Add Claude Code GitHub Workflow

[nelsonlove]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[qodo-code-review]

Review Summary by Qodo

Add Claude Code GitHub Actions workflows for AI-assisted reviews

✨ Enhancement

Walkthroughs

Description

• Adds two GitHub Actions workflows for Claude Code integration
• Enables automated code reviews on pull request events
• Allows Claude AI assistance via @claude mentions in comments
• Configures secure OAuth token authentication with GitHub

Diagram

flowchart LR
  A["GitHub Events"] -->|PR opened/updated| B["claude-code-review.yml"]
  A -->|@claude mention| C["claude.yml"]
  B -->|Runs| D["Claude Code Review"]
  C -->|Runs| E["Claude Code Assistant"]
  D -->|Creates| F["Review Comments"]
  E -->|Creates| F

Loading

File Changes

1. .github/workflows/claude-code-review.yml ✨ Enhancement +44/-0

Automated Claude code review workflow

• New workflow triggered on pull request events (opened, synchronize, ready_for_review, reopened)
• Integrates Claude Code action for automated code reviews
• Uses OAuth token authentication via GitHub secrets
• Includes optional filters for file paths and PR authors

.github/workflows/claude-code-review.yml

---

2. .github/workflows/claude.yml ✨ Enhancement +50/-0

Claude Code assistant workflow for mentions

• New workflow triggered by @claude mentions in comments, issues, and reviews
• Supports issue comments, pull request review comments, and issue/PR events
• Integrates Claude Code action with OAuth token authentication
• Includes optional custom prompts and tool configuration
• Grants actions read permission for CI result access

.github/workflows/claude.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📎 Requirement gaps (0) 📐 Spec deviations (0)

1. Untrusted trigger runs with secret 🐞 Bug ⛨ Security

Description

The claude job runs for any issue/comment/review that contains @claude without verifying the
actor is trusted. Because it passes secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party action, any
user able to create an issue/comment can trigger secret-backed executions.

Code

.github/workflows/claude.yml[R15-38]

+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+

Evidence

The job-level if only checks contains(..., '@claude') (no author/role gating) and the workflow
provides CLAUDE_CODE_OAUTH_TOKEN to anthropics/claude-code-action, meaning the run is both
externally triggerable and secret-backed.

.github/workflows/claude.yml[3-19]
.github/workflows/claude.yml[33-38]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow runs on `@claude` mentions from multiple public-facing events but does not restrict execution to trusted actors, while still passing a repository secret into a third-party action.

## Issue Context
This is a classic “untrusted trigger + secrets” GitHub Actions pattern. The workflow should hard-gate execution based on the event author’s trust level (e.g., `author_association`), or via an explicit allowlist.

## Fix Focus Areas
- .github/workflows/claude.yml[14-38]

### Concrete changes to implement
- Extend the job `if:` to require a trusted `author_association` for each supported event payload, e.g. allow only `OWNER`, `MEMBER`, `COLLABORATOR`.
 - For `issue_comment` / `pull_request_review_comment`: use `github.event.comment.author_association`.
 - For `pull_request_review`: use `github.event.review.author_association`.
 - For `issues`: use `github.event.issue.author_association`.
- Optionally add an explicit allowlist of `github.actor` for maximum control.
- Keep the `@claude` contains-check, but AND it with the trust check so untrusted mentions do not execute the job.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Fork PRs lack required secret 🐞 Bug ⛯ Reliability

Description

The PR review workflow triggers on pull_request but requires secrets.CLAUDE_CODE_OAUTH_TOKEN;
for fork-based PRs, GitHub will not provide repository secrets to this event. This will cause the
workflow to fail (or be non-functional) on fork PRs unless forks are explicitly skipped or a safer
alternative trigger strategy is used.

Code

.github/workflows/claude-code-review.yml[R34-41]

+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'

Evidence

The workflow is configured for on: pull_request and passes a repository secret into the action;
these two facts together imply fork PR runs won’t have the secret available.

