Add Claude Code GitHub Workflow

[brendan-kellam]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• Chores
  • Enabled automated code review workflows on pull requests
  • Added Claude AI integration for code discussion and review workflows triggered by mentions

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Walkthrough

This PR adds two new GitHub Actions workflows to the repository. The first workflow executes Claude Code Review on pull requests when they are opened, synchronized, or reopened. The second workflow triggers Claude code review based on mentions of @claude in issue and pull request comments, running conditionally when such mentions are detected.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/claude-code-review.yml, .github/workflows/claude.yml	Added two new CI/CD workflows for Claude-powered code review. The first runs automatically on PR events (opened, synchronize, ready_for_review, reopened) with configurable API key and plugins. The second triggers on issue and PR comment events when @claude is mentioned, with conditional job execution and configurable prompt/arguments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Add Claude Code GitHub Workflow' accurately reflects the main changes: two new GitHub Actions workflows (.github/workflows/claude.yml and .github/workflows/claude-code-review.yml) that enable Claude Code integration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-claude-github-actions-1769816294123

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/claude-code-review.yml:
- Around line 39-41: Change the YAML values for plugin_marketplaces and plugins
from single-line strings to multiline (pipe) literals so they are interpreted as
newline-separated lists: update the plugin_marketplaces and plugins entries (the
keys named plugin_marketplaces and plugins shown in the diff) to use the |
multiline syntax and place each marketplace or plugin on its own indented line;
leave the prompt entry unchanged.

🧹 Nitpick comments (2)

.github/workflows/claude.yml (2)

21-26: Permissions may be insufficient for Claude to respond to mentions.

The PR description states Claude's default allowed tools include "creating comments, branches, and commits." However, the workflow only has read permissions for pull-requests and issues. For Claude to post responses:

• pull-requests: write is needed to comment on PRs
• issues: write is needed to comment on issues
• contents: write is needed to create branches/commits

Consider updating permissions if Claude should respond interactively:

Proposed permission updates

     permissions:
-      contents: read
-      pull-requests: read
-      issues: read
+      contents: write
+      pull-requests: write
+      issues: write
       id-token: write
       actions: read # Required for Claude to read CI results on PRs

---

39-41: Clarify if additional_permissions is redundant with job-level permissions.

The actions: read permission is already declared at the job level (line 26). The additional_permissions block appears to duplicate this. If additional_permissions serves a different purpose (e.g., the action uses it to request specific token scopes), consider adding a comment to clarify. Otherwise, this may be unnecessary.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's find and read the workflow file
fd -name "claude-code-review.yml" -type f

Repository: sourcebot-dev/sourcebot

Length of output: 297

---

🏁 Script executed:

#!/bin/bash
# Read the workflow file to see the full context
cat -n .github/workflows/claude-code-review.yml

Repository: sourcebot-dev/sourcebot

Length of output: 1795

---

🏁 Script executed:

#!/bin/bash
# Search for action.yml files that might define the action schema
fd -name "action.yml" -o -name "action.yaml" | head -20

Repository: sourcebot-dev/sourcebot

Length of output: 297

---

🏁 Script executed:

#!/bin/bash
# Search for references to anthropics/claude-code-action in the repo
rg -n "anthropics/claude-code-action" --type yaml

Repository: sourcebot-dev/sourcebot

Length of output: 49

---

🏁 Script executed:

#!/bin/bash
# Look for any documentation about the action in README or docs
fd -name "README*" -o -name "*.md" | xargs rg -l "claude-code-action" 2>/dev/null

Repository: sourcebot-dev/sourcebot

Length of output: 299

---

🌐 Web query:

anthropics/claude-code-action GitHub action plugin configuration parameters

💡 Result:

anthropics/claude-code-action@v1 exposes a small set of workflow with: inputs (configuration parameters):

• prompt — instructions for Claude (text or slash command); optional depending on trigger context (e.g., PR/issue comments). [1]
• claude_args — passthrough for Claude Code CLI flags (e.g., --max-turns, --model, --mcp-config, --allowed-tools, --debug). [1]
• anthropic_api_key — Anthropic API key (required for direct Anthropic API usage; not required if using Bedrock/Vertex). [1]
• github_token — GitHub token used for API access (optional). [1]
• trigger_phrase — custom trigger phrase (defaults to @claude). [1]
• use_bedrock — use AWS Bedrock instead of Anthropic API (optional). [1]
• use_vertex — use Google Vertex AI instead of Anthropic API (optional). [1]

Notes on v1 migration / renamed inputs:

• v1 unified prompts into prompt and moved most tuning/options (e.g., model selection, max turns, tool allow/deny lists) into claude_args. [2]

Sources: [1] [2]

---

🌐 Web query:

anthropics claude-code-action v1 plugin_marketplaces plugins input parameters

💡 Result:

For anthropics/claude-code-action@v1, the plugin-related workflow with: inputs are:

• plugin_marketplaces: Newline-separated list of Claude Code plugin marketplace Git URLs (typically https://.../*.git). Marketplaces are added before plugins are installed. [1][2]
• plugins: Newline-separated list of Claude Code plugin specifiers to install, e.g. code-review@claude-code-plugins. Plugins are installed before Claude Code runs. [1][2]

Example (as documented):

- uses: anthropics/claude-code-action@v1
  with:
    plugin_marketplaces: |
      https://github.com/user/marketplace1.git
      https://github.com/user/marketplace2.git
    plugins: |
      code-review@claude-code-plugins
      feature-dev@claude-code-plugins

GitHub Actions run output also confirms plugins and plugin_marketplaces are valid inputs for the action. [3]

Sources: [1][2][3]

---

🌐 Web query:

site:github.com anthropics claude-code-action action.yml inputs

💡 Result:

For anthropics/claude-code-action (v1 / GA), the documented action inputs are: prompt, claude_args, anthropic_api_key, and github_token. [1]

If you’re instead looking at the mirrored “base action” (anthropics/claude-code-base-action), it exposes a broader/older-style input surface, including prompt, prompt_file, allowed_tools, disallowed_tools, max_turns, mcp_config, settings, system_prompt, append_system_prompt, claude_env, and model. [2]

---

Use multiline syntax for plugin configuration parameters.

The plugin_marketplaces and plugins parameters should be formatted as newline-separated lists using the | multiline syntax, as documented in the action. Update lines 39–40 to:

plugin_marketplaces: |
  https://github.com/anthropics/claude-code.git
plugins: |
  code-review@claude-code-plugins

🤖 Prompt for AI Agents

In @.github/workflows/claude-code-review.yml around lines 39 - 41, Change the
YAML values for plugin_marketplaces and plugins from single-line strings to
multiline (pipe) literals so they are interpreted as newline-separated lists:
update the plugin_marketplaces and plugins entries (the keys named
plugin_marketplaces and plugins shown in the diff) to use the | multiline syntax
and place each marketplace or plugin on its own indented line; leave the prompt
entry unchanged.