Skip to content

Add Claude Code GitHub Workflow #515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PrzemyslawKlys merged 2 commits into from
Dec 14, 2025
Merged

Add Claude Code GitHub Workflow #515

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fe02fa9
"Claude PR Assistant workflow"
PrzemyslawKlys Dec 14, 2025
025e71f
"Claude Code Review workflow"
PrzemyslawKlys Dec 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions .github/workflows/claude-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Claude Code Review

on:
pull_request:
types: [opened, synchronize]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"

jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
Comment on lines +14 to +19
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow will run automatically on every PR opened or updated, which could consume API quota quickly and add costs. Consider uncommenting and configuring the filters on lines 16-19 to limit when automatic reviews run (e.g., only for first-time contributors or specific authors), or add path filters on lines 6-11 to only review specific file types.

Copilot uses AI. Check for mistakes.

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow should include 'pull-requests: write' permission to allow Claude to comment on the PR with its review. Currently it only has 'read' permission which would prevent Claude from posting review comments.

Suggested change
pull-requests: read
pull-requests: write

Copilot uses AI. Check for mistakes.
issues: read
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fetch-depth is set to 1 which only fetches the latest commit. For a code review workflow that needs to analyze PR diffs and changes, consider setting fetch-depth to 0 or at least 2 to ensure Claude has access to the base branch and PR changes for meaningful comparison.

Suggested change
fetch-depth: 1
fetch-depth: 0

Copilot uses AI. Check for mistakes.

- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Please review this pull request and provide feedback on:
- Code quality and best practices
- Potential bugs or issues
- Performance considerations
- Security concerns
- Test coverage
Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The prompt references "the repository's CLAUDE.md" for guidance on style and conventions, but this file does not exist in the repository. Either create this file or update the prompt to reference existing documentation like readme.md.

Suggested change
Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Use the repository's readme.md for guidance on style and conventions. Be constructive and helpful in your feedback.

Copilot uses AI. Check for mistakes.
Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
Comment on lines +34 to +56
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow requires GITHUB_TOKEN to be passed to the gh CLI for commands like 'gh pr comment' to work. The claude_args specify Bash tools using gh commands, but there's no environment variable or configuration passing GITHUB_TOKEN to the Claude action. Add 'GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}' to the environment configuration for the action step.

Copilot uses AI. Check for mistakes.

50 changes: 50 additions & 0 deletions .github/workflows/claude.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Claude Code

on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]

jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
Comment on lines +16 to +19
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow lacks a permission check to restrict execution to users with write access. The PR description states "Only users with write access to the repository can trigger the workflow" but there's no condition in the workflow to enforce this. Consider adding a condition to check github.event.comment.author_association or github.actor permissions to prevent unauthorized users from triggering Claude actions.

Suggested change
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
(
github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '@claude') &&
(github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'COLLABORATOR')
) ||
(
github.event_name == 'pull_request_review_comment' &&
contains(github.event.comment.body, '@claude') &&
(github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'COLLABORATOR')
) ||
(
github.event_name == 'pull_request_review' &&
contains(github.event.review.body, '@claude') &&
(github.event.review.user.author_association == 'OWNER' ||
github.event.review.user.author_association == 'MEMBER' ||
github.event.review.user.author_association == 'COLLABORATOR')
) ||
(
github.event_name == 'issues' &&
(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
(github.event.issue.user.author_association == 'OWNER' ||
github.event.issue.user.author_association == 'MEMBER' ||
github.event.issue.user.author_association == 'COLLABORATOR')
)

Copilot uses AI. Check for mistakes.
runs-on: ubuntu-latest
permissions:
contents: read
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow has read-only permissions for contents but the PR description states that Claude can create branches and commits. To enable Claude to make changes to the repository (create branches, commits), the 'contents' permission should be set to 'write' instead of 'read'.

Suggested change
contents: read
contents: write

Copilot uses AI. Check for mistakes.
pull-requests: read
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow should include 'pull-requests: write' permission to allow Claude to comment on pull requests. Currently it only has 'read' permission which would prevent Claude from creating comments or interacting with PRs as intended.

Suggested change
pull-requests: read
pull-requests: write

Copilot uses AI. Check for mistakes.
issues: read
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow needs 'issues: write' permission to allow Claude to comment on issues. Currently it only has 'read' permission which would prevent Claude from creating comments on issues as intended.

Suggested change
issues: read
issues: write

Copilot uses AI. Check for mistakes.
id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
Copy link

Copilot AI Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description mentions that "Our Anthropic API key is securely stored" but the workflow uses 'claude_code_oauth_token' not an API key. This is a minor terminology inconsistency - the description should refer to "OAuth token" rather than "API key" to match the actual secret name being used.

Suggested change
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} # Our Anthropic OAuth token is securely stored

Copilot uses AI. Check for mistakes.

# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
actions: read
# Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
# prompt: 'Update the pull request description to include a summary of changes.'

# Optional: Add claude_args to customize behavior and configuration
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# claude_args: '--allowed-tools Bash(gh pr:*)'

Loading