安装
npx skills add https://github.com/laurigates/claude-plugins --skill configure-workflows
- /configure:workflows
- Check and configure GitHub Actions CI/CD workflows against project standards.
- When to Use This Skill
- Use this skill when...
- Use another approach when...
- Checking GitHub Actions workflows for compliance with project standards
- Debugging a failing CI run (use github-actions-inspection skill)
- Setting up container build, test, or release-please workflows
- Installing Claude-powered reusable workflows (use
- /configure:reusable-workflows
- )
- Updating outdated action versions (checkout, build-push, etc.)
- Writing a custom workflow from scratch (use ci-workflows skill)
- Adding multi-platform builds or GHA caching to existing workflows
- Configuring security-specific workflows (use
- /configure:security
- )
- Auditing which required workflows are missing from a project
- Managing GitHub repository settings or branch protection rules
- Context
- Workflows dir: !
- find . -maxdepth 1 -type d -name \'.github/workflows\'
- Workflow files: !
- find .github/workflows -maxdepth 1 ( -name '.yml' -o -name '.yaml' )
- Package files: !
- find . -maxdepth 1 ( -name 'package.json' -o -name 'pyproject.toml' -o -name 'Cargo.toml' -o -name 'go.mod' )
- Dockerfile: !
- find . -maxdepth 1 -name 'Dockerfile*'
- Release-please config: !
- find . -maxdepth 1 -name \'release-please-config.json\'
- Skills referenced
- :
- ci-workflows
- ,
- github-actions-auth-security
- Parameters
- Parse from command arguments:
- --check-only
-
- Report status without offering fixes
- --fix
-
- Apply fixes automatically
- Execution
- Execute this GitHub Actions workflow configuration check:
- Step 1: Fetch latest action versions
- Verify latest versions before reporting outdated actions:
- actions/checkout
- -
- releases
- actions/setup-node
- -
- releases
- actions/cache
- -
- releases
- docker/setup-buildx-action
- -
- releases
- docker/build-push-action
- -
- releases
- docker/login-action
- -
- releases
- docker/metadata-action
- -
- releases
- reproducible-containers/buildkit-cache-dance
- -
- releases
- google-github-actions/release-please-action
- -
- releases
- Use WebSearch or WebFetch to verify current versions.
- Step 2: Detect project type and list workflows
- Check for
- .github/workflows/
- directory
- List all workflow files (.yml, .yaml)
- Categorize workflows by purpose (container build, test, release)
- Determine required workflows based on project type:
- Project Type
- Required Workflows
- Frontend
- container-build, release-please, renovate (optional: claude-auto-fix)
- Python
- container-build, release-please, test, renovate (optional: claude-auto-fix)
- Infrastructure
- release-please, renovate (optional: docs, claude-auto-fix)
- Step 3: Analyze workflow compliance
- Container Build Workflow Checks:
- Check
- Standard
- Severity
- checkout action
- v4
- WARN if older
- build-push action
- v6
- WARN if older
- Multi-platform
- amd64 + arm64
- WARN if missing
- Registry
- GHCR (ghcr.io)
- INFO
- Caching
- GHA cache enabled
- WARN if missing
- Permissions
- Explicit
- WARN if missing
- id-token: write
- Required when provenance/SBOM enabled
- WARN if missing
- Cache scope
- Explicit
- scope=
- when multiple build jobs
- WARN if missing
- Dead metadata tags
- No
- type=schedule
- without schedule trigger
- INFO
- Semver regex escaping
- Dots escaped in
- type=match
- patterns (
- \d+.\d+
- )
- WARN if unescaped
- Hardcoded image names
- Derive from
- ${{ github.repository }}
- INFO if hardcoded
- Digest output
- Capture
- build-push
- digest via
- id:
- for traceability
- INFO if missing
- Job summary
- Write image/digest/tags to
- $GITHUB_STEP_SUMMARY
- INFO if missing
- Duplicated job conditions
- Identical
- if:
- on sibling jobs; suggest gate job
- INFO
- Release Please Workflow Checks:
- Check
- Standard
- Severity
- Action version
- v4
- WARN if older
- Token
- MY_RELEASE_PLEASE_TOKEN
- WARN if GITHUB_TOKEN
- Permissions
- contents: write, pull-requests: write
- FAIL if missing
- Test Workflow Checks:
- Check
- Standard
- Severity
- Node version
- 22
- WARN if older
- Linting
- npm run lint
- WARN if missing
- Type check
- npm run typecheck
- WARN if missing
- Coverage
- Coverage upload
- INFO
- Renovate Workflow Checks:
- Check
- Standard
- Severity
- RENOVATE_REPOSITORIES env var
- Must be set (
- ${{ github.repository }}
- )
- FAIL if missing
- checkout action
- v6
- WARN if older
- renovatebot/github-action
- Minor-pinned (e.g., v46.1.0), not major tag
- WARN if major-only
- Uses reusable workflow
- Preferred (except infrastructure)
- INFO if standalone
- Claude Auto-Fix Workflow Checks (if present):
- Check
- Standard
- Severity
- workflow_run trigger
- Monitors at least one workflow
- WARN if misconfigured
- Loop prevention
- Skips fix(auto): commits
- FAIL if missing
- Deduplication
- Caps open auto-fix PRs
- WARN if missing
- Claude Code Action
- anthropics/claude-code-action@v1
- WARN if older
- OAuth token
- CLAUDE_CODE_OAUTH_TOKEN secret
- FAIL if missing
- Permissions
- Minimal required set
- WARN if excessive
- Step 4: Generate compliance report
- Print a formatted compliance report showing workflow status, per-workflow check results, and missing workflows.
- If
- --check-only
- is set, stop here.
- For the report format, see
- REFERENCE.md
- .
- Step 5: Apply configuration (if --fix or user confirms)
- Missing workflows
-
- Create from standard templates
- Outdated actions
-
- Update version numbers
- Missing multi-platform
-
- Add platforms to build-push
- Missing caching
- Add GHA cache configuration
For standard templates (container build, test workflow), see
REFERENCE.md
.
Step 6: Update standards tracking
Update
.project-standards.yaml
:
components
:
workflows
:
"2025.1"
Agentic Optimizations
Context
Command
Quick compliance check
/configure:workflows --check-only
Auto-fix all issues
/configure:workflows --fix
List workflow files
find .github/workflows -name '.yml' -o -name '.yaml'
Check action versions
rg 'uses:' .github/workflows/ --no-heading
Verify release-please config
test -f release-please-config.json && echo "EXISTS"
Flags
Flag
Description
--check-only
Report status without offering fixes
--fix
Apply fixes automatically
See Also
/configure:container
- Comprehensive container infrastructure (builds, registry, scanning)
/configure:dockerfile
- Dockerfile configuration and security
/configure:release-please
- Release automation specifics
/configure:all
- Run all compliance checks
ci-workflows
skill - Workflow patterns
github-actions-inspection
skill - Workflow debugging
← 返回排行榜