Skip to content

build: fix claude-code-action OIDC error in pr-review workflow#2808

Open
RabbiIslamRony wants to merge 8 commits intosovware:developmentfrom
RabbiIslamRony:fix/pr-review-github-token
Open

build: fix claude-code-action OIDC error in pr-review workflow#2808
RabbiIslamRony wants to merge 8 commits intosovware:developmentfrom
RabbiIslamRony:fix/pr-review-github-token

Conversation

@RabbiIslamRony
Copy link
Copy Markdown
Member

@RabbiIslamRony RabbiIslamRony commented Apr 9, 2026

PR Type

  • Bugfix
  • Security fix
  • Improvement
  • New Feature
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • Text changes
  • Other... Please describe:

Summary

Fixes the Claude Code PR review workflow by passing GITHUB_TOKEN explicitly instead of relying on OIDC authentication. Also improves trigger configuration and removes unnecessary checkout step.

What Changed

Function Changes

  • Add github_token: ${{ secrets.GITHUB_TOKEN }} to bypass OIDC authentication
  • Change contents permission from read to write
  • Add pull_request_review_comment trigger for inline @claude mentions
  • Add condition for pull_request_review_comment event in job if block
  • Remove actions/checkout@v4 step (action handles checkout internally)

UX Changes

  • PR review workflow will run without OIDC token errors
  • Team can invoke @claude in inline review comments, not just issue comments

UI Changes

  • No UI changes.

Files Changed

Config / CI

  • .github/workflows/pr-review.yml — Fix authentication, add trigger, remove redundant checkout

How to Test

  1. Merge this PR to trunk
  2. Ensure ANTHROPIC_API_KEY_PR_REVIEW secret exists in repo Settings → Secrets → Actions
  3. Open a test PR against trunk with a small code change
  4. Verify the Claude Code Review workflow triggers and completes without errors
  5. Try commenting @claude on a PR review comment to test inline trigger

Any linked issues

Fixes #

Checklist

Additional Context

The workflow was previously failing because claude-code-action@v1 defaults to OIDC authentication for GitHub tokens. Passing GITHUB_TOKEN explicitly is simpler and requires no GitHub App installation.

RabbiIslamRony and others added 8 commits April 9, 2026 14:41
@RabbiIslamRony
fix: remove branches filter from pr-review workflow trigger
38df084
@RabbiIslamRony
Merge branch 'test-development' into fix/pr-review-trigger-v2
000f67e
@RabbiIslamRony
Merge pull request sovware#2805 from RabbiIslamRony/fix/pr-review-tri…
309320d 
…gger-v2

fix: remove branches filter from pr-review workflow trigger
@RabbiIslamRony
build: track openspec directory in version control
b912aa2
@RabbiIslamRony @claude
fix: upgrade claude-code-action to v1 with pull_request trigger
6a89220 
- Switch from deprecated @beta to @v1
- Use pull_request event (pull_request_target was silently not firing)
- Replace direct_prompt with prompt (v1 API)
- Remove id-token: write and github_token (not needed with API key auth)
- Skip draft PRs, add reopened/ready_for_review triggers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@RabbiIslamRony @claude
fix: use explicit github_token instead of OIDC for PR review action
c7683ba 
The claude-code-action was failing with "Could not fetch an OIDC token"
because no github_token was provided and id-token:write was missing.
Instead of adding OIDC, pass GITHUB_TOKEN explicitly which is simpler
and requires no extra setup. Also adds pull_request_review_comment
trigger and removes unnecessary checkout step.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@RabbiIslamRony
fix: restore checkout step for claude-code-action git config
bf6e168
@RabbiIslamRony
update naming
256adce
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RabbiIslamRony