Skills Guide

Pipelines CI/CD GCP Node.js

VérifiéSûr

Génère des pipelines CI/CD prêts pour la production pour applications Node.js et Angular déployées sur GKE via Cloud Build, avec scanning de sécurité et stratégies de déploiement.

Spar Skills Guide Bot
DeveloppementIntermédiaire
2002/06/2026
Claude Code
#nodejs#angular#gcp#cloud-build#gke

Recommandé pour

Développeur backendClaude CodeRevue de codeDéveloppeur frontendDéveloppeur fullstackRefactoring

Notre avis

Génère des pipelines CI/CD prêts pour la production pour les applications Node.js et Angular sur GCP avec Cloud Build et GKE, incluant le scan de sécurité et les stratégies de déploiement.

Points forts

  • Automatise la création de pipelines pour plusieurs types de services (Express, NestJS, Angular).
  • Impose des scans de sécurité (Snyk, Trivy, SonarQube) et des contrôles de qualité.
  • Prend en charge les déploiements multi-environnements avec des stratégies canary et de rollback.
  • Inclut des normes de construction organisationnelles.

Limites

  • Nécessite des connaissances spécifiques sur GCP et Kubernetes pour personnaliser les modèles.
  • Ne couvre pas les plateformes non GCP ni les outils CI/CD autres que Cloud Build.
  • Suppose Node.js 18/20 et un gestionnaire de paquets spécifique (npm).
Quand l'utiliser

À utiliser lors de la création ou de la mise à jour de pipelines de déploiement pour des services Node.js ou Angular ciblant Google Cloud Platform.

Quand l'éviter

Ne pas utiliser pour les projets sur d'autres fournisseurs cloud (AWS, Azure) ou utilisant des outils CI/CD différents (Jenkins, GitLab CI).

Analyse de sécurité

Sûr
Score qualité88/100

The skill generates CI/CD configuration files; it does not contain instructions to execute destructive commands, exfiltrate data, or bypass security controls. The commands used (e.g., reading package.json, running npm ci) are typical for a build pipeline definition and pose no direct risk.

Aucun point d'attention détecté

Exemples

Set up Node.js Express pipeline
Set up a CI/CD pipeline for my Node.js Express API on GCP using Cloud Build and GKE with security scanning and canary deployments.
Create Angular deployment pipeline
Create a deployment pipeline for an Angular frontend application on Google Cloud using Cloud Build and GKE with multi-environment support.
Add security scanning to existing pipeline
Add Snyk vulnerability scanning and Trivy container scanning to my existing Cloud Build pipeline for a NestJS service.

name: gcp-nodejs-cicd version: 2.1.0 description: Generate CI/CD pipelines for Node.js and Angular applications on GCP with Cloud Build and GKE deployment. Use when creating or updating deployment pipelines for Node.js services, Express APIs, NestJS applications, or Angular frontends targeting Google Cloud Platform. author: Platform Engineering Team tags: [nodejs, angular, gcp, cloud-build, gke]

Knowledge Dependency Graph: Explicit dependency declarations

See 06-KNOWLEDGE-GRAPH.md for full documentation

dependencies: required: - name: security-scanning version: ">=1.5.0" reason: "Mandatory security scans (Snyk, Trivy, SonarQube) for all pipelines" - name: gke-deployment version: "^3.0.0" reason: "Kubernetes deployment patterns and strategies" optional: - name: observability version: ">=2.0.0" condition: "context.monitoring_required == true" reason: "Enhanced monitoring for production services" suggested: - name: cost-optimization version: "*" reason: "Resource sizing recommendations"

Context requirements for this Skill

context_requirements:

  • type: runtime values: [nodejs-18, nodejs-20]
  • type: platform values: [gcp]

Policies this Skill enforces (for compliance traceability)

policies_enforced:

  • security-scan-required
  • test-coverage-minimum
  • approval-gate-production

GCP Node.js CI/CD Pipeline Generation

This Skill generates production-ready CI/CD pipelines for Node.js and Angular applications deployed to Google Kubernetes Engine (GKE) via Cloud Build.

When to Use This Skill

  • Creating new Node.js or Angular services
  • Setting up deployment pipelines
  • Configuring multi-environment deployments (dev, staging, production)
  • Implementing security scanning and quality gates
  • Deploying containerized applications to GKE

Organizational Context

Build Standards

  • Node.js versions: 18.x, 20.x (LTS only)
  • Package manager: npm (lock file required)
  • Build process: Multi-stage Docker builds
  • Test coverage: Minimum 80% for production deployments
  • Linting: ESLint with organizational config

Security Requirements

  • Dependency scanning: Snyk (0 critical vulnerabilities allowed)
  • Container scanning: Trivy (no high/critical CVEs)
  • SAST: SonarQube (Quality Gate must pass)
  • SBOM: Generate and upload to Artifact Registry
  • Secrets: Must use GCP Secret Manager (never hardcoded)

Deployment Strategies

  • Development: Auto-deploy on commit
  • Staging: Manual approval required
  • Production: Canary deployment (5% → 50% → 100%)
  • Rollback: Automatic on health check failures or error rate >5%

Instructions

Step 1: Analyze Service Context

First, determine the service type and requirements by checking:

# Check package.json for framework
cat package.json | jq '.dependencies'

# Identify service type
if [ -f "angular.json" ]; then
  SERVICE_TYPE="angular"
elif grep -q "express" package.json; then
  SERVICE_TYPE="express"
elif grep -q "@nestjs" package.json; then
  SERVICE_TYPE="nestjs"
else
  SERVICE_TYPE="nodejs-generic"
fi

