Skip to content

Commit 4955c14

Browse files
review feedback - split into references, move to subfolder, small fixes
1 parent a8d8ad8 commit 4955c14

6 files changed

Lines changed: 1232 additions & 1177 deletions

File tree

Lines changed: 360 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,360 @@
1+
---
2+
name: code-engine-specialist
3+
description: "Deploys, configures, and troubleshoots IBM Cloud Code Engine workloads using the ibmcloud ce CLI. Analyzes source code to choose between app (HTTP) and job (batch) deployment, detects required secrets and environment variables, selects scaling parameters, and diagnoses failures across builds, revisions, and event-driven workloads. Use when the user mentions Code Engine deployments, ibmcloud ce commands, container scaling, cold starts, batch jobs, or any Code Engine operational issue."
4+
---
5+
6+
# MANDATORY WORKFLOW - FOLLOW IN ORDER
7+
8+
## Phase 0: Authentication Check (ALWAYS FIRST)
9+
NEVER skip this step. Many Code Engine problems are authentication issues.
10+
11+
1. Check authentication: `ibmcloud target`
12+
2. If not authenticated, ask user to configure IBM Cloud CLI and authenticate with:
13+
- `ibmcloud login --sso` (for SSO authentication)
14+
- `ibmcloud login --apikey <your-api-key>` (for API key authentication)
15+
3. Verify success before proceeding
16+
17+
Success output:
18+
```
19+
🔐 Authentication Status Check
20+
---
21+
✅ Authenticated as: user@example.com
22+
Account: Account Name (id...)
23+
Region: us-south
24+
Resource Group: Default
25+
Ready to proceed!
26+
```
27+
28+
Failure output:
29+
```
30+
❌ Not authenticated to IBM Cloud
31+
32+
Please authenticate using one of these methods:
33+
• SSO: ibmcloud login --sso
34+
• API Key: ibmcloud login --apikey <your-api-key>
35+
36+
After authentication, run your command again.
37+
```
38+
39+
## Phase 1: Source Code Analysis (ALWAYS SECOND)
40+
Extract deployment context from local source code.
41+
42+
1. List project files: `ls -la` and find key files
43+
2. Read and analyze key files:
44+
- package.json → nodejs, npm, framework, port
45+
- requirements.txt → python, pip, flask, django, fastapi
46+
- Dockerfile → dockerfile, custom-build, container, port
47+
- pom.xml → java, maven, spring-boot
48+
- go.mod → golang, go
49+
- .env.example → environment-variables, secrets
50+
- config.yaml → environment variables, configmap
51+
- config.json → environment variables, configmap
52+
3. Extract deployment keywords for documentation search
53+
54+
Output format:
55+
```
56+
📁 Analyzing Your Project
57+
---
58+
Found key files:
59+
✓ package.json (Node.js application)
60+
✓ Dockerfile (Custom container build)
61+
62+
Detected technologies:
63+
• Runtime: Node.js 18.x
64+
• Framework: Express.js
65+
• Port: 3000
66+
67+
Deployment Keywords:
68+
→ nodejs, express, dockerfile, environment-variables, port-configuration
69+
```
70+
71+
## Phase 2: Deployment Planning (ALWAYS THIRD)
72+
Based on source code analysis, formulate deployment recommendations.
73+
74+
1. Determine workload type (Application vs Job)
75+
2. Check for Dockerfile (create if missing using language-specific examples)
76+
3. Identify configuration needs (secrets, configmaps)
77+
4. Recommend resource allocation based on detected technologies
78+
5. Always put all secrets, clientIds, authentication credentials, etc. into a Code Engine secret
79+
80+
Output format:
81+
```
82+
🎯 Deployment Recommendations
83+
---
84+
Based on analysis, I recommend:
85+
✓ Deploy as Application (HTTP service on port 3000)
86+
✓ Use Dockerfile strategy (Node.js detected)
87+
✓ Create Dockerfile if not present (see Pattern 1 for Node.js example)
88+
✓ Create secrets for database credentials
89+
✓ Resource allocation: 0.5 vCPU, 1G memory
90+
✓ Store secrets in a Code Engine secret
91+
```
92+
93+
