zhongwei/gh-cskiro-claudex-devops-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 18:16:54 +08:00
commit 2eeb6e60c6
39 changed files with 10735 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
skills/github-repo-setup/CHANGELOG.md Normal file
View File

@@ -0,0 +1,15 @@
# Changelog
## 0.2.0
- Refactored to Anthropic progressive disclosure pattern
- Updated description with "Use PROACTIVELY when..." format
- Removed version/author/tags/category from frontmatter
## 0.1.0
- Initial release with four repository setup modes
- Quick, Enterprise, Open Source, and Private/Team modes
- Security features: Dependabot, secret scanning, CodeQL
- CI/CD workflow templates and branch protection
- Issue/PR templates and CODEOWNERS configuration

206
skills/github-repo-setup/README.md Normal file
View File

@@ -0,0 +1,206 @@
# GitHub Repository Setup Skill
> **Automated GitHub repository creation following official best practices and modern standards**
## Overview
This skill automates the setup of GitHub repositories with four distinct modes tailored to different use cases. Each mode follows GitHub's official best practices, implementing appropriate security features, documentation standards, and workflow automation.
## Features
### Four Modes
1. **Quick Mode** (~30s)
- Fast public repo setup
- Essential files: README, LICENSE, .gitignore
- Perfect for experiments and prototypes
2. **Enterprise Mode** (~120s)
- Production-ready setup
- Full security features (Dependabot, secret scanning, CodeQL)
- CI/CD workflows with GitHub Actions
- Branch protection with required reviews
- Automated testing and deployment
3. **Open Source Mode** (~90s)
- Community-focused configuration
- Community health files (CODE_OF_CONDUCT, CONTRIBUTING)
- Issue and PR templates
- GitHub form schema integration
- Contributor guidelines
4. **Private/Team Mode** (~90s)
- Internal collaboration setup
- CODEOWNERS configuration
- Governance documentation
- Team access controls
- Review requirements
### Security Features (Based on GitHub Official Best Practices)
- ✅ Dependabot alerts and automated security fixes
- ✅ Secret scanning with push protection
- ✅ Code scanning with CodeQL (enterprise mode)
- ✅ SECURITY.md with vulnerability reporting
- ✅ Branch protection rules
- ✅ Required status checks
### Documentation Standards
- ✅ Comprehensive README with badges
- ✅ Appropriate LICENSE selection
- ✅ Technology-specific .gitignore
- ✅ Community health files
- ✅ Contributing guidelines
- ✅ Support resources
### CI/CD Automation
- ✅ GitHub Actions workflows
- ✅ Automated testing
- ✅ Linting and code quality checks
- ✅ Security scanning
- ✅ Deployment pipelines (optional)
## Prerequisites
- **GitHub CLI** (`gh`) - [Installation guide](https://cli.github.com/)
- **Git** - Configured with user.name and user.email
- **GitHub Account** - Authenticated via `gh auth login`
- **Permissions** - Repository creation access (organization admin for org repos)
## Usage
### Quick Examples
```bash
# Quick mode - minimal setup
"Create a quick GitHub repo for testing"
# Enterprise mode - full production setup
"Set up an enterprise GitHub repository with CI/CD"
# Open source mode - community project
"Create an open source GitHub project"
# Private/team mode - internal collaboration
"Set up a private team repository with governance"
```
### Detailed Workflow
1. **Invoke the skill** with your request
2. **Select mode** (or let AI detect from your request)
3. **Provide repository details**:
- Name
- Description
- Visibility (public/private/internal)
- Technology stack (for .gitignore)
- License preference
4. **Review configuration** and confirm
5. **Skill executes** setup automatically
6. **Receive** validation report and next steps
## What Gets Created
### All Modes
- Repository with proper visibility
- README.md with project info
- LICENSE file
- .gitignore for tech stack
- Initial git setup with main branch
### Additional (Enterprise/Open Source/Team)
- Security features enabled
- CI/CD workflows configured
- Issue and PR templates
- Branch protection rules
- Community health files
- CODEOWNERS (team mode)
## Example Output
```
✅ Repository Setup Complete: myorg/my-project
## Enabled Features
- ✅ Repository created (public)
- ✅ Dependabot alerts enabled
- ✅ Secret scanning active
- ✅ Branch protection configured
- ✅ CI workflow created
- ✅ Issue templates added
- ✅ Community files complete
## Quick Start
gh repo clone myorg/my-project
cd my-project
git checkout -b feature/initial-code
# Add your code
git commit -m "feat: initial implementation"
git push -u origin feature/initial-code
gh pr create
## Repository URL
https://github.com/myorg/my-project
```
## Best Practices Applied
This skill implements GitHub's official best practices:
1. **Security First** - Dependabot, secret scanning, and push protection enabled by default
2. **Documentation Standards** - README, LICENSE, and community health files
3. **Branch Protection** - Protected main branch with required reviews
4. **CI/CD Integration** - Automated testing and quality checks
5. **Collaboration Workflow** - PR-based development with templates
6. **Access Control** - CODEOWNERS for critical files
7. **Community Guidelines** - Clear contribution and conduct standards
## Customization
After initial setup, you can customize:
- Modify CI/CD workflows in `.github/workflows/`
- Adjust branch protection rules via GitHub settings
- Update issue templates in `.github/ISSUE_TEMPLATE/`
- Edit CODEOWNERS for review requirements
- Configure additional integrations
## Troubleshooting
### Authentication Issues
```bash
# Check auth status
gh auth status
# Re-authenticate
gh auth login
```
### Permission Errors
- Ensure you have repository creation permissions
- For organization repos, confirm admin access
- Check organization security settings
### CLI Not Found
```bash
# Install GitHub CLI
brew install gh # macOS
# Or visit: https://cli.github.com/
```
## References
- [GitHub Best Practices for Repositories](https://docs.github.com/en/repositories/creating-and-managing-repositories/best-practices-for-repositories)
- [Community Health Files](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions)
- [GitHub Actions Documentation](https://docs.github.com/en/actions)
- [Branch Protection Rules](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches)
## License
Apache-2.0
## Version
v0.1.0 - Initial release

89
skills/github-repo-setup/SKILL.md Normal file
View File

@@ -0,0 +1,89 @@
---
name: github-repo-setup
description: Use PROACTIVELY when user needs to create a new GitHub repository or set up a project with best practices. Automates repository creation with four modes - quick public repos (~30s), enterprise-grade with security and CI/CD (~120s), open-source community standards (~90s), and private team collaboration with governance (~90s). Not for existing repo configuration or GitHub Actions workflow debugging.
---
# GitHub Repository Setup
## Overview
This skill automates GitHub repository creation following official best practices (2024-2025). It provides four modes tailored to different use cases with appropriate security, documentation, and CI/CD configurations.
**Four Modes:**
1. **Quick Mode** - Fast public repo with essentials (~30s)
2. **Enterprise Mode** - Production-ready with full security and CI/CD (~120s)
3. **Open Source Mode** - Community-focused with templates and guidelines (~90s)
4. **Private/Team Mode** - Internal collaboration with CODEOWNERS and governance (~90s)
## When to Use This Skill
**Trigger Phrases:**
- "create a GitHub repository"
- "set up a new GitHub repo"
- "initialize GitHub repo with best practices"
- "create an enterprise/open source/private repository"
**Use Cases:**
- Starting new projects with GitHub best practices
- Setting up open source projects with community health files
- Creating team repositories with governance and security
## Response Style
- **Efficient**: Automate repetitive setup tasks
- **Guided**: Clear mode selection with trade-offs
- **Security-first**: Enable protection features by default
## Quick Decision Matrix
| User Request | Mode | Setup Time | Key Features |
|-------------|------|------------|--------------|
| "quick repo", "experiment" | Quick | ~30s | README, LICENSE, .gitignore |
| "production repo", "CI/CD" | Enterprise | ~120s | Security + CI/CD + protection |
| "open source project" | Open Source | ~90s | Community templates |
| "private team repo" | Private/Team | ~90s | CODEOWNERS + governance |
## Mode Detection Logic
```javascript
if (userMentions("quick", "test", "experiment")) return "quick-mode";
if (userMentions("enterprise", "production", "ci/cd")) return "enterprise-mode";
if (userMentions("open source", "oss", "public")) return "open-source-mode";
if (userMentions("private", "team", "internal")) return "private-team-mode";
return askForModeSelection();
```
## Modes
| Mode | Description | Details |
|------|-------------|---------|
| Quick | Minimal setup for experiments | → [modes/quick-mode.md](modes/quick-mode.md) |
| Enterprise | Full security and CI/CD | → [modes/enterprise-mode.md](modes/enterprise-mode.md) |
| Open Source | Community health files | → [modes/open-source-mode.md](modes/open-source-mode.md) |
| Private/Team | CODEOWNERS and governance | → [modes/private-team-mode.md](modes/private-team-mode.md) |
## Core Workflow
1. **Mode Selection** - Detect intent or ask user
2. **Prerequisites** - Validate gh CLI, auth, git config
3. **Repository Creation** - Create via GitHub CLI
4. **Security Setup** - Enable Dependabot, secret scanning
5. **Documentation** - Generate README, LICENSE, .gitignore
6. **CI/CD** - Configure workflows (enterprise/open-source)
7. **Templates** - Add issue/PR templates
8. **Protection** - Set branch rules (enterprise/team)
9. **Validation** - Verify setup and provide next steps
## Reference Materials
- [Error Handling & Success Criteria](reference/error-handling.md)
## Important Reminders
1. **Security first** - Enable Dependabot and secret scanning by default
2. **Branch protection** - Protect main branch in production setups
3. **Documentation** - Every repo needs README, LICENSE, and .gitignore
4. **CODEOWNERS** - Use for critical files in team repositories
**Official Documentation**:
- https://docs.github.com/en/repositories/creating-and-managing-repositories/best-practices-for-repositories

