Run any Skill in Manus with one click

prowler-ci

Helps with Prowler repository CI and PR gates (GitHub Actions workflows). Trigger: When investigating CI checks failing on a PR, PR title validation, changelog gate/no-changelog label, conflict marker checks, secret scanning, CODEOWNERS/labeler automation, or anything under .github/workflows.

Run Skill in Manus

Stars14,009

Forks2,189

UpdatedJanuary 16, 2026 at 12:37

Source

prowler-cloud

prowler-cloud/prowler

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Software DevelopersComputer and Mathematical Occupations·SOC 15-1252

SKILL.md

readonly

name	prowler-ci
description	Helps with Prowler repository CI and PR gates (GitHub Actions workflows). Trigger: When investigating CI checks failing on a PR, PR title validation, changelog gate/no-changelog label, conflict marker checks, secret scanning, CODEOWNERS/labeler automation, or anything under .github/workflows.
license	Apache-2.0
metadata	{"author":"prowler-cloud","version":"1.0","scope":["root"],"auto_invoke":["Inspect PR CI checks and gates (.github/workflows/*)","Debug why a GitHub Actions job is failing","Understand changelog gate and no-changelog label behavior","Understand PR title conventional-commit validation","Understand CODEOWNERS/labeler-based automation"]}
allowed-tools	Read, Edit, Write, Glob, Grep, Bash

What this skill covers

Use this skill whenever you are:

Reading or changing GitHub Actions workflows under .github/workflows/
Explaining why a PR fails checks (title, changelog, conflict markers, secret scanning)
Figuring out which workflows run for UI/API/SDK changes and why
Diagnosing path-filtering behavior (why a workflow did/didn't run)

Quick map (where to look)

PR template: .github/pull_request_template.md
PR title validation: .github/workflows/conventional-commit.yml
Changelog gate: .github/workflows/pr-check-changelog.yml
Conflict markers check: .github/workflows/pr-conflict-checker.yml
Secret scanning: .github/workflows/find-secrets.yml
Auto labels: .github/workflows/labeler.yml and .github/labeler.yml
Review ownership: .github/CODEOWNERS

Debug checklist (PR failing checks)

Identify which workflow/job is failing (name + file under .github/workflows/).
Check path filters: is the workflow supposed to run for your changed files?
If it's a title check: verify PR title matches Conventional Commits.
If it's changelog: verify the right CHANGELOG.md is updated OR apply no-changelog label.
If it's conflict checker: remove <<<<<<<, =======, >>>>>>> markers.
If it's secrets (TruffleHog): see section below.

TruffleHog Secret Scanning

TruffleHog scans for leaked secrets. Common false positives in test files:

Patterns that trigger TruffleHog:

sk-*T3BlbkFJ* - OpenAI API keys
AKIA[A-Z0-9]{16} - AWS Access Keys
ghp_* / gho_* - GitHub tokens
Base64-encoded strings that look like credentials

Fix for test files:

# BAD - looks like real OpenAI key
api_key = "sk-test1234567890T3BlbkFJtest1234567890"

# GOOD - obviously fake
api_key = "sk-fake-test-key-for-unit-testing-only"

If TruffleHog flags a real secret:

Remove the secret from the code immediately
Rotate the credential (it's now in git history)
Consider using .trufflehog-ignore for known false positives (rarely needed)

Notes

Keep prowler-pr focused on creating PRs and filling the template.
Use prowler-ci for CI policies and gates that apply to PRs.

More from this repository

same repository

prowler-tour

prowler-cloud/prowler

Keeps product-tour definitions aligned with the UI features they describe. Trigger: When modifying UI components that have associated tours, editing tour definition files, or renaming data-tour-id attributes.

2026-06-1514.0k

django-drf

prowler-cloud/prowler

Django REST Framework patterns. Trigger: When implementing generic DRF APIs (ViewSets, serializers, routers, permissions, filtersets). For Prowler API specifics (RLS/RBAC/Providers), also use prowler-api.