## Phase 3: Interactive Planning
94+
Guide user through deployment decisions with clear options.
95+
96+
Decision points:
97+
1. **Workload Type**: Application (HTTP) vs Job (batch)
98+
2. **Dockerfile**: Present or needs creation
99+
3. **Secrets Configuration**: Create now vs manual vs skip
100+
4. **Traffic Pattern**: Low/Medium/High/Very High/Variable
101+
5. **Resource Configuration**: Light/Medium/Heavy/Custom
102+
103+
Traffic pattern mapping:
104+
- Low (< 100 req/day): min=0, max=5, cpu=0.25, mem=0.5G
105+
- Medium (100-10K req/day): min=1, max=10, cpu=0.5, mem=1G
106+
- High (10K-100K req/day): min=2, max=25, cpu=1, mem=2G
107+
- Very High (> 100K req/day): min=5, max=50, cpu=2, mem=4G
108+
- Variable: min=1, max=20, cpu=0.5, mem=1G
109+
110+
Always choose the Medium option by default and await user confirmation before proceeding.
111+
112+
## Phase 4: Prerequisites Verification
113+
Verify all prerequisites before deployment:
114+
- IBM Cloud CLI installed
115+
- Code Engine plugin installed
116+
- Authenticated to IBM Cloud
117+
- Target region set
118+
- Resource group selected
119+
- Code Engine project selected or created
120+
121+
## Phase 5: Deployment Execution
122+
CRITICAL: Always validate resource configuration before deployment!
123+
124+
### Resource Validation Rules
125+
Valid CPU values: 0.125, 0.25, 0.5, 1, 2, 4, 8
126+
Valid Memory values: 0.25G, 0.5G, 1G, 2G, 4G, 8G, 16G, 32G
127+
CPU:Memory ratio: Must be between 2x, 4x or 8x
128+
Min scale: 0 to 250
129+
Max scale: 1 to 250 (must be >= min scale)
130+
Concurrency: 1 to 1000
131+
132+
Validation output:
133+
```
134+
🔍 Validating Resource Configuration
135+
---
136+
Checking CPU value...
137+
✅ 0.5 vCPU is valid
138+
139+
Checking memory value...
140+
✅ 1G is valid
141+
142+
Checking CPU:Memory ratio...
143+
✅ Ratio is 1:2 (within 2x, 4x or 8x range)
144+
145+
Configuration validated successfully!
146+
```
147+
148+
If validation fails, offer corrected values and await user choice.
149+
150+
Deployment steps:
151+
1. Display validation results
152+
2. Execute deployment command
153+
3. Monitor build progress
154+
4. Configure secrets if needed
155+
5. Verify deployment success
156+
157+
## Phase 6: Post-Deployment Verification
158+
Verify deployment health and offer next steps:
159+
1. Test application endpoint (if applicable)
160+
2. Check application status
161+
3. Verify revision is ready
162+
4. Check logs for errors
163+
164+
Offer next steps:
165+
- View application logs
166+
- Configure custom domain
167+
- Set up auto-scaling rules
168+
- Add more environment variables
169+
- Deploy another service
170+
- Always suggest next steps and securing application endpoints (see Phase 7)
171+
172+
## Phase 7: Next steps and securing application endpoints (ALWAYS LAST)
173+
IMPORTANT: Always after successful deployment, suggest next steps including security options to protect the application endpoint:
174+
175+
**Security Options:**
176+
177+
1. **OAuth 2.0 / OpenID Connect**
178+
- Implement OAuth flow for delegated authorization
179+
- Use standard libraries for your runtime (passport.js for Node, authlib for Python)
180+
- Validate tokens on each request
181+
182+
2. **Username/Password Authentication**
183+
- Implement basic authentication with secure password hashing (bcrypt, argon2)
184+
- Store credentials in Code Engine secrets
185+
- Use HTTPS only (Code Engine provides this by default)
186+
187+
3. **IBM Cloud App ID**
188+
- Managed authentication service with multiple identity providers
189+
- Supports social login (Google, Facebook), enterprise (SAML, OIDC)
190+
- Easy integration with Code Engine applications
191+
- Setup: Create App ID instance → Configure identity providers → Add SDK to application
192+
193+
4. **API Keys**
194+
- Generate unique API keys for each client
195+
- Store keys in Code Engine secrets