.github/workflows/claude-code-review.yml[3-6]
.github/workflows/claude-code-review.yml[34-41]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow is wired to `pull_request` events and depends on a repository secret. Fork PRs won’t have access to that secret, so the job will fail or won’t be able to authenticate.

## Issue Context
You need to choose an explicit posture:
- **Skip fork PRs** (secure default), or
- Support fork PRs using a carefully hardened approach.

## Fix Focus Areas
- .github/workflows/claude-code-review.yml[3-41]

### Concrete changes to implement
- If you **do not** intend to run on forks: add a job-level `if:` such as `github.event.pull_request.head.repo.full_name == github.repository` (or `!github.event.pull_request.head.repo.fork`).
- If you **do** intend to run on forks:
 - Consider `pull_request_target` *with strict hardening* (do not execute untrusted PR code with secrets), and explicitly control what is checked out / what inputs are used.
 - Keep permissions minimal and avoid running arbitrary scripts from the PR.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Actions/plugins not pinned 🐞 Bug ⛨ Security

Description

Workflows reference third-party actions and plugin sources using mutable tags/refs (e.g., @v1,
marketplace URL + plugin ref) which can change without review. This increases supply-chain risk
because future runs may execute different code than what was audited in this PR.

Code

.github/workflows/claude-code-review.yml[R36-41]

+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'

Evidence

Both workflows use anthropics/claude-code-action@v1 (mutable tag) and the review workflow
additionally pulls plugins from an external marketplace reference; neither is pinned to an immutable
commit SHA.

.github/workflows/claude-code-review.yml[36-41]
.github/workflows/claude.yml[28-36]
Best Practice: GitHub Actions Security Hardening

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Third-party actions and plugin sources are referenced via mutable versions (tags/refs). If those tags move or are compromised, the workflow may execute attacker-controlled code.

## Issue Context
GitHub recommends pinning actions to a commit SHA to reduce supply-chain risk.

## Fix Focus Areas
- .github/workflows/claude.yml[28-37]
- .github/workflows/claude-code-review.yml[29-41]

### Concrete changes to implement
- Replace `uses: actions/checkout@v4` with `uses: actions/checkout@<FULL_COMMIT_SHA>`.
- Replace `uses: anthropics/claude-code-action@v1` with `uses: anthropics/claude-code-action@<FULL_COMMIT_SHA>`.
- If the Claude plugin mechanism supports pinning:
 - Pin the marketplace/repo reference to an immutable commit/tag, and/or
 - Pin the plugin version/ref to a specific immutable release/commit rather than a moving ref.
- Document the update process (how/when SHAs are bumped) to keep maintenance straightforward.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[qodo-code-review]

1. Untrusted trigger runs with secret 🐞 Bug ⛨ Security

The claude job runs for any issue/comment/review that contains @claude without verifying the
actor is trusted. Because it passes secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party action, any
user able to create an issue/comment can trigger secret-backed executions.

Agent Prompt

## Issue description
The workflow runs on `@claude` mentions from multiple public-facing events but does not restrict execution to trusted actors, while still passing a repository secret into a third-party action.

## Issue Context
This is a classic “untrusted trigger + secrets” GitHub Actions pattern. The workflow should hard-gate execution based on the event author’s trust level (e.g., `author_association`), or via an explicit allowlist.

## Fix Focus Areas
- .github/workflows/claude.yml[14-38]

### Concrete changes to implement
- Extend the job `if:` to require a trusted `author_association` for each supported event payload, e.g. allow only `OWNER`, `MEMBER`, `COLLABORATOR`.
  - For `issue_comment` / `pull_request_review_comment`: use `github.event.comment.author_association`.
  - For `pull_request_review`: use `github.event.review.author_association`.
  - For `issues`: use `github.event.issue.author_association`.
- Optionally add an explicit allowlist of `github.actor` for maximum control.
- Keep the `@claude` contains-check, but AND it with the trust check so untrusted mentions do not execute the job.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools