For platform engineers: provision, ship, and observe production infra with confidence.
Reach for this when you own the infrastructure behind a service and need it to ship and stay up. It takes you from provisioning cloud resources as code, through CI/CD pipelines and containerization, to running workloads on Kubernetes and seeing inside them in production. The result: a repeatable, observable platform you can hand to a team instead of a pile of one-off scripts.
Click to play with sound.
Arranged in the author's recommended order. Walk through them in sequence, or open any one on its own.
Writes safe, modular, idiomatic Terraform - remote state layout, module structure, plan-review discipline, version pinning, and blast-radius control. Use when someone asks "structure my Terraform repo", "how should I split state between environments", "terraform plan wants to destroy and recreate my database", "should I use count or for_each", or "how do I import existing infrastructure". Do NOT use for CI pipeline authoring in GitHub Actions - use github-actions instead; for Kubernetes manifests the infrastructure hosts, use kubernetes-basics; for managing app secrets outside IaC, use secrets-hygiene.
View skillDesigns and hardens GitHub Actions CI/CD - pipelines that hit a sub-10-minute PR feedback budget through caching and parallelism, with least-privilege security and safe deploy gates. Use when someone asks "why is my CI so slow", "how do I cache node_modules properly", "set up a deploy workflow", "is pull_request_target safe here", or wants a workflow written or reviewed. Do NOT use for provisioning the cloud infrastructure the pipeline deploys to - use terraform-expert instead; do NOT use for Vercel-specific deploy flows - use vercel-deploy-pipeline instead; for secret storage policy beyond CI, use secrets-hygiene.
View skill