antigravity-skills-reference/skills/devops-deploy/SKILL.md

---
name: devops-deploy
description: 'DevOps e deploy de aplicacoes — Docker, CI/CD com GitHub Actions, AWS Lambda, SAM, Terraform, infraestrutura como codigo e monitoramento. Ativar para: dockerizar aplicacao, configurar pipeline...'
risk: critical
source: community
date_added: '2026-03-06'
author: renat
tags:
- devops
- docker
- ci-cd
- aws
- terraform
- github-actions
tools:
- claude-code
- antigravity
- cursor
- gemini-cli
- codex-cli
---

# DEVOPS-DEPLOY — Da Ideia para Producao

## Overview

DevOps e deploy de aplicacoes — Docker, CI/CD com GitHub Actions, AWS Lambda, SAM, Terraform, infraestrutura como codigo e monitoramento. Ativar para: dockerizar aplicacao, configurar pipeline CI/CD, deploy na AWS, Lambda, ECS, configurar GitHub Actions, Terraform, rollback, blue-green deploy, health checks, alertas.

## When to Use This Skill

- When you need specialized assistance with this domain

## Do Not Use This Skill When

- The task is unrelated to devops deploy
- A simpler, more specific tool can handle the request
- The user needs general-purpose assistance without domain expertise

## How It Works

> "Move fast and don't break things." — Engenharia de elite nao e lenta.
> E rapida e confiavel ao mesmo tempo.

---

## Dockerfile Otimizado (Python)

```dockerfile
FROM python:3.11-slim AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir --user -r requirements.txt

FROM python:3.11-slim
WORKDIR /app
COPY --from=builder /root/.local /root/.local
COPY . .
ENV PATH=/root/.local/bin:$PATH
ENV PYTHONUNBUFFERED=1
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:8000/health || exit 1
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
```

## Docker Compose (Dev Local)

```yaml
version: "3.9"
services:
  app:
    build: .
    ports: ["8000:8000"]
    environment:
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
    volumes:
      - .:/app
    depends_on: [db, redis]
  db:
    image: postgres:15
    environment:
      POSTGRES_DB: auri
      POSTGRES_USER: auri
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - pgdata:/var/lib/postgresql/data
  redis:
    image: redis:7-alpine
volumes:
  pgdata:
```

---

## Sam Template (Serverless)

```yaml

## Template.Yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Globals:
  Function:
    Timeout: 30
    Runtime: python3.11
    Environment:
      Variables:
        ANTHROPIC_API_KEY: !Ref AnthropicApiKey
        DYNAMODB_TABLE: !Ref AuriTable

Resources:
  AuriFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/
      Handler: lambda_function.handler
      MemorySize: 512
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref AuriTable

  AuriTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: auri-users
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
        - AttributeName: userId
          AttributeType: S
      KeySchema:
        - AttributeName: userId
          KeyType: HASH
      TimeToLiveSpecification:
        AttributeName: ttl
        Enabled: true
```

## Deploy Commands

```bash

## Build E Deploy

sam build
sam deploy --guided  # primeira vez
sam deploy           # deploys seguintes

## Deploy Rapido (Sem Confirmacao)

sam deploy --no-confirm-changeset --no-fail-on-empty-changeset

## Ver Logs Em Tempo Real

sam logs -n AuriFunction --tail

## Deletar Stack

sam delete
```

---

## .Github/Workflows/Deploy.Yml

name: Deploy Auri

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with: { python-version: "3.11" }
      - run: pip install -r requirements.txt
      - run: pytest tests/ -v --cov=src --cov-report=xml
      - uses: codecov/codecov-action@v4

  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install bandit safety
      - run: bandit -r src/ -ll
      - run: safety check -r requirements.txt

  deploy:
    needs: [test, security]
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: aws-actions/setup-sam@v2
      - uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      - run: sam build
      - run: sam deploy --no-confirm-changeset
      - name: Notify Telegram on Success
        run: |
          curl -s -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
            -d "text=Auri deployed successfully! Commit: ${{ github.sha }}"
```

---

## Health Check Endpoint

```python
from fastapi import FastAPI
import time, os

app = FastAPI()
START_TIME = time.time()

@app.get("/health")
async def health():
    return {
        "status": "healthy",
        "uptime_seconds": time.time() - START_TIME,
        "version": os.environ.get("APP_VERSION", "unknown"),
        "environment": os.environ.get("ENV", "production")
    }
```

## Alertas Cloudwatch

```python
import boto3

def create_error_alarm(function_name: str, sns_topic_arn: str):
    cw = boto3.client("cloudwatch")
    cw.put_metric_alarm(
        AlarmName=f"{function_name}-errors",
        MetricName="Errors",
        Namespace="AWS/Lambda",
        Dimensions=[{"Name": "FunctionName", "Value": function_name}],
        Period=300,
        EvaluationPeriods=1,
        Threshold=5,
        ComparisonOperator="GreaterThanThreshold",
        AlarmActions=[sns_topic_arn],
        TreatMissingData="notBreaching"
    )
```

---

## 5. Checklist De Producao

- [ ] Variaveis de ambiente via Secrets Manager (nunca hardcoded)
- [ ] Health check endpoint respondendo
- [ ] Logs estruturados (JSON) com request_id
- [ ] Rate limiting configurado
- [ ] CORS restrito a dominios autorizados
- [ ] DynamoDB com backup automatico ativado
- [ ] Lambda com timeout adequado (10-30s)
- [ ] CloudWatch alarmes para erros e latencia
- [ ] Rollback plan documentado
- [ ] Load test antes do lancamento

---

## 6. Comandos

| Comando | Acao |
|---------|------|
| `/docker-setup` | Dockeriza a aplicacao |
| `/sam-deploy` | Deploy completo na AWS Lambda |
| `/ci-cd-setup` | Configura GitHub Actions pipeline |
| `/monitoring-setup` | Configura CloudWatch e alertas |
| `/production-checklist` | Roda checklist pre-lancamento |
| `/rollback` | Plano de rollback para versao anterior |

## Best Practices

- Provide clear, specific context about your project and requirements
- Review all suggestions before applying them to production code
- Combine with other complementary skills for comprehensive analysis

## Common Pitfalls

- Using this skill for tasks outside its domain expertise
- Applying recommendations without understanding your specific context
- Not providing enough project context for accurate analysis