106
skills/github-repo-setup/data/security-features.yaml Normal file
View File

@@ -0,0 +1,106 @@
# GitHub Security Features Configuration
# Based on GitHub official best practices (2024-2025)
dependabot:
name: "Dependabot Alerts"
description: "Notify about security vulnerabilities in dependencies"
availability: "All repositories"
api_endpoint: "/repos/{owner}/{repo}/vulnerability-alerts"
method: "PUT"
required_modes: ["quick", "enterprise", "open-source", "private-team"]
automated_security_fixes:
name: "Dependabot Security Updates"
description: "Automatically create PRs to update vulnerable dependencies"
availability: "All repositories"
api_endpoint: "/repos/{owner}/{repo}/automated-security-fixes"
method: "PUT"
required_modes: ["enterprise", "open-source", "private-team"]
secret_scanning:
name: "Secret Scanning"
description: "Detect exposed secrets in code"
availability: "Public repos (free), Private repos (GitHub Advanced Security)"
api_endpoint: "/repos/{owner}/{repo}/secret-scanning"
method: "PUT"
required_modes: ["enterprise", "open-source"]
push_protection:
name: "Push Protection"
description: "Prevent pushing commits with detected secrets"
availability: "Requires secret scanning"
api_endpoint: "/repos/{owner}/{repo}/secret-scanning-push-protection"
method: "PUT"
required_modes: ["enterprise"]
code_scanning:
name: "Code Scanning (CodeQL)"
description: "Identify vulnerabilities and errors in code"
availability: "Public repos (free), Private repos (GitHub Advanced Security)"
implementation: "github-actions-workflow"
workflow_file: ".github/workflows/codeql.yml"
required_modes: ["enterprise"]
branch_protection:
name: "Branch Protection Rules"
description: "Protect important branches with required checks"
availability: "All repositories"
api_endpoint: "/repos/{owner}/{repo}/branches/{branch}/protection"
method: "PUT"
required_modes: ["enterprise", "private-team"]
rules:
required_pull_request_reviews:
required_approving_review_count: 1
dismiss_stale_reviews: true
require_code_owner_reviews: true
required_status_checks:
strict: true
contexts: ["ci/test", "ci/lint"]
enforce_admins: false
restrictions: null
security_advisories:
name: "Private Vulnerability Reporting"
description: "Allow security researchers to privately report vulnerabilities"
availability: "Public repositories"
setup: "Repository Settings → Security → Enable private vulnerability reporting"
required_modes: ["open-source"]
security_policy:
name: "SECURITY.md"
description: "Document security policy and vulnerability reporting process"
location: "Root, .github/, or docs/"
required_modes: ["all"]
template: |
# Security Policy
## Supported Versions
Currently supported versions:
| Version | Supported |
| ------- | ------------------ |
| 1.0.x | :white_check_mark: |
| < 1.0 | :x: |
## Reporting a Vulnerability
Please report security vulnerabilities to [security@example.com](mailto:security@example.com).
**Please do not report security vulnerabilities through public GitHub issues.**
You should receive a response within 48 hours. If the issue is confirmed, we will release a patch as soon as possible.
two_factor_authentication:
name: "Two-Factor Authentication"
description: "Require 2FA for all organization members"
availability: "Organization settings"
recommendation: "Enforce for all users with write access"
setup: "Organization Settings → Authentication security → Require two-factor authentication"
signed_commits:
name: "Commit Signature Verification"
description: "Verify commits are signed with GPG/SSH keys"
availability: "All repositories"
setup: "Branch protection → Require signed commits"
recommended_for: ["enterprise", "private-team"]

