成容器内的集成测试用例（Jest + supertest 或 pytest）
github-actions-templates 生成完整的 GitHub Actions 工作流（构建→测试→扫描→推送）
github 验证工作流执行状态，处理失败的构建步骤

核心功能

多阶段构建：构建依赖与运行时分离，镜像体积最小化
安全加固：非root用户、只读文件系统、最小化基础镜像
依赖缓存：利用 BuildKit cache-mount 加速重复构建
安全扫描：Trivy 漏洞扫描 + Snyk 依赖扫描
多架构支持：linux/amd64 + linux/arm64 并行构建
镜像标签策略：branch / PR / semver 自动打标

使用方法

触发词

Docker构建 或 镜像发布 或 CI/CD

输入

提供待容器化的项目目录结构和语言/框架信息

输出

优化后的 Dockerfile（多阶段、安全加固）
docker-compose.yml（dev/staging/prod 三环境）
.github/workflows/build-push.yml（完整 CI 工作流）
测试文件（在 tests/ 或 __tests__/ 目录）
.dockerignore（构建上下文优化）

示例工作流

# 触发条件
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  tags: ['v*']

# 流程：Checkout → Setup Buildx → Build & Test → Security Scan → Push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build Docker image
        run: docker build --target production -t app:${{ github.sha }} .
      - name: Run tests in container
        run: docker run --rm app:${{ github.sha }} npm test
      - name: Security scan
        uses: aquasecurity/trivy-action@master
      - name: Push to registry
        if: github.ref == 'refs/heads/main'
        run: docker push ghcr.io/${{ github.repository }}:${{ github.sha }}

技术细节

基础镜像推荐：Alpine / Distroless / Scratch（生产）
多架构构建：docker buildx（linux/amd64, linux/arm64）
构建缓存：GitHub Actions Cache（GHA）驱动
镜像仓库：GHCR（GitHub Container Registry）优先
安全扫描：Trivy（文件系统）+ Snyk（依赖）双扫描

安全使用建议

This skill appears to do what it says (generate Dockerfiles, tests and GitHub Actions workflows). Before installing or running it: 1) Expect to provide GitHub and registry credentials (GITHUB_TOKEN, GHCR or Docker registry credentials) and any Snyk/Trivy credentials the workflow/actions require — verify where and how those are supplied (use GitHub Secrets). 2) Review any generated .github/workflows/*.yml before committing to ensure they don't echo secrets or push to production unintentionally. 3) Confirm the downstream skills it composes (docker-expert, github, testing-patterns, github-actions-templates) are trusted and understand their own credential requirements. 4) If you need higher assurance, ask the publisher for an explicit list of required env vars/permissions and a sample generated workflow so you can audit actions and permissions.

功能分析

Type: OpenClaw Skill Name: docker-ci-release-pipeline Version: 1.0.0 The skill bundle is a legitimate orchestration tool designed to automate Docker CI/CD pipelines. It coordinates multiple sub-skills (docker-expert, testing-patterns, etc.) to generate Dockerfiles, test cases, and GitHub Actions workflows with a focus on security best practices such as multi-stage builds, non-root users, and vulnerability scanning via Trivy and Snyk. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or workflow.json.

能力评估

ℹ Purpose & Capability

The skill claims to produce production-ready Dockerfiles, tests, and GitHub Actions workflows and the README/workflow.json/SKILL.md all align with that purpose. However, it composes other skills (docker-expert, testing-patterns, github-actions-templates, github) that in real usage will typically require credentials and environment configuration (e.g., GITHUB_TOKEN, registry credentials) which this skill does not declare.

✓ Instruction Scope

Runtime instructions are limited to analyzing a project directory, generating Dockerfile/docker-compose/.github workflows and tests, and validating CI runs. They do not instruct the agent to read unrelated system files or exfiltrate data. The only scope concern is that verifying workflow execution (the 'github' step) implies API access to external services.

✓ Install Mechanism

Instruction-only skill with no install spec or downloaded code — lowest install risk. Nothing is written to disk by an installer, though the skill will generate files in the user's project when invoked.

ℹ Credentials

The skill declares no required environment variables, but practical operation will need credentials: GitHub API token(s) for workflow verification and pushing to GHCR (or other registry auth), and possibly Snyk/Trivy credentials or third-party action tokens. The lack of declared env vars is a gap — confirm which tokens/secrets are required and that they are provided via appropriate secret stores (e.g., GitHub Secrets), not hard-coded.

✓ Persistence & Privilege

always is false and there are no config-path or system modifications requested. The skill does not request persistent, elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install docker-ci-release-pipeline
安装完成后，直接呼叫该 Skill 的名称或使用 /docker-ci-release-pipeline 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

docker-ci-release-pipeline v1.0.0 - 首发版本：自动化 Docker 镜像构建、测试、安全扫描与发布全链路流水线 - 集成 docker-expert、github-actions-templates、testing-patterns、github 四个技能模块 - 支持多阶段构建、安全加固、依赖缓存、多架构发布等主流实践 - 自动生成生产级优化 Dockerfile、测试用例、CI 工作流、环境配置文件 - 实现一键自动化从镜像优化到推送的完整 DevOps 闭环

元数据

Slug docker-ci-release-pipeline

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题