Name: uinaf/gh-deploy-pipeline
Rating: 99.1 (1 reviews)
Author: uinaf

uinaf/gh-deploy-pipeline

Set up or align a GitHub Actions deploy pipeline for an app or service. Use when standardizing repos around the verify-then-deploy shape: push to main → detect affected lanes → verify and build artifacts → e2e → deploy each lane to its host (Cloudflare Pages, AWS Amplify, GHCR + VPS).

1.21x

Quality

100%

Does it follow best practices?

Impact

97%

1.21x

Average score across 4 eval scenarios

Securityby

Passed

No known issues

{
  "context": "Tests whether the agent checks and preserves a known-good sibling deploy workflow instead of replacing it with a generic marketplace action or new shell.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses local composite action",
      "description": "The workflow deploys via `./.github/actions/cloudflare-pages-deploy` rather than a new marketplace deploy action",
      "max_score": 14
    },
    {
      "name": "Composite matches sibling shape",
      "description": "The composite action uses Wrangler with `CLOUDFLARE_API_TOKEN` and `CLOUDFLARE_ACCOUNT_ID` from env, matching the provided sibling pattern",
      "max_score": 12
    },
    {
      "name": "Artifact pass-through",
      "description": "The deploy job downloads the artifact uploaded by the verify/build job and does not rebuild",
      "max_score": 12
    },
    {
      "name": "E2E uses artifact",
      "description": "The e2e job also downloads the built artifact instead of running a separate build",
      "max_score": 10
    },
    {
      "name": "Smoke after deploy",
      "description": "The smoke check runs after the deploy step and hits the deployed URL",
      "max_score": 12
    },
    {
      "name": "Smoke fails closed",
      "description": "The smoke check uses `curl -fsS` or equivalent so non-2xx responses fail the job",
      "max_score": 8
    },
    {
      "name": "No unexplained marketplace swap",
      "description": "The solution does not introduce a marketplace deploy action unless it explicitly explains why the provided sibling composite action does not fit",
      "max_score": 10
    },
    {
      "name": "Mentions sibling precedent",
      "description": "The answer or generated docs mention that the workflow follows the existing `uinaf-console` deploy pattern",
      "max_score": 8
    },
    {
      "name": "Uses narrow credentials",
      "description": "The workflow uses `vars.CLOUDFLARE_ACCOUNT_ID` and `secrets.CLOUDFLARE_API_TOKEN`, not hardcoded credentials",
      "max_score": 7
    },
    {
      "name": "Deploy concurrency safe",
      "description": "The deploy job has non-cancellable concurrency for the production deploy target",
      "max_score": 7
    }
  ]
}

evals

scenario-1

scenario-2

scenario-3

scenario-4

references

uinaf/gh-deploy-pipeline

criteria.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-4/

criteria.jsonevals/scenario-4/