Deploy

new opus

GitHub Actions deployment skill. Manage workflows, releases, GHCR, and CI/CD through a conversational interface with automatic safety classification for every operation.

🔧

SETUP

Detect repo, enumerate workflows, configure GitHub integration in CLAUDE.local.md, generate deploy-admin agent.

RELEASE

Automated version bump, changelog generation, commit, tag, push, CI verification — full release pipeline.

🔄

DEPLOY

Trigger workflow_dispatch workflows, monitor runs, VPS health checks via SSH integration.

Quick Reference

FieldValue
Command/brewtools:deploy
Arguments<task description> or setup/create/release/deploy/monitor/update-agent
Modessetup, create, release, deploy, monitor, update-agent
Agentdeploy-admin (auto-delegated for complex ops)
Config storageCLAUDE.local.md (gitignored)
Modelopus

Quick Start

# First time -- set up GitHub integration
/brewtools:deploy setup

# Create a new workflow
/brewtools:deploy create new build workflow for Docker

# Release a new version
/brewtools:deploy release v3.4.45

# Trigger a deployment
/brewtools:deploy trigger deploy-docs workflow

# Monitor CI status
/brewtools:deploy monitor

# Refresh deploy-admin agent with latest workflow data
/brewtools:deploy update agent

Deployment Flow

  1. Phase 0 — Mode detection

    Auto-parses your intent from the argument: setup, create, release, deploy, monitor, or update-agent.

  2. Phase 1 — Environment check

    Verifies gh CLI installation, authentication, token scopes, repo detection, and existing config in CLAUDE.local.md.

  3. Phase 2 — Setup

    Detects repo info, enumerates workflows, checks secrets, discovers SSH server targets, writes GitHub config to CLAUDE.local.md, generates deploy-admin agent.

  4. Phase 3 — Create workflow

    Generates workflow YAML from templates (Build+GHCR, Deploy VPS, Release, Security Scan) with project-specific customization.

  5. Phase 4 — Release

    Full release pipeline: version bump, changelog generation, RELEASE-NOTES.md update, commit, tag, push, plugin update, CI verification.

  6. Phase 5 — Deploy

    Triggers workflow_dispatch workflows, monitors run progress, runs VPS health checks via SSH integration.

  7. Phase 6 — Monitor

    Dashboard view: recent runs, workflow states, releases, failed run logs.

Safety Classification

Every GitHub command is classified before execution. READ and CREATE run freely; MODIFY and above require confirmation.

🔍

READ

gh run list, gh workflow list, gh release view, gh secret list — free, no confirmation.

CREATE

Create workflow YAML, gh release create --draft — free if non-destructive.

✏️

MODIFY

Edit workflow, gh secret set, git commit/tag — asks for confirmation.

🔄

SERVICE

gh workflow run, gh run rerun, git push — asks for confirmation.

⚠️

DELETE

gh release delete, gh run cancel, remove workflow file — ALWAYS asks for confirmation.

🛡️

PRIVILEGE

gh secret delete, branch protection, gh workflow disable — ALWAYS asks for confirmation.

Caution

Destructive operations (DELETE, PRIVILEGE) always require explicit confirmation. The skill breaks compound commands into individually classified steps.

Workflow Templates

The skill includes 4 battle-tested workflow templates extracted from real production workflows.

Build + Push GHCR

Multi-platform Docker build with GitHub Container Registry. Supports tag-based and branch-based triggers.

🔄

Deploy to VPS

SCP + SSH deployment with health checks and rollback. Integrates with ssh skill server inventory.

📄

Release

Extract changelog from RELEASE-NOTES.md, create GitHub Release with assets and notes.

🛡️

Security Scan

CodeQL, Gitleaks, or Semgrep integration with SARIF upload and summary annotations.

Configuration

GitHub config and workflow inventory are stored in CLAUDE.local.md at the project root. This file is gitignored.

## GitHub Config

| Property | Value |
|----------|-------|
| Owner | kochetkov-ma |
| Auth | gh CLI (token) |
| Registry | ghcr.io |
| Default repo | claude-brewcode |

## Workflows: claude-brewcode

| Name | File | Trigger | Status | Last Run |
|------|------|---------|--------|----------|
| Docs | docs.yml | tag v*.*.* | active | success (2026-04-07) |
| Release | release.yml | tag v*.*.* | active | success (2026-04-07) |

The skill reads these tables on every invocation and injects context into the deploy-admin agent.

The skill dynamically generates a deploy-admin agent file with workflow inventory, GitHub config, and server targets baked into its prompt. This agent handles complex multi-step DevOps operations.

The agent receives:

  • GitHub config from CLAUDE.local.md
  • Workflow inventory with triggers and status
  • SSH server targets (from SSH skill integration)
  • Secret names (never values)

Use update-agent mode to refresh agent data after workflow or config changes.

The deploy skill reads SSH server inventory from CLAUDE.local.md (written by the SSH skill) for VPS deployment targets and health checks.

  • VPS deploy workflows use SSH servers as targets
  • Post-deploy health checks run via SSH
  • GHCR login on servers uses docker-auth-flow reference

Run /brewtools:ssh setup first to configure server connections if you need VPS deployments.

Usage Examples

# Bump patch version and release
/brewtools:deploy release patch

# Release specific version
/brewtools:deploy release v3.5.0

# Major version release
/brewtools:deploy release major
# Create a Docker build workflow
/brewtools:deploy create new build workflow for ghcr.io

# Create a VPS deploy workflow
/brewtools:deploy create deploy workflow for vps-main

# Create a security scanning workflow
/brewtools:deploy create security scan workflow
# Trigger a specific workflow
/brewtools:deploy trigger deploy-docs workflow

# Deploy to staging
/brewtools:deploy run staging deployment

# Deploy and monitor
/brewtools:deploy trigger release and watch
# Check recent CI runs
/brewtools:deploy monitor

# Check specific workflow status
/brewtools:deploy check status of docs workflow

# View failed run logs
/brewtools:deploy show logs for failed run

Tip

For interactive commands like gh auth login, use the Claude Code escape hatch: ! gh auth login to open a direct terminal session.

Note

CLAUDE.local.md is gitignored by default. GitHub config, workflow inventory, and server details are never committed to version control.

Troubleshooting

IssueSolution
gh CLI not installedInstall from https://cli.github.com/
Not authenticatedRun ! gh auth login in Claude Code terminal
Insufficient token scopesRe-authenticate with ! gh auth login -s repo,workflow,write:packages
Workflow not triggeringCheck trigger config in workflow YAML, verify branch/tag pattern
Release CI failedRun /brewtools:deploy monitor to view failed run logs
VPS deploy failedCheck SSH connectivity with /brewtools:ssh connect to server-name
🚀

Latest Release

Download, changelog, and installation instructions.

🔗

View on GitHub

Source code, README, and configuration files.

Updating plugins

Use /brewtools:plugin-update to check and update the brewcode plugin suite in one command. See the FAQ for details.