Refine export exclusion patterns #940
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude PR Code Review | |
| on: | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| jobs: | |
| code-review: | |
| # Only run if @claude is mentioned, and it's on a PR (not a regular issue) | |
| if: | | |
| ( | |
| github.event.pull_request != null || | |
| github.event.issue.pull_request != null | |
| ) && | |
| contains(github.event.comment.body, '@claude') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 1 | |
| - name: Comprehensive PR Review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| track_progress: true | |
| allowed_bots: 'dependabot[bot]' | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} | |
| Perform a comprehensive code review for WordPress Studio, focusing on: | |
| 1. **Cross-Platform Compatibility (macOS & Windows)** | |
| - Path separators: Use `path.join()` or `path.resolve()` instead of hardcoded `/` or `\` | |
| - File system differences: Case sensitivity, path length limits, reserved filenames | |
| - Platform-specific APIs: Check `process.platform` usage and platform guards | |
| - Environment variables: HOME vs USERPROFILE, temp directories | |
| - Line endings: Ensure .gitattributes handles CRLF/LF correctly | |
| - Electron platform code: Verify macOS and Windows-specific implementations work correctly | |
| - Testing: Flag code that needs testing on both platforms | |
| 2. **Code Quality** | |
| - Clean code principles and TypeScript best practices | |
| - Proper error handling and edge cases | |
| - Code readability and maintainability | |
| - Following patterns in docs/ai-instructions.md | |
| 3. **Security (OWASP Top 10)** | |
| - SQL injection, XSS, authentication/authorization flaws | |
| - Sensitive data exposure, hardcoded secrets | |
| - Input validation and sanitization | |
| - Electron-specific: Node integration disabled, context isolation, IPC validation, CSP | |
| - External content handling security | |
| 4. **Performance** | |
| - Identify potential bottlenecks | |
| - Database query efficiency | |
| - Memory leaks or resource issues | |
| - Bundle size impact for Electron app | |
| 5. **Testing** | |
| - Adequate test coverage (Jest unit tests) | |
| - Test quality and edge cases | |
| - Missing test scenarios | |
| - E2E test considerations (Playwright) | |
| 6. **Documentation** | |
| - Code properly documented | |
| - docs/ai-instructions.md updates for new features or architectural changes | |
| - API documentation accuracy | |
| - README updates if needed | |
| Provide detailed feedback using inline comments for specific issues. | |
| Use top-level comments for general observations or praise. | |
| Be thorough but constructive in your feedback. | |
| claude_args: | | |
| --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" |