Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From volcengine
Deploys a local project or Git repository to Volcengine as a running cloud service on ECS, VKE, or veFaaS. Guides the user through mode selection, resource strategy, and CLI or Terraform management.
How this skill is triggered — by the user, by Claude, or both
Slash command
/volcengine:volcengine-deployThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Deploy a local project directory or remote Git URL to Volcengine after the user chooses ECS / VKE / veFaaS and resource management (`cli` or `iac`). Keep deployment execution pragmatic: use `volcengine-iac` only when the user chooses Terraform/IaC or already has an IaC workflow; otherwise use `ve` CLI plus `.volcengine/created-resources.json`.
references/deployment-plan-template.mdreferences/dockerfile-templates.mdreferences/ecs-deploy-steps.mdreferences/faas-deploy-steps.mdreferences/k8s-manifests.mdreferences/service-linked-roles.mdreferences/supported-dependencies.mdreferences/vke-deploy-steps.mdscripts/gen-docker-compose-test.shscripts/gen-systemd-unit.shscripts/poll-status.shDeploy a local project directory or remote Git URL to Volcengine after the user chooses ECS / VKE / veFaaS and resource management (cli or iac). Keep deployment execution pragmatic: use volcengine-iac only when the user chooses Terraform/IaC or already has an IaC workflow; otherwise use ve CLI plus .volcengine/created-resources.json.
Volcengine authentication is checked by the execution skill you call (volcengine-cli, volcengine-iac, or volcengine-vefaas). Accept either the required AK/SK env vars for that skill or an already configured CLI profile when that skill supports it; do not duplicate their hard env requirements here.
Check tools after the user chooses a path:
| Mode | Required tools |
|---|---|
| ECS | ve, git, jq, curl; ssh only if the user opens port 22; docker/docker compose only for Docker or compose packaging |
| VKE | ve, docker, kubectl, git, jq, curl |
| veFaaS | switch to/call the volcengine-vefaas skill, which checks vefaas, Node.js, auth, framework detection, and deploy commands |
tosutil is optional for ECS artifact transfer and TOS buckets. Do not add it as a hard prerequisite for volcengine-deploy; if it is absent, use SSH/scp when allowed or ask the user for an existing artifact URL.
If the user has not chosen a mode, run volcengine-prepare inline or ask for these decisions:
1. Deployment mode: ECS / VKE / veFaaS (recorded as `ecs` / `vke` / `vefaas`)
2. Resource strategy: new isolated project deploy-<repo>, or reuse existing resources
3. Resource management: CLI resource ledger / Terraform IaC (recorded as `cli` / `iac`)
Persistent local state lives under .volcengine/ in the repo root:
.volcengine/
deployment-plan.md # human-readable approval gate
deploy-choice.json
created-resources.json # CLI fast path only
iac-outputs.json
terraform/ # IaC-managed resources
This table is a navigation overview. Detailed rules live in the sections or reference files named in Details.
| # | Action | Details |
|---|---|---|
| 1 | Resolve target — Resolve local path or Git URL; record repo_name, repo_dir, and git_sha. | Stage 0 |
| 2 | Load or choose path — Load .volcengine/deploy-choice.json; if missing, use the volcengine-prepare skill, or ask for mode, resource strategy, and resource management. | Stage 0 |
| 3 | Create plan — Create/update .volcengine/deployment-plan.md in the user's original language. | references/deployment-plan-template.md |
| 4 | Show resources — Present every resource to create or reuse, such as VPC, ECS, VKE, RDS, Redis, CR, EIP, or dependencies. | references/deployment-plan-template.md |
| 5 | Validate gate — Require status: validated, populated Validation Proof, and approval: granted with non-empty approval_evidence before provisioning. | references/deployment-plan-template.md |
| 6 | Dispatch resource management — Use the volcengine-iac skill for Terraform/IaC; otherwise use ve CLI plus .volcengine/created-resources.json. | Resource management dispatch |
| 7 | Provision resources — Create or reuse resources; append each CLI-created resource to .volcengine/created-resources.json. | Resource ledger |
| 8 | Wire runtime config — Resolve config and secrets; never print secrets. | Environment and Dependency Wiring |
| 9 | Execute deployment — Run the selected case: ecs, vke, or use the volcengine-vefaas skill for vefaas. | Branch references |
| 10 | Verify success — Check public endpoint, health, logs, and one core behavior when possible. | Branch references |
| 11 | Handle failure — Print reverse-order CLI cleanup commands; never delete reused resources without confirmation. | Resource ledger |
| 12 | Report result — Print URL, health, acceptance, logs, resource records, cleanup path, and warnings. | Deployment summary |
input="${1:-.}"
if [[ "$input" =~ ^(https?|git@) ]]; then
repo_name=$(basename "$input" .git)
work_dir="/tmp/volcengine-deploy/$repo_name"
mkdir -p "$work_dir"
if [ -d "$work_dir/src/.git" ]; then
git -C "$work_dir/src" pull --ff-only
else
git clone --depth 1 "$input" "$work_dir/src"
fi
repo_dir="$work_dir/src"
else
repo_dir=$(cd "${input:-.}" && pwd)
repo_name=$(basename "$repo_dir")
work_dir="$repo_dir/.volcengine"
mkdir -p "$work_dir"
fi
git_sha=$(cd "$repo_dir" && git rev-parse --short HEAD 2>/dev/null || echo "$(date +%s)")
Local directories are deployed in place and are not cloned. For Git URLs, use shallow clone first; if clone repeatedly fails, try an archive/subdirectory path or stop with a clear "not suitable for quick remote build" message. Do not claim a README/static mirror is the deployed application.
