- Home
- Skills
- Prowler Cloud
- Prowler
- Prowler Ci
prowler-ci_skill
- Python
12.8k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill prowler-cloud/prowler --skill prowler-ci- SKILL.md2.9 KB
Overview
This skill helps diagnose and resolve CI and PR gating issues for Prowler GitHub Actions workflows. It focuses on why checks fail (title validation, changelog gate, conflict markers, secret scanning) and how workflows under .github/workflows are triggered. Use it to quickly locate the responsible workflow and apply the correct fix to unblock PR merges.
How this skill works
The skill inspects GitHub Actions workflow files under .github/workflows and maps failing jobs to the relevant YAML file. It checks path filters, PR title rules, changelog and label gates, conflict marker checks, secret-scan triggers (TruffleHog), and CODEOWNERS/labeler automation to explain why a particular workflow ran or failed. It also provides concrete remediation steps for common failures.
When to use it
- A PR shows failing CI checks and you need to identify which workflow/job caused it.
- You need to know why a workflow did or did not run after your code changes (path filters).
- PR title fails Conventional Commits validation.
- Changelog gate blocks merge or you want to apply no-changelog label.
- Secret scanner flags test files or real secrets.
- Conflict markers appear in a PR and block checks.
Best practices
- Start by locating the failing job name and the YAML file under .github/workflows.
- Verify path filters to ensure the workflow should run for your changed files before debugging job logic.
- Follow Conventional Commits for PR titles or adjust the title to meet validation rules.
- Update CHANGELOG.md for meaningful changes or add the no-changelog label when appropriate.
- Replace secret-looking test values with clearly fake placeholders to avoid TruffleHog false positives.
- Remove merge conflict markers (<<<<<<<, =======, >>>>>>>) before pushing changes.
Example use cases
- A UI change didn't trigger the expected UI test workflow — inspect path filters and workflow triggers.
- A PR is blocked by changelog validation — either update CHANGELOG.md or apply the no-changelog label per project policy.
- TruffleHog flags a test file — replace the value with an obviously fake test key and push a fix.
- Conventional commit check failed — edit the PR title to match the convention and re-run checks.
- Conflict-check workflow failed — search the diff for conflict markers and remove them.
FAQ
OpenAI-like keys (sk-...), AWS access key patterns (AKIA...), GitHub tokens (ghp_/gho_) and base64 blobs often trigger flags.
Can I ignore a TruffleHog finding?
Prefer fixing test values to clearly fake strings. Only use ignore mechanisms for rare, vetted false positives and rotate any real credentials immediately.