Name: uinaf/gh-deploy-pipeline
Rating: 99.1 (1 reviews)
Author: uinaf

uinaf/gh-deploy-pipeline

Set up or align a GitHub Actions deploy pipeline for an app or service. Use when standardizing repos around the verify-then-deploy shape: push to main → detect affected lanes → verify and build artifacts → e2e → deploy each lane to its host (Cloudflare Pages, AWS Amplify, GHCR + VPS).

1.21x

Quality

100%

Does it follow best practices?

Impact

97%

1.21x

Average score across 4 eval scenarios

Securityby

Passed

No known issues

{
  "context": "Tests whether the agent sets up lane-independent change detection that only builds/deploys affected apps, uses correct concurrency settings (non-cancellable deploy, cancellable verify/e2e, same group key across main.yml and deploy.yml), and uses the correct job condition syntax for deploy gates.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "paths-filter for detection",
      "description": "Uses dorny/paths-filter@v4 (not v2 or v3) to detect which lane changed",
      "max_score": 8
    },
    {
      "name": "Lockfile in filter",
      "description": "The paths-filter includes the package lockfile (package-lock.json, pnpm-lock.yaml, yarn.lock, or similar) in at least one lane's filter rules",
      "max_score": 8
    },
    {
      "name": "fetch-depth 0 on changes job",
      "description": "The changes/detect job's checkout step includes `fetch-depth: 0`",
      "max_score": 9
    },
    {
      "name": "Lane conditional build",
      "description": "Each verify/build job has an `if:` condition that gates it on the corresponding lane being detected as changed (referencing the changes job output)",
      "max_score": 8
    },
    {
      "name": "Deploy non-cancellable",
      "description": "The deploy job(s) include `concurrency: { cancel-in-progress: false }` (or equivalent)",
      "max_score": 10
    },
    {
      "name": "Verify/e2e cancellable",
      "description": "At least one verify or e2e job includes `concurrency: { cancel-in-progress: true }` (or equivalent)",
      "max_score": 8
    },
    {
      "name": "Concurrency group lane-scoped",
      "description": "The deploy concurrency group key is scoped to (environment, lane) — e.g. `deploy-production-web` — NOT scoped to `${{ github.ref }}`",
      "max_score": 9
    },
    {
      "name": "Shared concurrency key",
      "description": "The deploy concurrency group key in main.yml and in deploy.yml (or the manual re-deploy section) uses the same string value",
      "max_score": 10
    },
    {
      "name": "Explicit result check",
      "description": "Deploy job `if:` condition uses `needs.<job>.result == 'success'` (NOT `success()`) for each upstream dependency",
      "max_score": 10
    },
    {
      "name": "Manual deploy workflow",
      "description": "A separate workflow_dispatch workflow exists (deploy.yml or equivalent) for manually re-deploying a specific ref without re-running verify",
      "max_score": 8
    },
    {
      "name": "ref input to checkout",
      "description": "The manual deploy workflow's checkout step passes `ref: ${{ inputs.ref }}` (or equivalent) to ensure the requested ref is checked out",
      "max_score": 8
    },
    {
      "name": "Independent lane verification",
      "description": "The written explanation or workflow structure shows that a change to only one app does not trigger the build/deploy of the other app (each lane's jobs are gated independently)",
      "max_score": 4
    }
  ]
}

evals

scenario-1

criteria.json

task.md

scenario-2

scenario-3

scenario-4

references

SKILL.md

tile.json

uinaf/gh-deploy-pipeline

criteria.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-1/

criteria.jsonevals/scenario-1/