Skip to content

Add Claude Code GitHub Workflow #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ANcpLua merged 2 commits into from
May 18, 2026
Merged

Add Claude Code GitHub Workflow #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4890f68
"Claude PR Assistant workflow"
ANcpLua May 18, 2026
2305ae9
"Claude Code Review workflow"
ANcpLua May 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions .github/workflows/claude-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Claude Code Review

on:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"

jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Grant pull-request write permission for code-review output

This workflow runs Claude’s code-review plugin, which posts findings back to the PR, but the job grants only pull-requests: read. With read-only PR scope, the action cannot reliably create or update review output on the pull request, so reviews can run without publishing actionable feedback. Change this permission to pull-requests: write for the review job.

Useful? React with 👍 / 👎.

issues: read
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Skip fork-origin PR events when OAuth secret is required

This job is triggered by pull_request and unconditionally passes secrets.CLAUDE_CODE_OAUTH_TOKEN, but GitHub does not expose repository secrets to workflows triggered from fork-origin PR events. In that scenario (including many external contributor and Dependabot PRs), the token is empty and the Claude step fails instead of producing a review. Add a fork guard (or a safe split workflow) so fork PRs do not hard-fail.

Useful? React with 👍 / 👎.

plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
plugins: 'code-review@claude-code-plugins'
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options

50 changes: 50 additions & 0 deletions .github/workflows/claude.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Claude Code

on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]

jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
Comment on lines +16 to +19
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Exclude claude[bot] comments from retriggering the workflow

The trigger condition matches any new comment containing @claude but does not exclude github.actor == 'claude[bot]'. Claude’s own status or error comments can include that text and then re-trigger the same job, creating duplicate or cascading runs and unnecessary spend until someone intervenes. Add an actor guard in the job-level if condition to ignore bot-authored events.

Useful? React with 👍 / 👎.

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
Comment on lines +22 to +24
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Grant write scopes required for @claude responses

The @claude workflow is configured with read-only contents, pull-requests, and issues permissions, but this action’s default behavior is to respond by creating/updating GitHub comments and potentially pushing branch updates. In this state, valid @claude requests can fail with permission errors instead of replying. Set the job permissions to write for these scopes.

Useful? React with 👍 / 👎.

id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Guard @claude workflow against forked PR event contexts

This workflow listens to PR-related comment/review events and always relies on secrets.CLAUDE_CODE_OAUTH_TOKEN. For fork-origin PR contexts, those events are delivered to the base repo but repository secrets are withheld, so @claude invocations on such PRs will fail at runtime with no usable auth token. Add conditions to skip fork-origin PR contexts or route them through a trusted pattern.

Useful? React with 👍 / 👎.


# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
actions: read

# Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
# prompt: 'Update the pull request description to include a summary of changes.'

# Optional: Add claude_args to customize behavior and configuration
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# claude_args: '--allowed-tools Bash(gh pr *)'

Loading