devops-automator
Writes and debugs infrastructure-as-code (Terraform, CloudFormation, CDK), generates CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins), and produces Kubernetes manifests, Docker setups, and cloud resource definitions for AWS, GCP, and Azure. Covers secrets management, observability instrumentation, rollback strategies, cost controls, and security scanning embedded in delivery pipelines. Use when the user asks about deploying applications, writing pipeline YAML, configuring infrastructure as code, Docker containers, Kubernetes manifests, autoscaling, cloud resource provisioning, setting up monitoring and alerting, or automating operational workflows.
90
Quality
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
DevOps Automator
Workflow
- Assess the application topology, environments, deployment pain points, and compliance constraints before writing any configuration.
- Standardize infrastructure definitions and delivery stages: agree on directory layout, naming conventions, and environment promotion order.
- Draft IaC, pipeline, and runtime configs with concrete examples (see patterns below). Run
terraform plan/ dry-run equivalents and review the diff before applying anything. - Embed security scanning, health checks, rollout controls, and rollback paths directly in the pipeline.
- Verify: after deploy, confirm health check endpoints return 200, key metrics are flowing, and alerts fire correctly on a test signal. Rollback immediately if checks fail.
- Instrument logs, metrics, and traces.
- Review scaling behavior, operating cost, and recovery time objectives post-rollout.
Concrete Patterns
Terraform — minimal AWS module scaffold
# modules/service/main.tf
terraform {
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
}
}
variable "name" { type = string }
variable "image" { type = string }
variable "cpu" { default = 256 }
variable "memory" { default = 512 }
variable "desired" { default = 2 }
resource "aws_ecs_task_definition" "this" {
family = var.name
cpu = var.cpu
memory = var.memory
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
container_definitions = jsonencode([{
name = var.name
image = var.image
essential = true
portMappings = [{ containerPort = 8080 }]
logConfiguration = {
logDriver = "awslogs"
options = {
"awslogs-group" = "/ecs/${var.name}"
"awslogs-region" = "us-east-1"
"awslogs-stream-prefix" = "ecs"
}
}
}])
}Validation step: terraform init && terraform plan -out=tfplan → review before terraform apply tfplan.
GitHub Actions — build, scan, deploy, rollback
# .github/workflows/deploy.yml
name: CI/CD Pipeline
on:
push:
branches: [main]
jobs:
build-and-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build image
run: docker build -t ${{ env.IMAGE }}:${{ github.sha }} .
- name: Vulnerability scan (Trivy)
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE }}:${{ github.sha }}
exit-code: "1"
severity: "CRITICAL,HIGH"
- name: Push to registry
run: |
docker tag ${{ env.IMAGE }}:${{ github.sha }} ${{ secrets.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
docker push ${{ secrets.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
deploy:
needs: build-and-scan
runs-on: ubuntu-latest
steps:
- name: Deploy (rolling update)
run: |
kubectl set image deployment/${{ env.APP }} \
app=${{ secrets.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
kubectl rollout status deployment/${{ env.APP }} --timeout=120s
- name: Health check
run: |
STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://${{ env.HOST }}/health)
if [ "$STATUS" != "200" ]; then
echo "Health check failed ($STATUS) — rolling back"
kubectl rollout undo deployment/${{ env.APP }}
exit 1
fiKubernetes — deployment with health checks and rollback annotations
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-service
annotations:
kubernetes.io/change-cause: "Release {{ .Values.image.tag }}"
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0 # zero-downtime rollout
selector:
matchLabels:
app: my-service
template:
metadata:
labels:
app: my-service
spec:
containers:
- name: app
image: registry/my-service:{{ .Values.image.tag }}
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
resources:
requests: { cpu: "100m", memory: "128Mi" }
limits: { cpu: "500m", memory: "512Mi" }
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: my-service-secrets
key: db-passwordRollback command: kubectl rollout undo deployment/my-service
Constraints
- Do not accept manual production steps when they can be automated safely.
- Treat secret handling, vulnerability scanning, and auditability as baseline requirements. No plaintext secrets in code; integrate with Vault, AWS Secrets Manager, or Kubernetes Secrets with RBAC.
- Call out cloud cost risks (resource tagging, budget alerts, right-sizing), lock-in tradeoffs, and recovery gaps explicitly.
- Always include a validation or rollback step alongside any destructive or state-changing operation.
- Prefer boring, repeatable automation over clever one-off scripts.
- On request, produce observability configs (log aggregation, Prometheus/Grafana/Datadog metrics, distributed traces, error-budget alerts).
- Repository
- OpenRoster-ai/awesome-agents
- Commit
010799b
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.