tessl-labs/devops-essentials
DevOps essentials — Dockerfile best practices, CI/CD patterns, deployment configuration, and container security
89
1.21x
Quality
87%
Does it follow best practices?
Impact
100%
1.21xAverage score across 3 eval scenarios
Securityby
Passed
No known issues
deployment-config.jsonverifiers/
{
"instruction": "Applications must use environment variables for configuration, handle SIGTERM for graceful shutdown, and never commit secrets",
"relevant_when": "Agent creates or deploys a web application, API, or service that will run in production",
"context": "Following 12-factor app principles, all configuration must come from environment variables — never hardcoded. Applications must handle SIGTERM signals for graceful shutdown during container restarts and deployments. Secrets (.env files) must be in .gitignore, and a .env.example with placeholder values should be provided. Secret values must never appear in source code, Dockerfiles, or CI/CD configuration.",
"sources": [
{
"type": "file",
"filename": "skills/devops-essentials/SKILL.md",
"tile": "tessl-labs/devops-essentials@0.1.0"
}
],
"checklist": [
{
"name": "config-from-env-vars",
"rule": "All configuration (database URLs, API keys, ports, feature flags) comes from environment variables, not hardcoded values. A helper function or config module validates required env vars at startup.",
"relevant_when": "Agent creates application configuration or connects to external services"
},
{
"name": "graceful-shutdown",
"rule": "Application handles SIGTERM (and optionally SIGINT) signals to gracefully shut down — closing the HTTP server, finishing in-flight requests, and closing database connections before exiting.",
"relevant_when": "Agent creates a server or long-running process that will be deployed"
},
{
"name": "env-in-gitignore",
"rule": ".env and .env.* files are listed in .gitignore so secrets are never committed to version control.",
"relevant_when": "Agent creates or modifies .gitignore or sets up a new project"
},
{
"name": "env-example-provided",
"rule": "A .env.example file is provided with all required environment variable names and placeholder values (no real secrets), documenting what configuration the application needs.",
"relevant_when": "Agent creates a project that uses environment variables for configuration"
},
{
"name": "no-secrets-in-code",
"rule": "No passwords, API keys, tokens, or connection strings with credentials are hardcoded in source code, Dockerfiles, or configuration files.",
"relevant_when": "Agent writes code that connects to databases, APIs, or external services"
}
]
}