Load .volcengine/deploy-choice.json if present. It is produced by volcengine-prepare, which keeps the choice schema authoritative; volcengine-deploy only consumes the selected repo, region, mode, port, dependencies, database choice, resource strategy, project, and infra_management.
If .volcengine/deploy-choice.json is missing, run volcengine-prepare or ask only the missing decisions needed to create it. Do not maintain a second full choice schema in this skill.
After loading or creating the choice file, create or update .volcengine/deployment-plan.md; read references/deployment-plan-template.md first. The plan body must use the user's original language, list the expected resources, and gate provisioning on status: validated, approval: granted, and a non-empty approval_evidence.
If approval is pending, confirm before creating resources, using the same language as the user:
Deploying <repo_name> via <mode> in <region>.
Resource plan:
- <create|reuse> <resource type>: <name>, <purpose/exposure/cleanup>
Proceed? [y/N]
Use the resource ledger only for CLI-created resources. IaC-created resources are tracked by Terraform state and exported through .volcengine/iac-outputs.json.
Every resource created by volcengine-deploy must be appended to .volcengine/created-resources.json immediately after creation. This is mandatory for cleanup and failure recovery.
Ledger entry:
{
"type": "eip",
"id": "eip-xxxx",
"name": "deploy-myapp-eip",
"region": "cn-beijing",
"project": "deploy-myapp",
"reused": false,
"created_at": "2026-05-29T00:00:00Z",
"delete_command": "ve vpc ReleaseEipAddress --AllocationId eip-xxxx"
}
Rules:
reused=false, include exact delete command.reused=true, do not include them in destructive cleanup.dependent=true / cleanup_optional=true or omit it as an independent ledger item. Do not make cleanup fail just because the instance already released the EIP.delete_command values manually. Do not silently delete unless the user confirms.deploy-<repo> for new resources, but confirm the project exists or can be created before passing that project name to resource creation. If project creation is unavailable, use default and isolate resources with names and tags.Creating cloud resources costs money and is not freely reversible, so the plan frontmatter records two independent facts:
status: draft | validated — whether validation checks passed.approval: pending | granted — whether the user authorized creating resources.approval_evidence: a quote of the user's authorizing words; approval: granted is invalid while this is empty.Create, modify, or reuse a resource only when all of these hold: status: validated, the Validation Proof section is populated with real checks and has no failed required check, approval: granted, and approval_evidence is non-empty. Otherwise stop and complete the gate first.
Rules:
approval_evidence must quote the user authorizing execution — "just deploy it", "open the resources for me", "go ahead". A configuration choice such as "use ecs" is selection, not spend authorization, and must not be used as evidence.approval: granted without real authorizing words, and never set status: validated while a required decision or secret is missing or a check was not actually run — record an unrun check as deferred with its reason instead of faking a pass.approval: granted with that quote, then proceed without interrupting before each resource. Treat this as authorization only when the words clearly authorize deployment or resource creation, not mere mode selection.mode, region, infra_management, or the resource plan — reset status: draft, approval: pending, and approval_evidence: "", re-show the resource plan, and ask again.Before provisioning, dispatch from infra_management in .volcengine/deploy-choice.json. volcengine-prepare owns the cli vs iac recommendation and the user's choice; this skill only consumes it.
infra_management | Action |
|---|---|
iac | Use volcengine-iac (see When using IaC below). |
cli | Use the ve CLI plus the resource ledger (see When using CLI below). |
If infra_management is missing or invalid, do not infer a default here. Return to volcengine-prepare, or ask the user to choose cli or iac, then update .volcengine/deploy-choice.json and refresh .volcengine/deployment-plan.md.
When using IaC:
volcengine-iac with .volcengine/deploy-choice.json..volcengine/iac-outputs.json for VPC/subnet/security group/cluster/CR/database/cache outputs.When using CLI:
ve..volcengine/created-resources.json immediately.Before starting ECS services or applying Kubernetes manifests, resolve runtime configuration:
.env.example, .env.sample, framework config, and dependency outputs from IaC/CLI provisioning.0600./opt/<repo>/.env before starting the service; the unit template reads it through EnvironmentFile=-/opt/<repo>/.env.<connection-string> placeholders in an applied Secret.Managed dependency wiring must be completed before health checks:
database_product=rds, engine mysql / postgresql / sqlserver): create or reuse the instance, database, and app account; use the private endpoint; build DATABASE_URL; add the ECS/VKE subnet CIDR or security group source to the database allowlist; run migrations explicitly when migration_paths is non-empty.database_product=aidap, engine supabase / postgresql): call volcengine-db-supabase to create or reuse the workspace, branch, app DB account/database, and return database/AIDAP env values before app health checks.REDIS_URL; add the ECS/VKE subnet CIDR or security group source to the Redis allowlist.case "$deploy_mode" in
ecs) proceed_ecs ;;
vke) proceed_vke ;;
vefaas) run_vefaas_skill ;;
*) echo "Unknown deploy mode: $deploy_mode"; exit 2 ;;
esac
ECS is the default lightweight VM path. Public services must get an EIP so the user can access the service after deployment.
Select packaging from the repo shape: compose file -> compose on ECS; Dockerfile -> Docker on ECS; clear binary or single process -> binary + systemd; otherwise ask one focused start-command question.
Keep these hard boundaries in the main context:
infra_management=iac; otherwise use the CLI ledger path and record every CLI-created resource immediately.Read references/ecs-deploy-steps.md for the detailed ECS packaging, upload, Cloud Assistant, Docker mirror, architecture, health-gate, and cleanup workflow.
Do not duplicate veFaaS deployment details here. If the user chooses veFaaS, switch to/call the volcengine-vefaas skill with:
Tell the user the volcengine-vefaas skill will run vefaas inspect, verify login, create/link the app, configure env vars if needed, deploy, and print domains.
If the volcengine-vefaas skill fails, return to this main deployment flow. Summarize the failure, then offer the user a choice:
Recommend volcengine-iac for VKE resource provisioning because cluster, node pool, CR, LB, and managed dependencies benefit from plan/diff/destroy safety. Use ve CLI plus the resource ledger when the user chooses CLI after seeing the tradeoff, for temporary validation, explicit user preference, or IaC fallback.
After choosing VKE, check docker, kubectl, ve, and terraform/jq if using IaC. Build for the node architecture, defaulting to linux/amd64 unless cluster data proves otherwise; inspect the pushed image platform before rollout.
Keep this ordered execution skeleton — these actions must be chained in sequence, and a later step run before an earlier one converges is the most common VKE failure:
Running, then fetch the kubeconfig (from IaC outputs or CreateKubeconfig).core-dns present; prefer cr-credential-controller for private CR pulls.Keep these hard boundaries in the main context:
CreateKubeconfig before the cluster is Running returns OperationDenied — poll to Running first.core-dns before relying on in-cluster DNS.cr-credential-controller for private Volcengine CR image pulls instead of storing registry passwords in app manifests.Result.Username from GetAuthorizationToken for docker login; never invent a fallback username.For managed dependencies, prefer managed Volcengine services when practical; otherwise state clearly when the plan is deploying stateful containers inside VKE.
Read references/vke-deploy-steps.md for the full VKE pipeline (cluster wait, kubeconfig, addon checks, CR auth/push, rollout, endpoint verify), with references/k8s-manifests.md for manifest templates and references/dockerfile-templates.md for image build templates.
Print one access card:
volcengine-deploy — <repo_name> (<git_sha>)
Mode: <ecs|vke|vefaas>
Region: <region>
Project: <deploy-project or reused resources>
URL: <public endpoint>
Health: <checked URL/status>
Acceptance: <core app behavior checked, or reason only transport health was possible>
Resources: .volcengine/created-resources.json
IaC: <.volcengine/terraform + .volcengine/iac-outputs.json | n/a>
Logs: <journalctl / docker logs / kubectl logs / vefaas logs command>
Cleanup: <reverse-order cleanup commands or ledger path>
Notes: <credentials/env/migration warnings>
Do not add custom domain, HTTPS, dashboards, or cost cards unless the user asks; those are day-2 tasks.
Use these references as needed:
references/deployment-plan-template.mdreferences/ecs-deploy-steps.mdreferences/vke-deploy-steps.mdreferences/faas-deploy-steps.mdreferences/dockerfile-templates.mdreferences/k8s-manifests.mdreferences/supported-dependencies.mdCommon gotchas are intentionally kept as references so the main skill stays adaptive:
references/ecs-deploy-steps.mdreferences/dockerfile-templates.mdreferences/vke-deploy-steps.mdreferences/k8s-manifests.mdreferences/supported-dependencies.mdreferences/faas-deploy-steps.md and volcengine-vefaasvolcengine-troubleshooting skill and use its account-permission diagnosis capability to locate the root cause and guide the user through remediationnpx claudepluginhub volcengine/volcengine-skills --plugin volcengineBuilds accessible UIs with shadcn/ui components on Radix UI + Tailwind CSS, plus canvas visuals. For React apps (Next.js, Vite, Remix, Astro), design systems, responsive layouts, themes, dark mode, prototypes.