v0.2.83 release stuck: macOS notarization 403 (expired Apple agreement) blocks attach + undraft #5959
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | |
| on: | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| issues: | |
| types: [opened, assigned] | |
| pull_request_review: | |
| types: [submitted] | |
| jobs: | |
| claude: | |
| if: | | |
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | |
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: write # Allows pushing commits, rebasing, creating branches | |
| pull-requests: write # Allows updating PRs, requesting reviews, merging | |
| issues: write # Allows commenting on issues, updating labels | |
| id-token: write # Required for GitHub App authentication | |
| actions: read # Required for Claude to read CI results on PRs | |
| checks: read # Allows reading check run status | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 0 # Full history needed for git operations like rebase | |
| token: ${{ secrets.GITHUB_TOKEN }} # Use workflow token for git operations | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # This is an optional setting that allows Claude to read CI results on PRs | |
| additional_permissions: | | |
| actions: read | |
| # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. | |
| # prompt: 'Update the pull request description to include a summary of changes.' | |
| # Optional: Add claude_args to customize behavior and configuration | |
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | |
| # or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options | |
| # | |
| # Examples: | |
| # Use Opus for complex tasks: | |
| # claude_args: '--model claude-opus-4-1-20250805' | |
| # | |
| # Allow specific git/gh operations: | |
| # claude_args: '--allowed-tools Bash(git rebase:*) Bash(git push:*) Bash(gh pr:*)' | |
| # | |
| # Note: With the permissions above, Claude can now: | |
| # - Rebase branches (git rebase) | |
| # - Push commits (git push, git push --force-with-lease) | |
| # - Update PRs (gh pr edit, gh pr review, gh pr merge) | |
| # - Comment on issues and PRs (gh issue comment, gh pr comment) |