prowler-ci

Helps with Prowler repository CI and PR gates (GitHub Actions workflows). Trigger: When investigating CI checks failing on a PR, PR title validation, changelog gate/no-changelog label, conflict marker checks, secret scanning, CODEOWNERS/labeler automation, or anything under .github/workflows.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "prowler-ci" with this command: npx skills add prowler-cloud/prowler/prowler-cloud-prowler-prowler-ci

What this skill covers

Use this skill whenever you are:

  • Reading or changing GitHub Actions workflows under .github/workflows/
  • Explaining why a PR fails checks (title, changelog, conflict markers, secret scanning)
  • Figuring out which workflows run for UI/API/SDK changes and why
  • Diagnosing path-filtering behavior (why a workflow did/didn't run)

Quick map (where to look)

  • PR template: .github/pull_request_template.md
  • PR title validation: .github/workflows/conventional-commit.yml
  • Changelog gate: .github/workflows/pr-check-changelog.yml
  • Conflict markers check: .github/workflows/pr-conflict-checker.yml
  • Secret scanning: .github/workflows/find-secrets.yml
  • Auto labels: .github/workflows/labeler.yml and .github/labeler.yml
  • Review ownership: .github/CODEOWNERS

Debug checklist (PR failing checks)

  1. Identify which workflow/job is failing (name + file under .github/workflows/).
  2. Check path filters: is the workflow supposed to run for your changed files?
  3. If it's a title check: verify PR title matches Conventional Commits.
  4. If it's changelog: verify the right CHANGELOG.md is updated OR apply no-changelog label.
  5. If it's conflict checker: remove <<<<<<<, =======, >>>>>>> markers.
  6. If it's secrets (TruffleHog): see section below.

TruffleHog Secret Scanning

TruffleHog scans for leaked secrets. Common false positives in test files:

Patterns that trigger TruffleHog:

  • sk-*T3BlbkFJ* - OpenAI API keys
  • AKIA[A-Z0-9]{16} - AWS Access Keys
  • ghp_* / gho_* - GitHub tokens
  • Base64-encoded strings that look like credentials

Fix for test files:

# BAD - looks like real OpenAI key
api_key = "sk-test1234567890T3BlbkFJtest1234567890"

# GOOD - obviously fake
api_key = "sk-fake-test-key-for-unit-testing-only"

If TruffleHog flags a real secret:

  1. Remove the secret from the code immediately
  2. Rotate the credential (it's now in git history)
  3. Consider using .trufflehog-ignore for known false positives (rarely needed)

Notes

  • Keep prowler-pr focused on creating PRs and filling the template.
  • Use prowler-ci for CI policies and gates that apply to PRs.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

typescript

No summary provided by upstream source.

Repository SourceNeeds Review
90-prowler-cloud
General

zod-4

No summary provided by upstream source.

Repository SourceNeeds Review
283-prowler-cloud
General

react-19

No summary provided by upstream source.

Repository SourceNeeds Review
146-prowler-cloud
General

tailwind-4

No summary provided by upstream source.

Repository SourceNeeds Review
142-prowler-cloud