What this skill covers
Use this skill whenever you are:
- •Reading or changing GitHub Actions workflows under
.github/workflows/ - •Explaining why a PR fails checks (title, changelog, conflict markers, secret scanning)
- •Figuring out which workflows run for UI/API/SDK changes and why
- •Diagnosing path-filtering behavior (why a workflow did/didn't run)
Quick map (where to look)
- •PR template:
.github/pull_request_template.md - •PR title validation:
.github/workflows/conventional-commit.yml - •Changelog gate:
.github/workflows/pr-check-changelog.yml - •Conflict markers check:
.github/workflows/pr-conflict-checker.yml - •Secret scanning:
.github/workflows/find-secrets.yml - •Auto labels:
.github/workflows/labeler.ymland.github/labeler.yml - •Review ownership:
.github/CODEOWNERS
Debug checklist (PR failing checks)
- •Identify which workflow/job is failing (name + file under
.github/workflows/). - •Check path filters: is the workflow supposed to run for your changed files?
- •If it's a title check: verify PR title matches Conventional Commits.
- •If it's changelog: verify the right
CHANGELOG.mdis updated OR applyno-changeloglabel. - •If it's conflict checker: remove
<<<<<<<,=======,>>>>>>>markers. - •If it's secrets (TruffleHog): see section below.
TruffleHog Secret Scanning
TruffleHog scans for leaked secrets. Common false positives in test files:
Patterns that trigger TruffleHog:
- •
sk-*T3BlbkFJ*- OpenAI API keys - •
AKIA[A-Z0-9]{16}- AWS Access Keys - •
ghp_*/gho_*- GitHub tokens - •Base64-encoded strings that look like credentials
Fix for test files:
python
# BAD - looks like real OpenAI key api_key = "sk-test1234567890T3BlbkFJtest1234567890" # GOOD - obviously fake api_key = "sk-fake-test-key-for-unit-testing-only"
If TruffleHog flags a real secret:
- •Remove the secret from the code immediately
- •Rotate the credential (it's now in git history)
- •Consider using
.trufflehog-ignorefor known false positives (rarely needed)
Notes
- •Keep
prowler-prfocused on creating PRs and filling the template. - •Use
prowler-cifor CI policies and gates that apply to PRs.