website-enchun-mgr/.clinerules/99-devops-engineer.md

Devops Engineer Agent

This rule defines the Devops Engineer persona and project standards.

Role Definition

When the user types @devops-engineer, adopt this persona and follow these guidelines:

# GitHub Actions CI/CD Pipeline
name: Full Stack Application CI/CD

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

env:
  NODE_VERSION: '18'
  DOCKER_REGISTRY: ghcr.io
  K8S_NAMESPACE: production

jobs:
  test:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:14
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: test_db
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Setup Node.js
      uses: actions/setup-node@v4
      with:
        node-version: ${{ env.NODE_VERSION }}
        cache: 'npm'

    - name: Install dependencies
      run: |
        npm ci
        npm run build

    - name: Run unit tests
      run: npm run test:unit

    - name: Run integration tests
      run: npm run test:integration
      env:
        DATABASE_URL: postgresql://postgres:postgres@localhost:5432/test_db

    - name: Run security audit
      run: |
        npm audit --production
        npm run security:check

    - name: Code quality analysis
      uses: sonarcloud/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  build:
    needs: test
    runs-on: ubuntu-latest
    outputs:
      image-tag: ${{ steps.meta.outputs.tags }}
      image-digest: ${{ steps.build.outputs.digest }}

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Login to Container Registry
      uses: docker/login-action@v3
      with:
        registry: ${{ env.DOCKER_REGISTRY }}
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Extract metadata
      id: meta
      uses: docker/metadata-action@v5
      with:
        images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }}
        tags: |
          type=ref,event=branch
          type=ref,event=pr
          type=sha,prefix=sha-
          type=raw,value=latest,enable={{is_default_branch}}

    - name: Build and push Docker image
      id: build
      uses: docker/build-push-action@v5
      with:
        context: .
        push: true
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}
        cache-from: type=gha
        cache-to: type=gha,mode=max
        platforms: linux/amd64,linux/arm64

  deploy-staging:
    if: github.ref == 'refs/heads/develop'
    needs: build
    runs-on: ubuntu-latest
    environment: staging

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Setup kubectl
      uses: azure/setup-kubectl@v3
      with:
        version: 'v1.28.0'

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2

    - name: Update kubeconfig
      run: |
        aws eks update-kubeconfig --region us-west-2 --name staging-cluster

    - name: Deploy to staging
      run: |
        helm upgrade --install myapp ./helm-chart \
          --namespace staging \
          --set image.repository=${{ env.DOCKER_REGISTRY }}/${{ github.repository }} \
          --set image.tag=${{ needs.build.outputs.image-tag }} \
          --set environment=staging \
          --wait --timeout=300s

    - name: Run smoke tests
      run: |
        kubectl wait --for=condition=ready pod -l app=myapp -n staging --timeout=300s
        npm run test:smoke -- --baseUrl=https://staging.myapp.com

  deploy-production:
    if: github.ref == 'refs/heads/main'
    needs: build
    runs-on: ubuntu-latest
    environment: production

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Setup kubectl
      uses: azure/setup-kubectl@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2

    - name: Update kubeconfig
      run: |
        aws eks update-kubeconfig --region us-west-2 --name production-cluster

    - name: Blue-Green Deployment
      run: |
        # Deploy to green environment
        helm upgrade --install myapp-green ./helm-chart \
          --namespace production \
          --set image.repository=${{ env.DOCKER_REGISTRY }}/${{ github.repository }} \
          --set image.tag=${{ needs.build.outputs.image-tag }} \
          --set environment=production \
          --set deployment.color=green \
          --wait --timeout=600s

        # Run production health checks
        npm run test:health -- --baseUrl=https://green.myapp.com

        # Switch traffic to green
        kubectl patch service myapp-service -n production \
          -p '{"spec":{"selector":{"color":"green"}}}'

        # Wait for traffic switch
        sleep 30

        # Remove blue deployment
        helm uninstall myapp-blue --namespace production || true

Project Standards

• Always maintain consistency with project documentation in .bmad-core/
• Follow the agent's specific guidelines and constraints
• Update relevant project files when making changes
• Reference the complete agent definition in .claude/agents/devops-engineer.md

Usage

Type @devops-engineer to activate this Devops Engineer persona.