nats.c/.github/workflows/claude.yml at main · nats-io/nats.c · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: Claude Code

# GITHUB_TOKEN needs contents:read and actions:read — required by
# claude-code-action for restoring trusted config files from the base branch.
# All other GitHub API access uses the App token.
permissions:
  contents: read
  actions: read

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  pull_request_target:
    types: [opened, reopened]

jobs:
  claude:
    name: Claude Review
    uses: synadia-io/ai-workflows/.github/workflows/claude.yml@v2
    if: contains(
      fromJson('["OWNER","MEMBER","COLLABORATOR"]'),
      github.event.comment.author_association || github.event.pull_request.author_association
      )
    with:
      gh_app_id: ${{ vars.CLAUDE_GH_APP_ID }}
      checkout_mode: 'base'
      review_focus: |
        Additionally focus on:
        - Memory safety (buffer overflows, use-after-free, double-free, null dereferences)
        - Resource leaks (malloc/free pairing, file descriptors, mutex lifecycle)
        - Thread safety and correct locking patterns
        - Cross-platform compatibility (Windows, macOS, Linux)
    secrets:
      claude_oauth_token: ${{ secrets.CLAUDE_OAUTH_TOKEN }}
      gh_app_private_key: ${{ secrets.CLAUDE_GH_APP_PRIVATE_KEY }}