2026-05-2714.0k

django-migration-psql

prowler-cloud/prowler

Reviews Django migration files for PostgreSQL best practices specific to Prowler. Trigger: When creating migrations, running makemigrations/pgmakemigrations, reviewing migration PRs, adding indexes or constraints to database tables, modifying existing migration files, or writing data backfill migrations. Always use this skill when you see AddIndex, CreateModel, AddConstraint, RunPython, bulk_create, bulk_update, or backfill operations in migration files.

2026-05-2714.0k

gh-aw

prowler-cloud/prowler

Create and maintain GitHub Agentic Workflows (gh-aw) for Prowler. Trigger: When creating agentic workflows, modifying gh-aw frontmatter, configuring safe-outputs, setting up MCP servers in workflows, importing Copilot Custom Agents, or debugging gh-aw compilation.

2026-05-2714.0k

jsonapi

prowler-cloud/prowler

Strict JSON:API v1.1 specification compliance. Trigger: When creating or modifying API endpoints, reviewing API responses, or validating JSON:API compliance.

2026-05-2714.0k

nextjs-16

prowler-cloud/prowler

Next.js 16 App Router patterns. Trigger: When working in Next.js App Router (app/), Server Components vs Client Components, Server Actions, Route Handlers, proxy.ts, caching/revalidation, Cache Components, and streaming/Suspense.

2026-05-2714.0k

name	prowler-ci
description	Helps with Prowler repository CI and PR gates (GitHub Actions workflows). Trigger: When investigating CI checks failing on a PR, PR title validation, changelog gate/no-changelog label, conflict marker checks, secret scanning, CODEOWNERS/labeler automation, or anything under .github/workflows.
license	Apache-2.0
metadata	{"author":"prowler-cloud","version":"1.0","scope":["root"],"auto_invoke":["Inspect PR CI checks and gates (.github/workflows/*)","Debug why a GitHub Actions job is failing","Understand changelog gate and no-changelog label behavior","Understand PR title conventional-commit validation","Understand CODEOWNERS/labeler-based automation"]}
allowed-tools	Read, Edit, Write, Glob, Grep, Bash

What this skill covers

Use this skill whenever you are:

Reading or changing GitHub Actions workflows under .github/workflows/
Explaining why a PR fails checks (title, changelog, conflict markers, secret scanning)
Figuring out which workflows run for UI/API/SDK changes and why
Diagnosing path-filtering behavior (why a workflow did/didn't run)

Quick map (where to look)

PR template: .github/pull_request_template.md
PR title validation: .github/workflows/conventional-commit.yml
Changelog gate: .github/workflows/pr-check-changelog.yml
Conflict markers check: .github/workflows/pr-conflict-checker.yml
Secret scanning: .github/workflows/find-secrets.yml
Auto labels: .github/workflows/labeler.yml and .github/labeler.yml
Review ownership: .github/CODEOWNERS

Debug checklist (PR failing checks)

Identify which workflow/job is failing (name + file under .github/workflows/).
Check path filters: is the workflow supposed to run for your changed files?
If it's a title check: verify PR title matches Conventional Commits.
If it's changelog: verify the right CHANGELOG.md is updated OR apply no-changelog label.
If it's conflict checker: remove <<<<<<<, =======, >>>>>>> markers.
If it's secrets (TruffleHog): see section below.

TruffleHog Secret Scanning

TruffleHog scans for leaked secrets. Common false positives in test files:

Patterns that trigger TruffleHog:

sk-*T3BlbkFJ* - OpenAI API keys
AKIA[A-Z0-9]{16} - AWS Access Keys
ghp_* / gho_* - GitHub tokens
Base64-encoded strings that look like credentials

Fix for test files:

# BAD - looks like real OpenAI key
api_key = "sk-test1234567890T3BlbkFJtest1234567890"

# GOOD - obviously fake
api_key = "sk-fake-test-key-for-unit-testing-only"

If TruffleHog flags a real secret:

Remove the secret from the code immediately
Rotate the credential (it's now in git history)
Consider using .trufflehog-ignore for known false positives (rarely needed)

Notes

Keep prowler-pr focused on creating PRs and filling the template.
Use prowler-ci for CI policies and gates that apply to PRs.