CtrlK
BlogDocsLog inGet started
Tessl Logo

gh-actions-validator

Validate use when validating GitHub Actions workflows for Google Cloud and Vertex AI deployments. Trigger with phrases like "validate github actions", "setup workload identity federation", "github actions security", "deploy agent with ci/cd", or "automate vertex ai deployment". Enforces Workload Identity Federation (WIF), validates OIDC permissions, ensures least privilege IAM, and implements security best practices.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill gh-actions-validator
What are skills?

77

1.19x

Quality

67%

Does it follow best practices?

Impact

98%

1.19x

Average score across 3 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./plugins/devops/jeremy-github-actions-gcp/skills/gh-actions-validator/SKILL.md
SKILL.md
Review
Evals

Evaluation results

94%

14%

Secure the Deployment Pipeline

WIF migration and workflow hardening

Criteria
Without context
With context

WIF auth action version

100%

100%

workload_identity_provider param

100%

100%

No JSON key reference

100%

100%

id-token write permission

100%

100%

WIF_PROVIDER secret

50%

100%

GCP_PROJECT_ID secret

40%

100%

checkout@v4

100%

100%

Security scan step

100%

100%

JSON key guardrail job

0%

53%

No privileged IAM roles

100%

100%

Without context: $0.3205 · 3m 18s · 17 turns · 18 in / 4,574 out tokens

With context: $0.4633 · 3m 57s · 25 turns · 1,041 in / 5,198 out tokens

100%

29%

Configure Keyless GCP Authentication for GitHub Actions

WIF setup configuration

Criteria
Without context
With context

OIDC issuer URI

100%

100%

Attribute mapping - subject

100%

100%

Attribute mapping - repository

100%

100%

Repository attribute condition

100%

100%

Pool name

0%

100%

Provider name

0%

100%

Service account name

0%

100%

workloadIdentityUser role

100%

100%

principalSet member scope

100%

100%

GitHub secrets documented

50%

100%

Without context: $0.2437 · 2m 6s · 10 turns · 11 in / 4,659 out tokens

With context: $0.4965 · 4m 7s · 26 turns · 1,377 in / 6,777 out tokens

100%

5%

Build a Production-Ready Vertex AI Agent Deployment Pipeline

Secure Vertex AI deployment workflow

Criteria
Without context
With context

WIF auth action

100%

100%

workload_identity_provider param

100%

100%

id-token write permission

100%

100%

us-central1 region

37%

100%

WIF_PROVIDER secret

100%

100%

GCP_PROJECT_ID secret

100%

100%

checkout@v4

100%

100%

Post-deploy validation

100%

100%

Least privilege IAM

100%

100%

Security scanning

100%

100%

Monitoring/alerting

100%

100%

Without context: $0.2345 · 2m 31s · 12 turns · 13 in / 4,058 out tokens

With context: $0.4966 · 4m 20s · 28 turns · 1,045 in / 5,925 out tokens

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Secure the Deployment PipelineConfigure Keyless GCP Authentication for GitHub ActionsBuild a Production-Ready Vertex AI Agent Deployment Pipeline

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill