prowler-ci_skill

This skill helps diagnose and fix PR CI failures in prowler-ci by analyzing workflows, filters, and gating rules across .github/workflows.
  • Python

12.8k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill prowler-cloud/prowler --skill prowler-ci

  • SKILL.md2.9 KB

Overview

This skill helps diagnose and resolve CI and PR gating issues for Prowler GitHub Actions workflows. It focuses on why checks fail (title validation, changelog gate, conflict markers, secret scanning) and how workflows under .github/workflows are triggered. Use it to quickly locate the responsible workflow and apply the correct fix to unblock PR merges.

How this skill works

The skill inspects GitHub Actions workflow files under .github/workflows and maps failing jobs to the relevant YAML file. It checks path filters, PR title rules, changelog and label gates, conflict marker checks, secret-scan triggers (TruffleHog), and CODEOWNERS/labeler automation to explain why a particular workflow ran or failed. It also provides concrete remediation steps for common failures.

When to use it

  • A PR shows failing CI checks and you need to identify which workflow/job caused it.
  • You need to know why a workflow did or did not run after your code changes (path filters).
  • PR title fails Conventional Commits validation.
  • Changelog gate blocks merge or you want to apply no-changelog label.
  • Secret scanner flags test files or real secrets.
  • Conflict markers appear in a PR and block checks.

Best practices

  • Start by locating the failing job name and the YAML file under .github/workflows.
  • Verify path filters to ensure the workflow should run for your changed files before debugging job logic.
  • Follow Conventional Commits for PR titles or adjust the title to meet validation rules.
  • Update CHANGELOG.md for meaningful changes or add the no-changelog label when appropriate.
  • Replace secret-looking test values with clearly fake placeholders to avoid TruffleHog false positives.
  • Remove merge conflict markers (<<<<<<<, =======, >>>>>>>) before pushing changes.

Example use cases

  • A UI change didn't trigger the expected UI test workflow — inspect path filters and workflow triggers.
  • A PR is blocked by changelog validation — either update CHANGELOG.md or apply the no-changelog label per project policy.
  • TruffleHog flags a test file — replace the value with an obviously fake test key and push a fix.
  • Conventional commit check failed — edit the PR title to match the convention and re-run checks.
  • Conflict-check workflow failed — search the diff for conflict markers and remove them.

FAQ

OpenAI-like keys (sk-...), AWS access key patterns (AKIA...), GitHub tokens (ghp_/gho_) and base64 blobs often trigger flags.

Can I ignore a TruffleHog finding?

Prefer fixing test values to clearly fake strings. Only use ignore mechanisms for rare, vetted false positives and rotate any real credentials immediately.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
prowler-ci skill by prowler-cloud/prowler | VeilStrat