Skip to content

Add Claude Code GitHub Workflow #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rajivsinclair merged 2 commits into from
Dec 5, 2025
Merged

Add Claude Code GitHub Workflow #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
abdb396
"Claude PR Assistant workflow"
rajivsinclair Dec 5, 2025
da1562e
"Claude Code Review workflow"
rajivsinclair Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions .github/workflows/claude-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Claude Code Review

on:
pull_request:
types: [opened, synchronize]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"

jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
Copy link

Copilot AI Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions are missing pull-requests: write which is required for Claude to comment on the PR using gh pr comment as specified in the prompt on line 52. Without write permissions to pull-requests, the workflow will fail when attempting to post the review comment.

Suggested change
pull-requests: read
pull-requests: write

Copilot uses AI. Check for mistakes.
issues: read
Comment on lines +22 to +25
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Allow review job to write PR comments

The review workflow config grants only read permissions on issues and pull-requests, yet the prompt at the bottom instructs Claude to post feedback via gh pr comment. The GitHub CLI relies on the job’s GITHUB_TOKEN, and with read-only scopes it returns Resource not accessible by integration, so the review step will fail to publish any comment even if the analysis succeeds. Consider granting write on issues/pull-requests (or supplying a writable token) so the workflow can deliver the review it generates.

Useful? React with 👍 / 👎.

id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
Copy link

Copilot AI Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using fetch-depth: 1 (shallow clone) may limit Claude's ability to perform thorough code reviews that require git history or comparing against previous commits. For PR reviews, consider using fetch-depth: 0 or at least fetch-depth: 2 to ensure Claude has access to the base branch and can properly review the changes in context.

Suggested change
fetch-depth: 1
fetch-depth: 0

Copilot uses AI. Check for mistakes.

- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}

Please review this pull request and provide feedback on:
- Code quality and best practices
- Potential bugs or issues
- Performance considerations
- Security concerns
- Test coverage

Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Copy link

Copilot AI Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The prompt references "the repository's CLAUDE.md" for guidance on style and conventions, but this file is not included in this PR. If this file doesn't exist in the repository, Claude will not have access to any project-specific guidance, which may lead to inconsistent review feedback.

Suggested change
Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Be constructive and helpful in your feedback. Follow general best practices for code style and conventions.

Copilot uses AI. Check for mistakes.

Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.

# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

50 changes: 50 additions & 0 deletions .github/workflows/claude.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Claude Code

on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]

jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
Comment on lines +16 to +19
Copy link

Copilot AI Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow lacks user permission validation. According to the PR description, "Only users with write access to the repository can trigger the workflow," but there's no check to enforce this. Any user who can comment on issues or PRs (including external contributors) can trigger Claude by mentioning @claude. Consider adding a check like github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'COLLABORATOR' to the conditional.

Suggested change
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
(
github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '@claude') &&
(github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'COLLABORATOR')
) ||
(
github.event_name == 'pull_request_review_comment' &&
contains(github.event.comment.body, '@claude') &&
(github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'COLLABORATOR')
) ||
(
github.event_name == 'pull_request_review' &&
contains(github.event.review.body, '@claude') &&
(github.event.review.user.author_association == 'MEMBER' ||
github.event.review.user.author_association == 'OWNER' ||
github.event.review.user.author_association == 'COLLABORATOR')
) ||
(
github.event_name == 'issues' &&
(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
(github.event.issue.user.author_association == 'MEMBER' ||
github.event.issue.user.author_association == 'OWNER' ||
github.event.issue.user.author_association == 'COLLABORATOR')
)

Copilot uses AI. Check for mistakes.
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
Comment on lines +22 to +24
Copy link

Copilot AI Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions are missing pull-requests: write, issues: write, and contents: write which are required for Claude to perform actions like creating comments, branches, and commits as mentioned in the PR description. Without write permissions, Claude will only be able to read but not interact with the repository.

Suggested change
contents: read
pull-requests: read
issues: read
contents: write
pull-requests: write
issues: write

Copilot uses AI. Check for mistakes.
Comment on lines +21 to +24
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge General Claude job cannot reply to mentions

The main Claude workflow is triggered by @claude mentions but the job permissions are limited to read-only for issues and pull-requests. Any attempt by the action to acknowledge the request (e.g., post a comment or push a change) using the workflow GITHUB_TOKEN will be rejected for lack of write scope, effectively preventing Claude from responding to the user request. Granting the necessary write permissions or configuring a writable token is needed for the integration to function.

Useful? React with 👍 / 👎.

id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
actions: read

# Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
# prompt: 'Update the pull request description to include a summary of changes.'

# Optional: Add claude_args to customize behavior and configuration
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# claude_args: '--allowed-tools Bash(gh pr:*)'

Loading