Step 2: Generate Cloud Build Configuration

Use the appropriate template from templates/cloudbuild/:

For Node.js services:

# See templates/cloudbuild/nodejs-service.yaml
steps:
  - name: 'node:${NODE_VERSION}'
    entrypoint: npm
    args: ['ci']
  
  - name: 'node:${NODE_VERSION}'
    entrypoint: npm
    args: ['run', 'build']
  
  - name: 'node:${NODE_VERSION}'
    entrypoint: npm
    args: ['test']
    
  # Security scanning - see templates/security/
  # Docker build - see templates/docker/
  # GKE deployment - see templates/kubernetes/

For Angular applications:

# See templates/cloudbuild/angular-app.yaml
# Includes ng build with optimization flags
# Static asset handling
# Environment-specific configurations

Step 3: Implement Security Scanning

Always include all three security scans:

# Snyk dependency scan
- name: 'snyk/snyk:node'
  entrypoint: 'sh'
  args:
    - '-c'
    - 'snyk test --severity-threshold=high || exit 1'
  secretEnv: ['SNYK_TOKEN']

# Trivy container scan
- name: 'aquasec/trivy'
  args: ['image', '--severity', 'HIGH,CRITICAL', '${IMAGE_NAME}']

# SonarQube SAST
- name: 'sonarsource/sonar-scanner-cli'
  args: ['sonar-scanner', '-Dsonar.qualitygate.wait=true']

Use validator at validators/security-policy.rego to verify all scans are present.

Step 4: Generate Kubernetes Manifests

Create deployment, service, and HPA configurations:

# See templates/kubernetes/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ${SERVICE_NAME}
  namespace: ${NAMESPACE}
spec:
  replicas: ${REPLICAS}
  template:
    spec:
      containers:
      - name: ${SERVICE_NAME}
        image: ${IMAGE_NAME}
        resources:
          requests:
            cpu: "100m"
            memory: "128Mi"
          limits:
            cpu: "500m"
            memory: "512Mi"
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5

Step 5: Configure Multi-Environment Deployment

Set up deployment strategy per environment:

Development:

  • Auto-deploy on every commit
  • No approval required
  • Rolling update strategy

Staging:

  • Manual approval required (team lead)
  • Smoke tests must pass
  • Rolling update strategy

Production:

  • Two approvals required (team lead + platform lead)
  • Canary deployment strategy
  • Automated rollback on metrics degradation

Step 6: Add Monitoring and Observability

Include Cloud Monitoring configuration:

# Metrics to collect
metrics:
  - http_requests_total
  - http_request_duration_seconds
  - http_errors_total
  
# Alerts to configure
alerts:
  - error_rate_high (>5% for 5 minutes)
  - latency_p99_high (>2s for 5 minutes)
  - pod_restart_frequent (>3 in 10 minutes)

Step 7: Generate Documentation

Create comprehensive documentation:

# Service Name

## CI/CD Pipeline

This service uses the following deployment pipeline:
- Build: Multi-stage Docker with Node.js ${VERSION}
- Test: Unit tests with 80%+ coverage
- Security: Snyk + Trivy + SonarQube
- Deploy: Canary to GKE with automated rollback

## Deployment

**Development:**
- Auto-deployed on commit to main
- URL: https://dev.example.com

**Production:**
- Requires 2 approvals
- Canary deployment (5% → 50% → 100%)
- URL: https://api.example.com

## Rollback

If deployment fails:
```bash
platform-cli rollback payment-api --to-version previous


## Validation Rules

Before completing generation, validate using `validators/security-policy.rego`:

```rego
# Validation checks
package cloudbuild

# Rule: Security scans required
deny[msg] {
  not input.steps[_].name == "snyk/snyk:node"
  msg = "Snyk dependency scan is required"
}

deny[msg] {
  not input.steps[_].name == "aquasec/trivy"
  msg = "Trivy container scan is required"
}

# Rule: Secrets must be in Secret Manager
deny[msg] {
  input.steps[_].args[_] contains "password"
  msg = "Hardcoded secrets detected. Use Secret Manager."
}

# Rule: Production requires approval
deny[msg] {
  input.environment == "production"
  not input.approvals
  msg = "Production deployments require approval"
}

Examples

For complete working examples, see:

  • examples/payment-service/ - Express API with PCI compliance
  • examples/user-api/ - NestJS service with authentication
  • examples/frontend-app/ - Angular SPA with SSR

Troubleshooting

Build fails with "npm ci" error:

  • Ensure package-lock.json is committed
  • Check Node.js version matches package.json engines

Security scan fails:

  • Review Snyk dashboard for vulnerabilities
  • Update dependencies to patch CVEs
  • Request exception if no patch available

Deployment fails:

  • Check GKE cluster has sufficient resources
  • Verify namespace exists
  • Confirm image was pushed to Artifact Registry

Canary rollback triggered:

  • Check Cloud Monitoring for error rates
  • Review logs in Cloud Logging
  • Validate health check endpoints

Additional Resources

Skills similaires

Expert Next.js App Router

Developpement

Un skill qui transforme Claude en expert Next.js App Router.

Claude CodeCursoradvanced
890
234
2,846
Admin

Générateur de README

Developpement

Crée des README.md professionnels et complets pour vos projets.

claudeCursorWindsurfbeginner
259
72
821
Admin

Rédacteur de Documentation API

Developpement

Génère de la documentation API complète au format OpenAPI/Swagger.

claudeCursorWindsurfintermediate
156
44
682
Admin