DevOps is the discipline of making production not hurt. The hurt usually comes from five places: flaky CI, slow or unsafe deploys, the wrong thing shipped, the right thing shipped but nobody noticed it broke, and the cost of rebuilding context on whatever you were doing yesterday. The skills below each directly target one of those pain points. All live inside verified plugins with real commit history and meaningful star counts.

Build GitHub Actions workflows end to end — CI, CD, automated releases, dependency updates, and custom composite actions. From the claude-skills plugin. If your stack is anywhere on GitHub, this is the most-used pipeline surface you have, and the wrong YAML here costs an afternoon of debugging indented-wrong steps that look correct.

When to use: bootstrapping a new repo's CI, adding a release pipeline, splitting a monolithic workflow into reusable composite actions, or migrating from another CI system. Handles matrix builds, caching, artifacts, and environment gating without the usual YAML-by-feel.

Generalized CI/CD pipeline builder — GitHub Actions, GitLab CI, Jenkins, and CircleCI, with test, build, and deploy stages. From claude-skills. Useful when you're not in the GitHub monoculture: enterprise environments, on-prem GitLab, or a legacy Jenkins stack that needs modernizing one Jenkinsfile at a time.

When to use: starting a pipeline on a non-Actions CI system, auditing an existing pipeline for missing stages (security scan, SBOM, artifact signing), or porting a known-good workflow across CI systems. Faster than looking up each system's YAML dialect from scratch every time.

Pre-landing PR review. Analyzes the diff against the base branch for SQL safety issues, LLM trust-boundary violations, conditional logic bugs, accidental secret exposure, and the usual subtle things that pass unit tests but fail in production. From gstack (78,986 stars). This is the skill that catches the DELETE FROM users WHERE id = $1 missing a filter before it hits the actual users table.

When to use: on every non-trivial PR before merging. Especially for PRs touching migrations, auth boundaries, shell commands, or any code that constructs queries from user input. A second opinion on code review is cheap; a bad merge on main is not.

Post-deploy canary monitoring. Watches the live app for console errors, performance regressions, and visible page failures using browser-driven checks. From gstack (78,986 stars). Complements synthetic monitoring — it catches the client-side things a Datadog synthetic doesn't.

When to use: the first 10 minutes after every production deploy. Also as the "is the rollback decision obvious yet?" check during an incident. Fails loud enough that you can't miss it during a rollout, quiet enough that it doesn't page you for every transient 502.

Safety guardrails for destructive commands. Warns before rm -rf, DROP TABLE, aws s3 rm --recursive, git push --force, kubectl delete namespace, and the other operations that have no undo button. From gstack (78,986 stars).

When to use: always on. The one time you most want this skill installed is the one time you weren't planning to run a destructive command — you were planning to run a safe one that happened to share a prefix with a destructive one. Autocomplete is a hostile environment.

Captures git state, decisions made during a working session, and remaining work so a future session can pick up without losing the thread. From gstack (78,986 stars). For DevOps specifically, the pain this solves is coming back on Monday to a half-finished cluster migration with twelve terminal tabs and no memory of which one had the rollback procedure.

When to use: at the end of any multi-hour session on infrastructure work, before a context-switch to an incident, or before handing off to a colleague. Also at the midpoint of a long migration so that if something catastrophic happens you're not rebuilding state from Slack scrollback.

End-to-end ship workflow. Detects the merge base, runs tests, reviews the diff, bumps VERSION, updates CHANGELOG, commits, pushes, and creates the PR — all as one orchestrated sequence. From gstack (78,986 stars). Pairs well with land-and-deploy if your project has a matching one-command deploy.

When to use: any time you're shipping a non-trivial change and want the version bump, changelog entry, and PR body to actually get written instead of being deferred to a theoretical "cleanup PR" that never happens. Converts a five-step manual workflow into one command that doesn't skip the boring steps.

How to install

Each skill lives inside a plugin. Add the plugin marketplace once, then install with a single command — the skill detail page has the exact install string. For DevOps-first installs, the highest-ROI pair is gstack (for review, canary, careful, context-save, and ship) together with claude-skills (for github-actions and ci-cd-builder). Between them you get pipeline scaffolding, pre-merge defense, post-deploy observability, destructive-command guardrails, and session continuity — the five things that most visibly reduce DevOps pain.