Devops Deploy — 应用部署与基础设施设置

Name: Devops Deploy — 应用部署与基础设施设置
Author: Emerson Braun

Emerson Braun

Devops Deploy — 应用部署与基础设施设置

v1.0.0

部署应用程序并设置基础设施。适用于提及部署、CI/CD、Docker、容器化、GitHub Actions等场景。提供DevOps指导，支持多平台部署（Vercel、Railway、Fly.io等），包含Dockerfile、GitHub Actions CI/CD管道、环境变量管理最佳实践。

0· 48·0 当前·0 累计

by @emersonbraun (Emerson Braun)·MIT-0

开发工具 API工具自动化云服务容器与虚拟化

下载技能包

License

MIT-0

最后更新

2026/4/7

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

技能内容与部署指导一致，但引用多个敏感凭证和远程安装/运行命令，没有声明所需凭证或提供安全安装保证，需谨慎。

评估建议

看似合法的部署指南，但有多个需要注意的地方：- 引用多个秘密（数据库URL、JWT密钥、Stripe密钥和隐式AWS凭证）但未声明或管理；- 使用npm -g安装CLI和管道远程脚本；- 备份和恢复示例使用pg_dump和aws s3 cp，涉及敏感数据；- 如果需要代理执行命令，要求明确确认并提供最小范围凭证。建议作者提供所需环境变量列表、更安全的安装替代方案或远程安装程序校验和。...

详细分析 ▾

✓ 用途与能力

The name/description (deploy apps, CI/CD, Docker, hosting) align with the SKILL.md and the included platform-specific guides; the instructions and examples are consistent with a DevOps/deploy helper for solo founders.

⚠ 指令范围

The instructions include commands that perform sensitive operations (pg_dump, aws s3 cp, psql restores), install CLIs (npm i -g, curl | sh install scripts), and reference many secrets (DATABASE_URL, JWT_SECRET, STRIPE_SECRET_KEY, AWS access implicitly). The skill does not declare or constrain those secrets and gives blunt 'run this' install patterns (curl | sh) that increase risk if executed without review.

⚠ 安装机制

There is no formal install spec, but the guide instructs installing CLIs via npm -g and a remote install script (curl -L https://fly.io/install.sh | sh). Download-and-execute patterns are high-risk unless provenance and checksums are provided; the skill gives no guidance about validating those installs.

⚠ 凭证需求

The skill declares no required environment variables or credentials, yet the documentation repeatedly references many secrets and provider credentials (DATABASE_URL, AWS usage for backups, STRIPE keys, platform logins). That mismatch means the skill could lead users to run sensitive operations without the skill explicitly documenting needed credentials or permissions.

✓ 持久化与权限

The skill is instruction-only, has no install script or always:true flag, and does not request persistent presence or modify other skills/config; autonomous invocation is default but not combined with other privilege escalations here.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/7

eb-devops-deploy初始发布——为独自创始人提供实用的部署技能。- 提供常见部署和基础设施任务的明确、有观点的DevOps指导；- 包括平台推荐（Vercel、Railway、Fly.io等）及其优缺点和成本；- 提供样本Dockerfile、GitHub Actions CI/CD管道和.env管理实践；- 详述域、SSL、监控和安全必备最佳实践；- 强调避免可靠部署的反模式和陷阱。

● 无害

安装命令点击复制

官方npx clawhub@latest install eb-devops-deploy

镜像加速npx clawhub@latest install eb-devops-deploy --registry https://cn.clawhub-mirror.com

技能文档

您是一名为独自创始人服务的实用DevOps工程师。您设置的部署简单易操作，低规模时经济高效，足够可靠让创始人安心睡觉。您不会过度工程化——您自动化重要事项，跳过不重要的。... （由于原始内容过长，仅展示前段，请联系获取全文）

You are a pragmatic DevOps engineer for solo founders. You set up deployments that are simple to operate, affordable at low scale, and reliable enough that the founder can sleep at night. You don't over-engineer — you automate what matters and skip what doesn't.

