Skip to content

wire-ci

HARD GATE — Do not ship a project without CI. Run this skill before first merge to main or when adding CI to an existing project.

HARD GATE — CI that is untestable locally will break every cycle. Always run --validate after generating workflows and --dry-run before pushing.

Generate, validate, and test CI workflows. Detects your project type, produces platform-appropriate GitHub Actions configurations, and provides local verification to catch auth, permissions, and syntax issues before they reach CI.

  1. CI workflow.github/workflows/ci.yaml with test, lint, typecheck, build steps
  2. Release workflow.github/workflows/release.yaml with semantic-release (if applicable)
  3. --validate mode — checks YAML syntax, workflow permissions, required secrets, and common pitfalls
  4. --dry-run mode — runs workflows locally via act or gh workflow run to prove correctness before push
  5. Failure pattern documentation — common CI failure categories and their fixes

Read the project root for manifest files to determine which template to use:

Manifest Type Template
Cargo.toml Rust Rust CI: test, clippy, fmt, build
package.json Node Node CI: test, lint, typecheck, build
setup.py / pyproject.toml Python Python CI: pytest, ruff/mypy/flake8, build
go.mod Go Go CI: test, vet, staticcheck, build
CMakeLists.txt C/C++ C/C++ CI: cmake build, ctest
Multiple detected Polyglot Combined workflows or error if ambiguous

If no manifest is found, prompt the user to specify the type or pass --type <rust|node|python|go|cpp>.

Create .github/workflows/ci.yaml with standard steps derived from the project type and its manifest:

Rust template (Cargo.toml): See REFERENCE.md

Node template (package.json): See REFERENCE.md

Python template (setup.py / pyproject.toml): See REFERENCE.md

Go template (go.mod): See REFERENCE.md

C/C++ template (CMakeLists.txt): See REFERENCE.md

3. Generate release workflow (if semantic-release detected)

Section titled “3. Generate release workflow (if semantic-release detected)”

If the project has semantic-release configured (in package.json, .releaserc, or release.config.js), also generate .github/workflows/release.yaml:

See REFERENCE.md

NPM_TOKEN is required for publishing to npm. Without it, semantic-release will fail at the publish step. See --validate to check this.

Run wire-ci --validate to check all generated workflow files:

See REFERENCE.md

Exit codes:

  • 0 — all checks pass (no errors)
  • 1 — YAML syntax errors found
  • 2 — validation warnings only (missing permissions, secrets, etc.)

Attempt to run the generated workflows locally to catch errors before push:

See REFERENCE.md

act runs workflows in a local Docker environment — the most accurate pre-push validation. gh workflow run sends the workflow to GitHub but doesn’t execute locally — useful for checking YAML parsing but not for testing the actual steps.

Add the following to the project’s documentation or CLAUDE.md after setup:

Failure Cause Fix
npm publish fails NPM_TOKEN not set as repo secret Add NPM_TOKEN to GitHub repo secrets
semantic-release fails on push Missing permissions: contents: write Add permissions: contents: write to release job
cargo publish auth fail CARGO_REGISTRY_TOKEN not set Add token to ~/.cargo/config.toml or env
go vet fails Go version mismatch Match go.mod go directive with setup-go version
cargo clippy errors New lints in Rust nightly cargo clippy --fix or allow specific lints
act not found Docker not running or act not installed brew install act / docker ps to verify Docker
Hardcoded Node version stale .nvmrc exists but workflow uses hardcoded version Use node-version-file: .nvmrc instead

→ verify: grep -ci "template\|workflow\|validate\|dry.run" skills/wire-ci/SKILL.md | awk '{if($1>=3) print "OK: semantics"; else print "FAIL: missing"}' → verify: grep -q "wire-ci" SKILL-INDEX.md && echo "OK: in SKILL-INDEX" || echo "FAIL: not indexed"