Add claude-review-toolkit composite action#62
Conversation
|
All contributors have signed the CLA ✍️ ✅ |
|
I have read the CLA Document and I hereby sign the CLA |
Julesssss
left a comment
Julesssss
left a comment
There was a problem hiding this comment.
Thanks for this refactor!
| readonly BODY_ARG="${2:-}" | ||
| readonly LINE_ARG="${3:-}" | ||
|
|
||
| [[ -z "${PR_NUMBER:-}" ]] && die "Environment variable PR_NUMBER is required" |
There was a problem hiding this comment.
So we know that PR will always exist and we're only running this action against PRs, but as a small improvement could we make createInlineComment.sh take PR_NUMBER as param $1, to match the other scripts. It might help us flag a problem sooner if for example the PR param in /App gets changed to PR_NUMBER_APP.
We already have to update the 3 repos calling this but we're doing that anyway.
Julesssss
left a comment
Julesssss
left a comment
There was a problem hiding this comment.
Looking good! I think we can get this open for review. One other thing to improve would be a readme in this action dir or somewhere else explaining what the missingQueryTimings and enforce_allowed_rules options do and why we need them
|
@codex review |
|
To use Codex here, create a Codex account and connect to github. |
|
@Julesssss Thanks for the feedback - I addressed that ✅ As a second thought we could drop I will add this feature preemptively implement that and based on your decision we can either ship it as-is or simply remove commits. Let me know what you think, thanks! |
I thought that might be on purpose due to App repo being open source. Lets not worry about doing alignment for now. So I see thew Web-E PR ready but I assume we need to merge this PR first? Can this come out of draft now? |
Ah I see, that's also fine with me 👍 |
|
Ah I can't merge because one of the initial comms was somehow unverified 😢 could you fix that please Kacper, opening a fresh PR might be the simplest solution. 
|
Introduces a shared composite action that consolidates the duplicated Claude PR review scaffolding currently maintained in three client repos (Expensify/App, Expensify/Auth, Expensify/Web-Expensify). The action ships: - addPrReaction.sh / removePrReaction.sh - strict-validation reaction helpers (PR_NUMBER must be numeric, REACTION must be one of the eight GitHub-supported values). - createInlineComment.sh - posts an inline PR comment; when ALLOWED_RULES_FILE is set and non-empty, enforces a per-comment rule-ID gate against the allowlist; otherwise skips validation. - extractAllowedRules.sh - walks a rules directory and writes a sorted, deduplicated allowlist of rule IDs. - schemas/code-review-output.json - canonical violations-only schema for the code-inline-reviewer agent output. The action prepends scripts/ to GITHUB_PATH, exposes schema_path and a compacted schema_json output for direct consumption by anthropics/claude-code-action, and (when enforce_allowed_rules=true) extracts the caller's rule allowlist and exports ALLOWED_RULES_FILE for downstream steps.
createInlineComment.sh now matches addPrReaction.sh/removePrReaction.sh by accepting PR_NUMBER as $1 instead of reading it from env. Surfaces mismatches at the caller (e.g. a renamed PR_NUMBER_APP env var) instead of silently failing later. Adds README.md documenting the action's inputs, outputs, and the four scripts on PATH. Clarifies that schema extensions (Auth's missingQueryTimings) live in the caller's workflow, not in the toolkit.
The opt-in toggle was leftover from migration. All three consumer repos (App, Auth, Web-Expensify) already ship a .claude/skills/coding-standards/rules/ directory with valid ruleId frontmatter, and their reviewer agents already mandate one Rule ID per inline comment. Making the gate universal removes configuration drift and matches the toolkit's stated purpose of shipping the strictest version of each script. - action.yml: drop inputs.enforce_allowed_rules; always run the extract step - createInlineComment.sh: require ALLOWED_RULES_FILE; remove the skip branch - README: align with the new always-on behavior Caller workflows that previously passed enforce_allowed_rules: 'true' can drop that with: block; callers that did not opt in inherit the gate.
kacper-mikolajczak
force-pushed
the
add-claude-review-toolkit-action
branch
from
6ad2355 to
1f41026
Compare
|
@Julesssss Re-signed the commits to fix the unverified-commit blocker - PR should be mergeable now. Kept the Ready to merge whenever you are - this should unblock PRs on Web-E, App and Auth waiting on the SHA stamp. |
|
CC @rlinoz too, so might push it forward before Jules' timezone hits working hours ❤️ |
|
ah nice, thank you! |
3 participants
Details
Introduces a shared composite action
claude-review-toolkitthat consolidates Claude PR review scaffolding currently duplicated across three client repos (Expensify/App, Expensify/Auth, Expensify/Web-Expensify).Ships:
addPrReaction.sh/removePrReaction.sh- strict-validation reaction helpers (PR_NUMBER must be numeric; REACTION must be one of+1, -1, laugh, confused, heart, hooray, rocket, eyes)createInlineComment.sh- posts an inline PR comment; whenALLOWED_RULES_FILEis set and non-empty, enforces a per-comment rule-ID gate; otherwise skips validationextractAllowedRules.sh- walks a rules directory and writes a deduplicated allowlistschemas/code-review-output.json- canonical violations-only schema for the reviewer agent outputInputs:
enforce_allowed_rules(defaultfalse) - whentrue, runs the extractor against the caller's.claude/skills/coding-standards/rules/and exportsALLOWED_RULES_FILEfor downstream stepsOutputs:
schema_path,schema_jsonfor direct consumption byanthropics/claude-code-action --json-schemaSide effects: prepends
scripts/toGITHUB_PATH.This is slice 1 of a three-slice plan. Future slices will share the workflow shape (cross-repo reusable workflow) and base reviewer prompts.
Related Issues
https://github.com/Expensify/Expensify/issues/635397
Manual Tests
Tested by consumer-side draft PRs against this branch's SHA:
Consumer PRs reference this action by placeholder SHA and will be retargeted to the merged-main SHA before going green.
Linked PRs
Listed under Manual Tests above.
cc @Julesssss