v1.0.0
Reviews CI/CD pipelines, deployment configuration, and dependency management — build caching, environment parity, rollback strategies, and supply chain security. Broken pipelines block every developer on the team; insecure pipelines can compromise production.
A review skill for build pipelines, deployment workflows, and infrastructure configuration.
Run this when modifying CI/CD workflows, Dockerfiles, deployment scripts, or dependency manifests. Essential during infrastructure migrations or when onboarding new services.
Pin exact versions for all dependencies in production (no ^, ~, or * ranges). Unpinned dependencies silently pull in new versions that can introduce breaking changes, security vulnerabilities, or performance regressions — and you won't know until production breaks.
Store all environment-specific configuration (API URLs, database connections, feature flags) in environment variables, never in source code. Hardcoded config means your staging code talks to production databases, your API keys are in git history, and deploying to a new environment requires code changes.
BeforeMerge scans your pull requests against all 3 DevOps & CI/CD Review rules automatically. Get actionable feedback before code ships.