Skip to content

Add Claude Code GitHub Workflow#1

Merged
johnlindquist merged 2 commits into
mainfrom
add-claude-github-actions-1763746745391
Nov 21, 2025
Merged

Add Claude Code GitHub Workflow#1
johnlindquist merged 2 commits into
mainfrom
add-claude-github-actions-1763746745391

Conversation

@johnlindquist

@johnlindquist johnlindquist commented Nov 21, 2025

Copy link
Copy Markdown
Owner

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

  • Bug fixes and improvements
  • Documentation updates
  • Implementing new features
  • Code reviews and suggestions
  • Writing tests
  • And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

  • This workflow won't take effect until this PR is merged
  • @claude mentions won't work until after the merge is complete
  • The workflow runs automatically whenever Claude is mentioned in PR or issue comments
  • Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

  • Our Anthropic API key is securely stored as a GitHub Actions secret
  • Only users with write access to the repository can trigger the workflow
  • All Claude runs are stored in the GitHub Actions run history
  • Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
  • We can add more allowed tools by adding them to the workflow file like:
allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

Release Notes

  • New Features
    • Automated code reviews powered by Claude AI now available on pull requests, providing feedback on code quality, potential bugs, performance, security, and test coverage.
    • Interactive code review support via comments on pull requests and issues—mention @claude to trigger analysis.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai

coderabbitai Bot commented Nov 21, 2025

Copy link
Copy Markdown

Caution

Review failed

The pull request is closed.

Walkthrough

Two new GitHub Actions workflows are introduced: one automatically runs Claude-based code reviews on pull requests, while the other enables on-demand reviews triggered by "@claude" mentions in comments and reviews. Both workflows invoke the Anthropic Claude code action with OAuth authentication.

Changes

Cohort / File(s) Summary
Automated PR Code Review
\.github/workflows/claude-code-review\.yml
New workflow triggered on PR open/sync events that runs Claude code review with structured prompts requesting feedback on code quality, bugs, performance, security, and test coverage; uses gh CLI to comment results on PRs
On-Demand Claude Code Review
\.github/workflows/claude\.yml
New workflow triggered by "@claude" mentions in issue comments, PR reviews, and issues; conditionally runs Claude code action with optional custom prompts and enhanced permissions

Sequence Diagram(s)

sequenceDiagram
    participant GitHub as GitHub Events
    participant Actions as GitHub Actions
    participant Claude as Claude Code Action
    participant PR as PR/Issue

    rect rgb(200, 220, 240)
    Note over GitHub,PR: Automated Review Workflow
    GitHub->>Actions: PR opened/synchronized
    Actions->>Actions: Checkout repository
    Actions->>Claude: Invoke with PR context
    Claude->>Claude: Analyze code
    Claude->>PR: Comment review results via gh CLI
    end

    rect rgb(240, 220, 200)
    Note over GitHub,PR: On-Demand Review Workflow
    GitHub->>Actions: Comment/review with "@claude"
    Actions->>Actions: Check for `@claude` mention
    alt Mention detected
        Actions->>Claude: Invoke with optional custom prompt
        Claude->>PR: Comment results
    else No mention
        Actions->>Actions: Skip
    end
    end
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Security considerations: Review OAuth token handling and permission scopes (id-token write, contents/PRs/issues read/write)
  • Workflow trigger conditions: Verify correctness of conditional logic for "@claude" mentions in .github/workflows/claude.yml
  • Permission matrix: Confirm least-privilege access across both workflows aligns with intended functionality

Poem

🐰 Two workflows hop into place,
Claude reviews code at GitHub's pace,
Auto-checks and "@claude" calls—
Smart feedback adorns your PR walls! ✨

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch add-claude-github-actions-1763746745391

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d20a341 and f8f0c76.

📒 Files selected for processing (2)
  • .github/workflows/claude-code-review.yml (1 hunks)
  • .github/workflows/claude.yml (1 hunks)

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

  • Provide your own instructions using the high_level_summary_instructions setting.
  • Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
  • Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

  1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
  2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
  3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
  4. 📊 Contributor Summary — Include a Markdown table showing contributions:
    | Contributor | Lines Added | Lines Removed | Files Changed |
  5. ✔️ Additional Notes — Add any extra reviewer context.
    Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@johnlindquist johnlindquist merged commit b658642 into main Nov 21, 2025
1 of 2 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +37 to +38
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge pull_request workflow loses required secret on forks

This workflow consumes secrets.CLAUDE_CODE_OAUTH_TOKEN to run the review action, but it is triggered via pull_request; GitHub never passes repository secrets to workflows started from forked PRs, so external contributions will see missing-token errors and the review job will fail. If you want Claude reviews on forked PRs, switch the trigger to pull_request_target or gate execution to trusted authors.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant