CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/devops-essentials

DevOps essentials — Dockerfile best practices, CI/CD patterns, deployment configuration, and container security

89

1.21x
Quality

87%

Does it follow best practices?

Impact

100%

1.21x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

cicd-pipeline-patterns.jsonverifiers/

{
  "instruction": "CI/CD pipelines must have separate build, test, and deploy stages with proper gating, dependency caching, and secrets management",
  "relevant_when": "Agent creates or modifies a CI/CD pipeline configuration (GitHub Actions, GitLab CI, Jenkins, etc.)",
  "context": "CI/CD pipelines must enforce quality gates: lint, type-check, and test must all pass before deployment. Stages must be separate and ordered so that failures are caught early. Dependencies must be cached between runs for performance. Secrets must never appear in pipeline configuration files — use repository secrets or environment variables that reference secret stores.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/devops-essentials/SKILL.md",
      "tile": "tessl-labs/devops-essentials@0.1.0"
    }
  ],
  "checklist": [
    {
      "name": "separate-stages",
      "rule": "Pipeline has distinct stages or jobs for linting/type-checking, testing, and deployment. These are not combined into a single step.",
      "relevant_when": "Agent creates a CI/CD pipeline configuration"
    },
    {
      "name": "test-before-deploy",
      "rule": "Deploy stage depends on test stage passing. Deployment does not proceed if tests fail. This is enforced via needs/dependencies/stage ordering.",
      "relevant_when": "Agent creates a CI/CD pipeline with a deploy step"
    },
    {
      "name": "dependency-caching",
      "rule": "Pipeline caches dependencies between runs (e.g., actions/setup-node with cache, pip cache, go mod cache) to avoid re-downloading on every run.",
      "relevant_when": "Agent creates a CI/CD pipeline that installs dependencies"
    },
    {
      "name": "no-secrets-in-config",
      "rule": "No secrets, passwords, API keys, or connection strings are hardcoded in the pipeline configuration file. Secrets are referenced via ${{ secrets.NAME }} or equivalent secret store mechanism.",
      "relevant_when": "Agent creates a CI/CD pipeline that uses credentials or API keys"
    },
    {
      "name": "deploy-only-on-main",
      "rule": "Deploy step only runs on the main/production branch, not on pull requests or feature branches.",
      "relevant_when": "Agent creates a CI/CD pipeline with deployment"
    }
  ]
}

verifiers

cicd-pipeline-patterns.json

deployment-config.json

dockerfile-best-practices.json

tile.json