From 2f61d0ef9df3b9699bbc10bd12cb80a6d7cd1178 Mon Sep 17 00:00:00 2001 From: Anna Williamson Date: Wed, 29 Apr 2026 14:09:22 -0700 Subject: [PATCH 1/2] Switch to reusable Claude auto-review workflow from ptd-workspace Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/claude-auto-review.yml | 55 ++---------------------- 1 file changed, 4 insertions(+), 51 deletions(-) diff --git a/.github/workflows/claude-auto-review.yml b/.github/workflows/claude-auto-review.yml index ed7b7896..986e6f6d 100644 --- a/.github/workflows/claude-auto-review.yml +++ b/.github/workflows/claude-auto-review.yml @@ -2,56 +2,9 @@ name: Claude Auto Review on: pull_request: - types: [opened] - -env: - PTD_AWS_ACCOUNT: ${{ secrets.PTD_AWS_ACCOUNT }} + types: [opened, reopened, synchronize, ready_for_review] jobs: - auto-review: - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: read - id-token: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::${{ env.PTD_AWS_ACCOUNT }}:role/claude-code - role-session-name: gha-claude-code-action - aws-region: us-east-2 - - - name: Automatic PR Review - uses: anthropics/claude-code-action@beta - if: github.event.pull_request.user.login != 'posit-team-dedicated[bot]' - with: - allowed_tools: "mcp__github__create_pull_request,mcp__github__create_issue,mcp__github__search_issues,mcp__github__update_issue,mcp__github__create_pending_pull_request_review,mcp__github__add_pull_request_review_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff" - use_bedrock: true - model: "us.anthropic.claude-opus-4-6-v1" - fallback_model: "us.anthropic.claude-3-7-sonnet-20250219-v1:0" - timeout_minutes: "60" - direct_prompt: | - Please review this PR following the guidelines in `.claude/review-guidelines.md`. Use the GitHub review system: - - 1. **Start a review**: Use `mcp__github__create_pending_pull_request_review` to begin a pending review - 2. **Get diff information**: Use `mcp__github__get_pull_request_diff` to understand the code changes and line numbers - 3. **Add inline comments**: Use `mcp__github__add_pull_request_review_comment_to_pending_review` for each specific piece of feedback on particular lines - 4. **Submit the review**: Use `mcp__github__submit_pending_pull_request_review` with event type "COMMENT" (not "REQUEST_CHANGES") to publish all comments as a non-blocking review - - Review priorities from guidelines: - - **Simplicity**: Code should be explicit, not clever. Functions do one thing. Names reveal intent. - - **Maintainability**: Follow existing patterns. New code should look like it belongs. - - **Security (elevated scrutiny)**: Extra attention for file system, network, credentials, RBAC, and IAM changes. - - Use the area-specific checklists from the guidelines for API changes, Controller changes, Helm chart, and Flightdeck. - - Provide constructive feedback with specific suggestions for improvement. - Don't be overly complimentary; focus on actionable insights and keep your comments concise. - Use inline comments to highlight specific areas of concern. - - IMPORTANT: Do NOT post any additional comments after submitting the review. The GitHub review itself is sufficient and any additional summary comments will be redundant. + review: + uses: posit-dev/ptd-workspace/.github/workflows/claude-auto-review.yml@main + secrets: inherit From fff58c7682168e28e5e87f10674ce99cae82177a Mon Sep 17 00:00:00 2001 From: Anna Williamson Date: Mon, 4 May 2026 15:04:33 -0700 Subject: [PATCH 2/2] ci: inline claude auto review workflow posit-dev/team-operator is public so it cannot call reusable workflows from internal/private repos. Inline the full workflow directly. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/claude-auto-review.yml | 53 ++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/.github/workflows/claude-auto-review.yml b/.github/workflows/claude-auto-review.yml index 986e6f6d..de6e4a8d 100644 --- a/.github/workflows/claude-auto-review.yml +++ b/.github/workflows/claude-auto-review.yml @@ -3,8 +3,55 @@ name: Claude Auto Review on: pull_request: types: [opened, reopened, synchronize, ready_for_review] + workflow_dispatch: + inputs: + pr_number: + description: PR number to review + required: true + type: string + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} + cancel-in-progress: true jobs: - review: - uses: posit-dev/ptd-workspace/.github/workflows/claude-auto-review.yml@main - secrets: inherit + auto-review: + runs-on: ubuntu-latest + if: ${{ !github.event.pull_request.draft }} + timeout-minutes: 30 + permissions: + contents: read + pull-requests: read + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Automatic PR Review + uses: anthropics/claude-code-action@v1.0.110 + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + claude_args: --allowedTools "mcp__github__create_pending_pull_request_review,mcp__github__add_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_review_comments,mcp__github__get_pull_request,mcp__github_inline_comment__create_inline_comment" + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }} + + Please review this PR following the guidelines in `.claude/review-guidelines.md` if it exists. Use the GitHub review system: + + 1. **Start a review**: Use `mcp__github__create_pending_pull_request_review` to begin a pending review + 2. **Get diff information**: Use `mcp__github__get_pull_request_diff` to understand the code changes and line numbers + 3. **Add inline comments**: Use `mcp__github_inline_comment__create_inline_comment` for specific line feedback, or `mcp__github__add_comment_to_pending_review` for general comments + 4. **Submit the review**: Use `mcp__github__submit_pending_pull_request_review` with: + - "APPROVE" in almost all cases — leave inline comments for suggestions, style, and non-critical issues alongside the approval + - "REQUEST_CHANGES" only for critical/blocking issues: security vulnerabilities, data loss risk, or broken functionality + + Review priorities: + - **Security (elevated scrutiny)**: Extra attention for file system, network, credentials, RBAC, and IAM changes. + - **Correctness**: Logic errors, broken functionality, or data loss risk. + - **Simplicity**: Flag overly clever code or unclear intent, but as a suggestion not a blocker. + + Default to APPROVE. Use inline comments freely for suggestions and observations. + Do not withhold approval because of style, minor improvements, or personal preference. + Keep comments concise and actionable.