diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 25de2f9..fbf1a5d 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -17,18 +17,26 @@ jobs: id-token: write steps: - - name: Checkout repository - uses: actions/checkout@v6 - with: - fetch-depth: 1 + - name: Check if review workflow was modified + id: check + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + if gh -R ${{ github.repository }} pr diff ${{ github.event.pull_request.number }} --name-only | grep -q '^\.github/workflows/claude-code-review\.yml$'; then + echo "skip=true" >> "$GITHUB_OUTPUT" + echo "::notice::Skipping Claude review — workflow file was modified (OAuth validation will fail)" + else + echo "skip=false" >> "$GITHUB_OUTPUT" + fi - - name: Minimize previous Claude review comments + - name: Minimize previous review comments + if: steps.check.outputs.skip != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh pr view ${{ github.event.pull_request.number }} \ + gh -R ${{ github.repository }} pr view ${{ github.event.pull_request.number }} \ --json comments \ - --jq '.comments[] | select(.author.login == "claude") | .id' \ + --jq '.comments[] | select(.author.login == "claude" or .author.login == "github-actions") | .id' \ | while read -r node_id; do gh api graphql -f query=' mutation { @@ -38,7 +46,28 @@ jobs: }' done + - name: Post skip comment + if: steps.check.outputs.skip == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh -R ${{ github.repository }} pr comment ${{ github.event.pull_request.number }} \ + --body "## Code review + + ⏭️ **Skipped** — This PR modifies \`claude-code-review.yml\`. + + The Claude Code Action OAuth flow validates that the workflow file matches the default branch exactly. PRs that modify this file will always fail the OAuth validation until merged. + + Manual review or alternative review tools should be used for this change." + + - name: Checkout repository + if: steps.check.outputs.skip != 'true' + uses: actions/checkout@v6 + with: + fetch-depth: 1 + - name: Run Claude Code Review + if: steps.check.outputs.skip != 'true' uses: anthropics/claude-code-action@v1 with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 946ed87..71fda73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add `require_tool()` guard in `checks.py` for `go`, `gh` — gives clear errors when tools are missing locally - Add Claude Code automatic PR review and `@claude` mention workflows - Add Copilot review instructions (`.github/copilot-instructions.md`) with project coding standards +- Add early skip check to Claude Code review workflow when `claude-code-review.yml` is modified to avoid OAuth validation failures ([`999d988`]) ### Tests @@ -544,6 +545,7 @@ Initial release. [`a62908f`]: https://github.com/sensiblebit/certkit/commit/a62908f [`55b5c1e`]: https://github.com/sensiblebit/certkit/commit/55b5c1e [`8cf81d9`]: https://github.com/sensiblebit/certkit/commit/8cf81d9 +[`999d988`]: https://github.com/sensiblebit/certkit/commit/999d988 [#24]: https://github.com/sensiblebit/certkit/pull/24 [#25]: https://github.com/sensiblebit/certkit/pull/25 [#26]: https://github.com/sensiblebit/certkit/pull/26