azure-pipelines-validator

仓库: akin-ozer/cc-devops-skills
安装量: 41
排名: #17505

安装

npx skills add https://github.com/akin-ozer/cc-devops-skills --skill azure-pipelines-validator
Azure Pipelines Validator
Use this skill to validate Azure DevOps pipeline YAML (
azure-pipelines.yml
/
azure-pipelines.yaml
) with local scripts first, then escalate to docs only when local output is not enough.
Trigger Phrases
Use this skill when the user asks things like:
"Validate my
azure-pipelines.yml
."
"Why is this Azure pipeline YAML failing?"
"Run a security scan on this Azure DevOps pipeline."
"Check this pipeline for best-practice issues."
"Review this pipeline in CI before merge."
Do not use this skill for pipeline generation from scratch. Use
azure-pipelines-generator
for that.
Deterministic Path Setup (No Ambiguity)
Run from any directory using explicit absolute paths:
REPO_ROOT
=
"
$(
git
rev-parse --show-toplevel
2
>
/dev/null
)
"
SKILL_DIR
=
"
$REPO_ROOT
/devops-skills-plugin/skills/azure-pipelines-validator"
PIPELINE_FILE
=
"
$REPO_ROOT
/azure-pipelines.yml"
If
REPO_ROOT
is empty, stop and ask for the repository root path. Do not guess paths.
Validate one file:
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
"
$PIPELINE_FILE
"
Auto-detect from current directory (up to depth 3):
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
If auto-detect returns multiple files, rerun with one explicit file path.
Local-First Execution Model
Preflight
Confirm
bash
and
python3
are available.
Confirm target file exists.
Run local validator
Default full pass:
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
"
$PIPELINE_FILE
"
Syntax only:
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
"
$PIPELINE_FILE
"
--syntax-only
Best practices only:
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
"
$PIPELINE_FILE
"
--best-practices
Security only:
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
"
$PIPELINE_FILE
"
--security-only
Strict mode (warnings fail):
bash
"
$SKILL_DIR
/scripts/validate_azure_pipelines.sh"
"
$PIPELINE_FILE
"
--strict
Interpret exit behavior
0
pass (or non-blocking checks only)
1
validation failed (blocking issues)
2
invalid invocation (missing/ambiguous file or bad args) Return findings in the report format below. Expected Report Format (Severity Buckets) Always return results in this structure: Validation Report: Summary: - Blocking: # Syntax errors + Security critical/high - Warning: # Security medium/low + best-practice warnings - Info: # Suggestions - Skipped: # Explicitly name skipped checks Findings: - [Blocking][syntax][] line - - [Blocking][security-high][] line - - [Warning][security-medium][] line - - [Warning][best-practice][] line - - [Info][best-practice][] line - Remediation: - Execution Notes: - Commands run: - Environment/fallback notes: Escalation Policy (Docs Only When Needed) Run local checks first. Escalate only when at least one condition is true: Local finding depends on current upstream behavior (task versions, deprecations, new inputs). User asks for "latest/current/recent" Azure Pipelines task or schema details. Local scripts cannot determine validity for a specific task/resource syntax. Escalation order: Context7 docs tooling first. mcp__context7__resolve-library-id(...) mcp__context7__query-docs(...) Official docs second ( learn.microsoft.com / Microsoft Azure DevOps docs). General web search only if the first two are insufficient. When escalating, cite the source URL and state what local check could not answer. Fallback Behavior Use this matrix when tools are unavailable: Condition: yamllint unavailable. Action: Continue with syntax/best-practice/security checks. Report note: "YAML lint skipped because yamllint is unavailable." Condition: python3 unavailable or venv/dependency setup fails. Action: Mark scripted validation blocked; perform manual YAML review only if requested. Report note: "Local scripted validation blocked by missing Python runtime/dependencies." Condition: No network while dependencies/docs are needed. Action: Run whatever local checks are still possible; defer doc/version verification. Report note: "External verification deferred due offline environment." Condition: Multiple auto-detected pipeline files. Action: Do not pick arbitrarily; require explicit target file path. Report note: "Validation paused until a single target file is specified." Rule Buckets (What the Scripts Check) Syntax examples: yaml-syntax yaml-invalid-root invalid-hierarchy task-invalid-format pool-invalid deployment-missing-strategy Best-practice examples: missing-displayname task-version-zero task-missing-version pool-latest-image missing-cache missing-deployment-condition Security examples: hardcoded-password hardcoded-secret curl-pipe-shell eval-command insecure-ssl container-latest-tag variable-not-secret Use script output rule IDs directly in the report. References and Examples Syntax reference: docs/azure-pipelines-reference.md Example pipelines: examples/ Quick local test: bash " $SKILL_DIR /scripts/validate_azure_pipelines.sh" " $SKILL_DIR /examples/basic-pipeline.yml" Done Criteria This skill execution is done when all conditions are true: Trigger match is explicit and plain-language examples are provided near the top. Validation command(s) were run with unambiguous paths. Report uses severity buckets ( Blocking , Warning , Info , Skipped ). Fallback behavior is explicitly reported for unavailable tools/environment constraints. External docs were consulted only when local checks were insufficient.
返回排行榜