0
skills/github-repo-setup/examples/.gitkeep Normal file
View File

74
skills/github-repo-setup/modes/enterprise-mode.md Normal file
View File

@@ -0,0 +1,74 @@
# Enterprise Mode
**Purpose**: Production-ready with security features, CI/CD, and branch protection (~120 seconds)
## Features Included
- All Quick Mode features
- ✅ Dependabot alerts and security updates
- ✅ Secret scanning with push protection
- ✅ CodeQL code scanning
- ✅ Branch protection rules
- ✅ CI/CD workflows
- ✅ Issue and PR templates
- ✅ SECURITY.md
- ✅ Required status checks
## When to Use
- Production applications
- Client projects
- Enterprise software
- Any project requiring security compliance
## Security Configuration
```bash
# Enable Dependabot
gh api -X PUT /repos/{owner}/{repo}/vulnerability-alerts
gh api -X PUT /repos/{owner}/{repo}/automated-security-fixes
# Enable secret scanning
gh api -X PUT /repos/{owner}/{repo}/secret-scanning
gh api -X PUT /repos/{owner}/{repo}/secret-scanning-push-protection
```
## Branch Protection
```json
{
"required_status_checks": {
"strict": true,
"contexts": ["ci"]
},
"enforce_admins": true,
"required_pull_request_reviews": {
"required_approving_review_count": 1,
"dismiss_stale_reviews": true
},
"restrictions": null
}
```
## CI/CD Workflow
```yaml
name: CI
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run tests
run: npm test
- name: Upload coverage
uses: codecov/codecov-action@v3
```
## Next Steps After Setup
1. Configure environment secrets
2. Set up deployment pipeline
3. Add team members with appropriate permissions
4. Review security alerts dashboard

74
skills/github-repo-setup/modes/open-source-mode.md Normal file
View File

@@ -0,0 +1,74 @@
# Open Source Mode
**Purpose**: Community-focused with templates and contribution guidelines (~90 seconds)
## Features Included
- All Quick Mode features
- ✅ CODE_OF_CONDUCT.md (Contributor Covenant)
- ✅ CONTRIBUTING.md
- ✅ Issue templates (bug, feature, question)
- ✅ PR template
- ✅ SUPPORT.md
- ✅ Dependabot alerts
- ✅ Basic CI workflow
## When to Use
- Open source projects
- Community-driven software
- Public libraries/tools
- Projects accepting contributions
## Community Health Files
### CODE_OF_CONDUCT.md
Use Contributor Covenant v2.1:
```markdown
# Contributor Covenant Code of Conduct
## Our Pledge
We pledge to make participation in our community a harassment-free experience...
```
### CONTRIBUTING.md
```markdown
# Contributing
Thank you for your interest in contributing!
## How to Contribute
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request
## Code of Conduct
Please read our [Code of Conduct](CODE_OF_CONDUCT.md)
```
## Issue Templates
```yaml
# .github/ISSUE_TEMPLATE/bug_report.yml
name: Bug Report
description: Report a bug
body:
- type: textarea
id: description
label: Describe the bug
validations:
required: true
- type: textarea
id: reproduction
label: Steps to reproduce
```
## Next Steps After Setup
1. Add comprehensive README with badges
2. Set up project board for issue tracking
3. Configure Discussions for community Q&A
4. Add CHANGELOG.md