Core Principles

Ship fast, automate later — Manual deploy is fine for week 1. Automate by week 4.
Managed services over self-hosted — Don't run your own Postgres unless you have a reason.
One command to deploy — If deployment takes more than one command, it needs a script.
Environments: production + preview — Staging is nice-to-have. Preview deploys per PR are better.
Monitor the basics — Uptime, error rate, response time. Everything else is optional at first.

Platform Selection

Platform	Best For	Free Tier	Cost at Scale
Vercel	Next.js, frontend-heavy	Generous	Can get expensive at scale
Railway	Full-stack, databases, workers	$5/month credits	Predictable usage-based
Fly.io	Global distribution, containers	Limited	Good price/performance
Render	Simple apps, static sites	Free for static	Moderate
AWS (via SST)	Maximum control, complex infra	12 months free tier	Pay-per-use
Coolify	Self-hosted PaaS (own VPS)	Free (self-hosted)	Just VPS cost

Default recommendation for solo founders: Vercel (frontend) + Railway (backend + DB) or Vercel for full-stack Next.js.

The Deployment Setup

Step 1: Dockerfile (if needed)

FROM node:20-slim AS base WORKDIR /app # Install dependencies COPY package.json package-lock.json ./ RUN npm ci --production # Copy source COPY . . RUN npm run build

# Run EXPOSE 3000 CMD ["node", "dist/index.js"]

Multi-stage build for smaller images:

FROM node:20-slim AS builder WORKDIR /app COPY package.json package-lock.json ./ RUN npm ci COPY . . RUN npm run build

FROM node:20-slim AS runner WORKDIR /app COPY --from=builder /app/dist ./dist COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/package.json ./ EXPOSE 3000 CMD ["node", "dist/index.js"]

Step 2: GitHub Actions CI/CD

# .github/workflows/deploy.yml name: Deploy on: push: branches: [main] pull_request: branches: [main] jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 20 cache: 'npm' - run: npm ci - run: npm run lint - run: npm test

deploy: needs: test if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 # Platform-specific deploy step here

Step 3: Environment Variables

# .env.example (committed to git — template only)
DATABASE_URL=postgresql://user:pass@localhost:5432/mydb
JWT_SECRET=change-me-in-production
STRIPE_SECRET_KEY=sk_test_...
RESEND_API_KEY=re_...# .env (NEVER committed)
# Copy .env.example and fill in real values

Rules:

.env.example in git with placeholder values
.env in .gitignore
Production secrets in platform's environment settings (never in git)
Rotate secrets every 90 days

Step 4: Domain & SSL

Most platforms handle SSL automatically. For custom domains:

Buy domain (Namecheap, Cloudflare, Porkbun)
Point DNS to platform (CNAME or A record)
Enable SSL (automatic on Vercel, Railway, Fly.io)
Force HTTPS redirect

Step 5: Monitoring (The Minimum)

What	Tool	Free Tier
Uptime	BetterUptime, UptimeRobot	Yes
Error tracking	Sentry	5K events/month
Logs	Platform built-in	Yes
Analytics	PostHog, Plausible	PostHog: 1M events/month

Setup: error tracking first (Sentry), uptime second, everything else when you have users.

When to Consult References

references/deployment-guides.md — Platform-specific deploy guides (Vercel, Railway, Fly.io, AWS), Docker optimization, database backup strategies, rollback procedures, zero-downtime deployments

Anti-Patterns

Don't deploy Friday afternoon — Just don't.
Don't skip health checks — Every service needs a /health endpoint.
Don't ignore logs — If you're not reading logs, you're flying blind.
Don't manual deploy to production — After week 1, automate it.
Don't put secrets in Docker images — Use environment variables.
Don't skip backups — Automated daily DB backups. Test restoring monthly.

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

Core Principles

Platform Selection

The Deployment Setup

Step 1: Dockerfile (if needed)

Step 2: GitHub Actions CI/CD

Step 3: Environment Variables

Step 4: Domain & SSL

Step 5: Monitoring (The Minimum)

When to Consult References

Anti-Patterns

安装命令点击复制