From a35bf4fa6ef112b6d5165b82e5853c9404634cff Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Mon, 21 Jul 2025 12:41:26 +0300 Subject: [PATCH] feat: add Claude Code GitHub Workflow (#36) * Claude PR Assistant workflow * fix(security): check for write access in claude workflow Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Signed-off-by: Ismo Vuorinen * fix(ci): tweaks to claude config, permissions Signed-off-by: Ismo Vuorinen * chore(ci): enable concurrency, fix whitespace, ignore kics error Signed-off-by: Ismo Vuorinen --------- Signed-off-by: Ismo Vuorinen Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/claude.yml | 87 ++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 .github/workflows/claude.yml diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml new file mode 100644 index 0000000..4425280 --- /dev/null +++ b/.github/workflows/claude.yml @@ -0,0 +1,87 @@ +name: Claude Code + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request_review: + types: [submitted] + +permissions: read-all + +jobs: + claude: + if: | + ( + (github.event_name == 'issue_comment' + && contains(github.event.comment.body, '@claude') + && contains('OWNER,MEMBER,COLLABORATOR', github.event.comment.author_association) + ) || + (github.event_name == 'pull_request_review_comment' + && contains(github.event.comment.body, '@claude') + && contains('OWNER,MEMBER,COLLABORATOR', github.event.comment.author_association) + ) || + (github.event_name == 'pull_request_review' + && contains(github.event.review.body, '@claude') + && contains('OWNER,MEMBER,COLLABORATOR', github.event.review.author_association) + ) || + (github.event_name == 'issues' + && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) + && contains('OWNER,MEMBER,COLLABORATOR', github.event.issue.author_association) + ) + ) + runs-on: ubuntu-latest + concurrency: + group: claude-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }} + cancel-in-progress: true + permissions: + contents: read + pull-requests: read + issues: read + id-token: write + actions: read # Required for Claude to read CI results on PRs + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code + id: claude + # kics-scan ignore-line + uses: anthropics/claude-code-action@beta + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + + # This is an optional setting that allows Claude to read CI results on PRs + # (Already has the permission for the current scope) + # additional_permissions: | + # actions: read + + # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4) + # model: "claude-opus-4-20250514" + + # Optional: Customize the trigger phrase (default: @claude) + # trigger_phrase: "/claude" + + # Optional: Trigger when specific user is assigned to an issue + # assignee_trigger: "claude-bot" + + # Optional: Allow Claude to run specific commands + # allowed_tools: "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)" + + # Optional: Add custom instructions for Claude to customize its behavior for your project + custom_instructions: | + Follow our coding standards and best practices + Ensure all new code has tests + Follow linting rules religiously + Use linting tools described in the project to check code you are about to commit + All linting errors should be considered blocking + Don't try to be smart, the code you write should be simple and understandable + + # Optional: Custom environment variables for Claude + # claude_env: | + # NODE_ENV: test