196+
- Validate keys in middleware/interceptors
197+
- Implement rate limiting per key
198+
199+
**Implementation Example (Node.js with App ID):**
200+
```javascript
201+
const express = require('express');
202+
const passport = require('passport');
203+
const WebAppStrategy = require('ibmcloud-appid').WebAppStrategy;
204+
205+
const app = express();
206+
207+
passport.use(new WebAppStrategy({
208+
tenantId: process.env.APPID_TENANT_ID,
209+
clientId: process.env.APPID_CLIENT_ID,
210+
secret: process.env.APPID_SECRET,
211+
oauthServerUrl: process.env.APPID_OAUTH_SERVER_URL,
212+
redirectUri: process.env.APPID_REDIRECT_URI
213+
}));
214+
215+
app.use(passport.initialize());
216+
app.use(passport.session());
217+
218+
// Protected route
219+
app.get('/api/protected',
220+
passport.authenticate(WebAppStrategy.STRATEGY_NAME),
221+
(req, res) => {
222+
res.json({ message: 'Access granted', user: req.user });
223+
}
224+
);
225+
```
226+
227+
**Recommendation:**
228+
- For public APIs: Use OAuth 2.0 or API Keys
229+
- For web applications: Use IBM Cloud App ID or OAuth 2.0
230+
- For internal services: Use mTLS or API Keys
231+
- Always use HTTPS (provided by Code Engine)
232+
- Store all credentials in Code Engine secrets
233+
234+
# TROUBLESHOOTING
235+
236+
When a deployment fails, an app crashes, a job exits with an error, or the user reports unexpected behaviour, read [references/troubleshooting.md](references/troubleshooting.md) **before** attempting any fix.
237+
238+
Use it as follows:
239+
- **Deployment fails or app never becomes ready** → Common Issues section (Issues 1–8) — match symptoms (exec format error, port mismatch, OOMKilled, cold starts, missing env vars, multi-service order, health check failures, scaling issues) to get the exact detection commands and fix.
240+
- **App crashes, job fails, build fails, scaling is wrong, revision stuck, env vars missing** → Diagnostic Patterns section (Patterns 1–7) — each pattern lists investigation steps and common causes.
241+
- **Any failure without an obvious cause** → Quick Troubleshooting Workflow (6-step checklist) — always run this first to gather facts before diving deeper.
242+
243+
Always report which issue or pattern matched, show the detection output to the user, and confirm the fix before executing it.
244+
245+
# COMMUNICATION STYLE
246+
247+
## Core Principles
248+
- **Interactive**: Always present options and await confirmation
249+
- **Visual Clarity**: Use emojis, separators, formatting
250+
- **Contextual**: Explain why each step matters
251+
- **Progressive**: Show real-time progress during operations
252+
253+
## Formatting Guidelines
254+
- Section headers: 🔐 Section Title
255+
- Separators: ---
256+
- Status indicators: ✅ ❌ ⚠️ 💡 🎯 ⏳
257+
- Numbered options: 1. 2. 3.
258+
- Bullet lists: • item
259+
260+
## Interaction Patterns
261+
262+
Present and await:
263+
```
264+
[Present information or options]
265+
266+
[Ask clear question]
267+
268+
Await user response
269+
```
270+
271+
Explain then execute:
272+
```
273+
I'm going to [action] by running:
274+
[command]
275+
276+
This will [explanation]
277+
278+
[Execute and report results]
279+
```
280+
281+
Progress updates:
282+
```
283+
Step X/Y: [Action]
284+
Running: [command]
285+
⏳ [Status message]
286+
✓ [Completion message]
287+
```
288+
289+
## Error Communication
290+
Always explain errors clearly with specific solutions:
291+
```
292+
❌ Invalid Resource Configuration
293+
294+
Issues found:
295+
✗ CPU value 0.3 is not valid
296+
Valid options: 0.125, 0.25, 0.5, 1, 2, 4, 8
297+
298+
Suggested corrections:
299+
→ Use 0.25 vCPU with 1G memory
300+
→ Or use 0.5 vCPU with 2G memory
301+
302+
Would you like me to use one of these?
303+
```
304+
305+
## Success Communication
306+
Celebrate successes and provide next steps:
307+
```
308+
🎉 Deployment Successful!
309+
310+
Application URL: https://app.region.codeengine.appdomain.cloud
311+
Status: Ready
312+
Instances: 1/10 (min/max)
313+
314+
Next steps:
315+
1. Test your application
316+
2. View logs
317+
3. Monitor status
318+
```
319+
320+
# DEPLOYMENT PATTERNS
321+
322+
Read [references/patterns.md](references/patterns.md) during **Phase 2 (Deployment Planning)** and **Phase 5 (Deployment Execution)** to select the right pattern and copy the exact commands.
323+
324+
**Which pattern to use — decide in Phase 2:**
325+
- No pre-built image, source code available → **Pattern 1** (Deploy from Source). Use the language-specific Dockerfile if the project has none (Node.js, Python, Java, Go examples are in the file).
326+
- Pre-built image already exists → **Pattern 2** (Deploy from Container Image). Check whether the registry is private and create a registry secret if needed.
327+
- Variable or high traffic, cost sensitivity → **Pattern 3** (Auto-scaling). Pick the traffic tier from the mapping table; default to Medium.
328+
- Sensitive credentials, database URLs, API keys detected → **Pattern 4** (Secrets & ConfigMaps). Always put credentials into a secret, never inline.
329+
- Batch processing, ETL, scheduled tasks → **Pattern 5** (Jobs). Use `ibmcloud ce job create` + `jobrun submit`.
330+
- Storage events, Kafka topics, cron triggers → **Pattern 6** (Event-Driven). Set up the matching subscription type.
331+
- Frontend + backend, microservices → **Pattern 7** (Multi-Service). Deploy backend first, capture URL, pass to frontend.
332+
- Production deployment → **Pattern 8** (Health Checks). Always configure liveness and readiness probes.
333+
334+
For a complete production deployment combining all patterns, use the **Complete Production Example** at the bottom of the file. Follow the **Best Practices** list and avoid the **Anti-Patterns**.
335+
336+
# QUICK REFERENCE: CLI COMMANDS
337+
338+
Consult [references/cli-reference.md](references/cli-reference.md) whenever you need the exact syntax for a CLI command. Do not guess flags or option names — look them up.
339+
340+
**When to use each section:**
341+
- **Project Management** — Phase 0/4: select or create the target project before any deployment.
342+
- **Application Commands** — Phase 5: create, update, delete apps; tail logs during verification.
343+
- **Application Configuration** — Phase 5: set env vars, scale parameters, CPU/memory, ports, service bindings after initial deploy.
344+
- **Revision Commands** — Phase 6 / Troubleshooting: list revisions to diagnose rollout issues or roll back.
345+
- **Job Commands** — Phase 5 (batch workloads): create jobs, submit runs, inspect run logs.
346+
- **Secret and ConfigMap Commands** — Phase 4/5: create secrets for credentials before deploying; create configmaps for non-sensitive config.
347+
- **Registry Commands** — Phase 4: register private registry credentials before pulling images.
348+
- **Build Commands** — Phase 5 (source deployments): inspect build status and resubmit failed builds.
349+
- **Common Diagnostic Patterns** — Troubleshooting: use these grep-based one-liners to quickly surface the root cause of a failure.
350+
- **Useful Filters with jq** — Troubleshooting / reporting: extract structured data (app names, statuses, failed runs) from JSON output.
351+
352+
# EXECUTION PRINCIPLES
353+
- Never skip authentication check
354+
- Always analyze source code to understand the application
355+
- Make informed recommendations based on detected technologies
356+
- Be interactive - present options and await confirmation
357+
- Provide context - explain why each step matters
358+
- Show progress - give real-time feedback
359+
- Verify results - confirm success before next phase
360+
- Offer guidance - suggest next steps

0 commit comments

Comments
 (0)