-
Notifications
You must be signed in to change notification settings - Fork 7
Add Claude Code GitHub Workflow #52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -2,7 +2,7 @@ name: Claude Code Review | |||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| on: | ||||||||||||||||||||||||
| pull_request: | ||||||||||||||||||||||||
| types: [opened, synchronize] | ||||||||||||||||||||||||
| types: [opened, synchronize, ready_for_review, reopened] | ||||||||||||||||||||||||
| # Optional: Only run on specific file changes | ||||||||||||||||||||||||
| # paths: | ||||||||||||||||||||||||
| # - "src/**/*.ts" | ||||||||||||||||||||||||
|
|
@@ -36,22 +36,9 @@ jobs: | |||||||||||||||||||||||
| uses: anthropics/claude-code-action@v1 | ||||||||||||||||||||||||
| with: | ||||||||||||||||||||||||
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||||||||||||||||||||||||
| prompt: | | ||||||||||||||||||||||||
| REPO: ${{ github.repository }} | ||||||||||||||||||||||||
| PR NUMBER: ${{ github.event.pull_request.number }} | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| Please review this pull request and provide feedback on: | ||||||||||||||||||||||||
| - Code quality and best practices | ||||||||||||||||||||||||
| - Potential bugs or issues | ||||||||||||||||||||||||
| - Performance considerations | ||||||||||||||||||||||||
| - Security concerns | ||||||||||||||||||||||||
| - Test coverage | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback. | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' | ||||||||||||||||||||||||
| plugins: 'code-review@claude-code-plugins' | ||||||||||||||||||||||||
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' | ||||||||||||||||||||||||
|
||||||||||||||||||||||||
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' | |
| prompt: | | |
| You are performing an in-depth code review for this repository. | |
| Focus on: code quality, correctness/bugs, performance, security (including validation, authentication/authorization, secrets handling, injection risks, and access control), and test coverage. | |
| Follow any repository-specific conventions and guidelines described in CLAUDE.md at the root of this repository, if present. | |
| Then run the following command to analyze the pull request: | |
| /code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }} |
Copilot
AI
Feb 15, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The removal of the claude_args with specific allowed-tools restrictions removes an important security control. The previous configuration explicitly limited Claude to specific gh commands for read-only operations (view, search, list, diff) and only allowed commenting on PRs. The new configuration does not specify any tool restrictions, potentially allowing a broader set of operations. This could have security implications. Consider whether the plugin approach includes equivalent restrictions or if explicit allowed_tools should still be specified.
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' | |
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' | |
| claude_args: > | |
| --allowed_tools '["gh pr view","gh pr list","gh pr diff","gh pr status","gh pr comment"]' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR description states "This PR adds a GitHub Actions workflow that enables Claude Code integration" and mentions that "@claude mentions won't work until after the merge is complete." However, the changes show that Claude workflows already exist in the repository (claude.yml and claude-code-review.yml). This PR appears to be updating existing workflows rather than adding new ones. The description should be updated to accurately reflect that this is an update/refactoring of existing Claude Code workflows, not an initial installation.