---
name: Claude Code

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  issues:
    types: [opened, assigned]
  pull_request_review:
    types: [submitted]

permissions: read-all

jobs:
  claude:
    if: |
      (
        (github.event_name == 'issue_comment'
          && contains(github.event.comment.body, '@claude')
          && contains('OWNER,MEMBER,COLLABORATOR', github.event.comment.author_association)
        ) ||
        (github.event_name == 'pull_request_review_comment'
          && contains(github.event.comment.body, '@claude')
          && contains('OWNER,MEMBER,COLLABORATOR', github.event.comment.author_association)
        ) ||
        (github.event_name == 'pull_request_review'
          && contains(github.event.review.body, '@claude')
          && contains('OWNER,MEMBER,COLLABORATOR', github.event.review.author_association)
        ) ||
        (github.event_name == 'issues'
          && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))
          && contains('OWNER,MEMBER,COLLABORATOR', github.event.issue.author_association)
        )
      )
    runs-on: ubuntu-latest
    concurrency:
      group: claude-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }}
      cancel-in-progress: true
    permissions:
      contents: read
      pull-requests: read
      issues: read
      id-token: write
      actions: read # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          fetch-depth: 1

      - name: Run Claude Code
        id: claude
        # kics-scan ignore-line
        uses: anthropics/claude-code-action@beta
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

          # This is an optional setting that allows Claude to read CI results on PRs
          # (Already has the permission for the current scope)
          # additional_permissions: |
          #  actions: read

          # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4)
          # model: "claude-opus-4-20250514"

          # Optional: Customize the trigger phrase (default: @claude)
          # trigger_phrase: "/claude"

          # Optional: Trigger when specific user is assigned to an issue
          # assignee_trigger: "claude-bot"

          # Optional: Allow Claude to run specific commands
          # allowed_tools: "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)"

          # Optional: Add custom instructions for Claude to customize its behavior for your project
          custom_instructions: |
            Follow our coding standards and best practices
            Ensure all new code has tests
            Follow linting rules religiously
            Use linting tools described in the project to check code you are about to commit
            All linting errors should be considered blocking
            Don't try to be smart, the code you write should be simple and understandable

          # Optional: Custom environment variables for Claude
          # claude_env: |
          #   NODE_ENV: test