chore: add AI code review with Claude Code Action and AWS Bedrock

leonardomendix · leonardomendix · commit 405e603e75ad · 2026-05-04T15:58:46.000+02:00
diff --git a/.github/workflows/ClaudeReview.yml b/.github/workflows/ClaudeReview.yml
@@ -0,0 +1,107 @@
+name: Claude Code Review
+
+on:
+    pull_request:
+        types: [opened, synchronize, ready_for_review]
+    issue_comment:
+        types: [created]
+    pull_request_review_comment:
+        types: [created]
+
+concurrency:
+    group: claude-review-${{ github.event.pull_request.number || github.event.issue.number }}
+    cancel-in-progress: true
+
+jobs:
+    auto-review:
+        name: AI Code Review
+        if: |
+            github.event_name == 'pull_request' &&
+            github.event.pull_request.head.repo.full_name == 'mendix/web-widgets' &&
+            github.event.pull_request.user.login != 'uicontent' &&
+            github.event.pull_request.draft == false
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            pull-requests: write
+            issues: write
+            id-token: write
+            actions: read
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  fetch-depth: 1
+
+            - name: Configure AWS Credentials (OIDC)
+              uses: aws-actions/configure-aws-credentials@3bb878b6ab43ba8717918141cd07a0ea68cfe7ea
+              with:
+                  role-to-assume: ${{ secrets.AWS_BEDROCK_ROLE_ARN }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Run Claude Code Review
+              uses: anthropics/claude-code-action@fefa07e9c665b7320f08c3b525980457f22f58aa # v1
+              with:
+                  use_bedrock: "true"
+                  show_full_output: "true"
+                  github_token: ${{ secrets.GITHUB_TOKEN }}
+                  prompt: |
+                      You are reviewing PR #${{ github.event.pull_request.number }} in the mendix/web-widgets monorepo.
+
+                      IMPORTANT: Read `.github/copilot-instructions.md` for the complete review guidelines. Follow those instructions precisely.
+
+                      Focus your review on:
+                      1. Mendix pluggable widget conventions (XML/TSX alignment, data API usage, canExecute checks)
+                      2. React hooks correctness (dependencies, stale closures, async effect guards)
+                      3. MobX store patterns (makeObservable, action boundaries, React integration via useSubscribe)
+                      4. Versioning: if runtime/XML/behavior changes exist, require semver bump + CHANGELOG.md entry
+                      5. Test coverage for new features and bug fixes
+                      6. SCSS/styling following Atlas UI conventions (no inline styles, no overriding core Atlas classes)
+
+                      Review scope:
+                      - Focus ONLY on changed files (the diff)
+                      - Ignore dist/, lockfile changes, and generated files
+                      - For Renovate/dependency-only PRs, check for breaking changes only
+
+                      Output format:
+                      - Use inline comments for specific code issues with actionable suggestions
+                      - Include short code snippets when suggesting fixes
+                      - Be specific and reference files/lines
+                      - Post a brief summary comment with overall assessment
+                  claude_args: |
+                      --model eu.anthropic.claude-sonnet-4-6
+                      --dangerously-skip-permissions
+
+    interactive:
+        name: Claude Interactive
+        if: |
+            (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude') && github.event.issue.pull_request) ||
+            (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            pull-requests: write
+            issues: write
+            id-token: write
+            actions: read
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  fetch-depth: 1
+
+            - name: Configure AWS Credentials (OIDC)
+              uses: aws-actions/configure-aws-credentials@3bb878b6ab43ba8717918141cd07a0ea68cfe7ea
+              with:
+                  role-to-assume: ${{ secrets.AWS_BEDROCK_ROLE_ARN }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Run Claude Code
+              uses: anthropics/claude-code-action@fefa07e9c665b7320f08c3b525980457f22f58aa # v1
+              with:
+                  use_bedrock: "true"
+                  github_token: ${{ secrets.GITHUB_TOKEN }}
+                  trigger_phrase: "@claude"
+                  claude_args: |
+                      --model eu.anthropic.claude-sonnet-4-6
+                      --dangerously-skip-permissions
