Add Claude Code GitHub Workflow

[Jamie-BitFlight]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• Chores
  • Updated workflow configuration files with minor formatting adjustments. No impact on user-facing functionality.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Two GitHub workflow files receive non-functional whitespace updates. A blank line is inserted after a comment in the Claude Code Review workflow, and another blank line is added after an example argument in the "Run Claude" workflow step.

Changes

Cohort / File(s)	Change Summary
GitHub Workflow Formatting \.github/workflows/claude-code-review\.yml, \.github/workflows/claude\.yml	Added blank lines in workflow step comments and configuration examples; no functional impact

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A space here, a line there,
Blank canvas in the workflow air,
No logic changed, just breathing room,
Whitespace blooms in GitHub's gloom!
✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds/adjusts GitHub Actions workflows for Claude Code integration and automated Claude-based PR code reviews.

Changes:

• Updates .github/workflows/claude.yml (mention-driven Claude workflow).
• Updates .github/workflows/claude-code-review.yml (PR-event-driven Claude code review workflow).
• Both diffs appear to be whitespace-only (trailing newline) adjustments.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
.github/workflows/claude.yml	Claude Code workflow triggered by @claude mentions in issues/PR comments/reviews.
.github/workflows/claude-code-review.yml	Claude Code Review workflow triggered automatically on PR events.

Comments suppressed due to low confidence (3)

.github/workflows/claude-code-review.yml:45

• This job uses secrets.CLAUDE_CODE_OAUTH_TOKEN, but the workflow runs on the pull_request event. For PRs from forks, GitHub does not pass repository secrets, so this will systematically fail (or be skipped) for external contributors. Consider restricting execution to same-repo PRs (e.g., if: github.event.pull_request.head.repo.full_name == github.repository) or switching to a safe pull_request_target design if you truly need it to run on forked PRs.

        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
          plugins: 'code-review@claude-code-plugins'
          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
          # or https://code.claude.com/docs/en/cli-reference for available options

.github/workflows/claude.yml:51

• The workflow can be triggered by any commenter who includes @claude (e.g., on issue_comment), but it runs with secrets.CLAUDE_CODE_OAUTH_TOKEN. There’s no check on author_association/repo permissions, so an external user could potentially trigger runs that consume the secret. Add an explicit gate in the job if: to allow only trusted actors (e.g., OWNER|MEMBER|COLLABORATOR, or users with write access) for each event type before invoking the action.

          # claude_args: '--allowed-tools Bash(gh pr:*)'

.github/workflows/claude-code-review.yml:45

• PR description says Claude runs when someone mentions @claude, but this workflow triggers on PR lifecycle events (pull_request opened/synchronize/etc.) and will run even without any mention. Either update the workflow to be mention-driven (similar to claude.yml), or update the PR description to reflect that it auto-runs on every PR.

          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
          # or https://code.claude.com/docs/en/cli-reference for available options

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.