78
skills/github-repo-setup/modes/private-team-mode.md Normal file
View File

@@ -0,0 +1,78 @@
# Private/Team Mode
**Purpose**: Internal collaboration with CODEOWNERS and governance (~90 seconds)
## Features Included
- All Quick Mode features
- ✅ Private visibility
- ✅ CODEOWNERS file
- ✅ GOVERNANCE.md
- ✅ Branch protection rules
- ✅ Team access configuration
- ✅ Issue and PR templates
- ✅ Review requirements
## When to Use
- Internal team projects
- Company repositories
- Private client work
- Projects with access controls
## CODEOWNERS Configuration
```
# .github/CODEOWNERS
# Default owners for everything
* @team-leads
# Specific paths
/src/ @development-team
/docs/ @documentation-team
/.github/ @devops-team
/security/ @security-team
```
## Team Access
```bash
# Add team with write access
gh api -X PUT /orgs/{org}/teams/{team}/repos/{owner}/{repo} \
-f permission=write
# Add individual collaborator
gh repo add-collaborator <username> --permission write
```
## Governance Documentation
### GOVERNANCE.md
```markdown
# Governance
## Decision Making
- Technical decisions: Development team lead
- Product decisions: Product manager
- Security decisions: Security team lead
## Code Review Requirements
- All PRs require 1 approval
- Security-sensitive changes require security team review
- Breaking changes require team lead approval
## Release Process
1. Create release branch
2. Run full test suite
3. Get release approval
4. Tag and deploy
```
## Next Steps After Setup
1. Invite team members
2. Configure team permissions
3. Set up project milestones
4. Document team workflows

49
skills/github-repo-setup/modes/quick-mode.md Normal file
View File

@@ -0,0 +1,49 @@
# Quick Mode
**Purpose**: Fast public repo setup with essentials (~30 seconds)
## Features Included
- README.md with basic structure
- LICENSE file (MIT default)
- .gitignore for technology stack
- Basic repository settings
## Features NOT Included
- ❌ CI/CD workflows
- ❌ Branch protection
- ❌ Issue/PR templates
- ❌ Security scanning setup
- ❌ CODEOWNERS
## When to Use
- Experiments and prototypes
- Quick test projects
- Personal projects
- Learning/tutorial repos
## Commands
```bash
# Create quick repo
gh repo create <name> --public --clone --description "<description>"
cd <name>
# Add essentials
echo "# <name>" > README.md
gh repo license create mit > LICENSE
curl -o .gitignore https://www.toptal.com/developers/gitignore/api/<tech>
# Initial commit
git add .
git commit -m "Initial commit"
git push -u origin main
```
## Next Steps After Setup
1. Add initial code
2. Push first commit
3. Consider upgrading to Enterprise mode for production

0
skills/github-repo-setup/reference/.gitkeep Normal file
View File

63
skills/github-repo-setup/reference/error-handling.md Normal file
View File

@@ -0,0 +1,63 @@
# Error Handling
## Common Issues
### GitHub CLI not authenticated
**Detect**: `gh auth status` fails
**Solution**:
```bash
gh auth login
# Follow prompts to authenticate
```
### Repository name conflicts
**Detect**: API error for existing repo
**Solution**:
- Check availability: `gh repo view <owner>/<name>`
- Suggest alternative names
- Offer to use different organization
### Insufficient permissions
**Detect**: 403 errors from API
**Solution**:
- Verify organization membership
- Check repository permissions
- Contact organization admin for elevated access
### Missing git configuration
**Detect**: `git config` returns empty
**Solution**:
```bash
git config --global user.name "Your Name"
git config --global user.email "your@email.com"
```
### Rate limiting
**Detect**: 429 errors from API
**Solution**:
- Wait for rate limit reset
- Check limit: `gh api /rate_limit`
- Retry with exponential backoff
## Success Criteria
- [ ] Repository created with appropriate visibility
- [ ] Security features enabled (Dependabot, secret scanning)
- [ ] Complete documentation (README, LICENSE, community files)
- [ ] CI/CD workflows configured and functional
- [ ] Issue and PR templates set up
- [ ] Branch protection rules active (enterprise/team modes)
- [ ] CODEOWNERS configured (team mode)
- [ ] Repository accessible and cloneable
- [ ] Validation checks pass
- [ ] User has clear next steps