Rebase branch staging-e7dd656c9-rebase with staging-e7dd656c9-head (e7dd656) #214
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Facebook, Inc. and its affiliates. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| # Claude Assistant for PRs | |
| # | |
| # This workflow enables Claude-powered interactions on pull requests from forks. | |
| # Since secrets are not available to workflows triggered by fork PRs (for security), | |
| # this uses a comment-triggered approach where a maintainer must explicitly request | |
| # assistance by commenting on the PR. | |
| # | |
| # Supported Commands: | |
| # - /claude-review [additional context] : Perform a thorough code review of the PR. | |
| # Optionally provide additional context or instructions after the command. | |
| # Example: /claude-review Please focus on memory safety and thread safety. | |
| # - /claude-query <question> : Ask Claude a question about the PR or codebase | |
| # | |
| # Security Model: | |
| # - Only authorized users can trigger Claude (verified before any code access) | |
| # - Code is fetched as text only (never executed) | |
| # - Claude uses read-only tools (no Bash, no file writes) | |
| # - All operations run in the context of the base repository | |
| name: Claude Assistant | |
| on: | |
| issue_comment: | |
| types: [created] | |
| # Manual trigger for testing - can be removed after validation | |
| workflow_dispatch: | |
| inputs: | |
| pr_number: | |
| description: PR number to review | |
| required: true | |
| type: number | |
| dry_run: | |
| description: Dry run (skip posting comment) | |
| required: false | |
| type: boolean | |
| default: true | |
| model: | |
| description: Claude model to use | |
| required: false | |
| type: choice | |
| options: | |
| - claude-opus-4-6 | |
| - claude-opus-4-1-20250805 | |
| - claude-sonnet-4-20250514 | |
| - claude-4-0-sonnet-20250805 | |
| default: claude-opus-4-6 | |
| # Restrict default permissions | |
| permissions: | |
| contents: read | |
| jobs: | |
| claude-assistant: | |
| name: Claude Assistant | |
| runs-on: ubuntu-latest | |
| # Job-level permissions - only what's needed for this job | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| # Run if: | |
| # A) workflow_dispatch: Manual trigger for testing | |
| # B) issue_comment: PR comment with /claude-review or /claude-query from authorized user | |
| if: >- | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event.issue.pull_request && | |
| (contains(github.event.comment.body, '/claude-review') || contains(github.event.comment.body, '/claude-query')) && | |
| contains(fromJSON('["kgpai", "mbasmanova", "pedroerp", "yuhta", "kagamiori", "bikramSingh91", "kevinwilfong", "xiaoxmeng", "kKPulla", "juwentus1234", "penescu", "srsuryadev", "jainxrohit"]'), github.event.comment.user.login) | |
| ) | |
| steps: | |
| # Step 1: Acknowledge the request (skip for workflow_dispatch) | |
| - name: Add reaction to comment | |
| if: github.event_name == 'issue_comment' | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: 'eyes' | |
| }); | |
| # Step 2: Detect command type and extract query | |
| - name: Detect command type | |
| id: command | |
| if: github.event_name == 'issue_comment' | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| const body = context.payload.comment.body; | |
| if (body.includes('/claude-review')) { | |
| core.setOutput('type', 'review'); | |
| // Extract optional additional context after /claude-review | |
| const reviewMatch = body.match(/\/claude-review\s+([\s\S]*)/); | |
| const additionalContext = reviewMatch ? reviewMatch[1].trim() : ''; | |
| core.setOutput('query', additionalContext); | |
| } else if (body.includes('/claude-query')) { | |
| // Extract everything after /claude-query | |
| const match = body.match(/\/claude-query\s+([\s\S]*)/); | |
| const query = match ? match[1].trim() : ''; | |
| if (!query) { | |
| core.setFailed('No query provided after /claude-query. Usage: /claude-query <your question>'); | |
| return; | |
| } | |
| core.setOutput('type', 'query'); | |
| core.setOutput('query', query); | |
| } else { | |
| core.setFailed('Unknown command'); | |
| } | |
| # Step 3: Get PR information (set command type for workflow_dispatch) | |
| - name: Set command type for workflow_dispatch | |
| id: command_dispatch | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| echo "type=review" >> "$GITHUB_OUTPUT" | |
| echo "query=" >> "$GITHUB_OUTPUT" | |
| # Step 4: Get PR information | |
| - name: Get PR details | |
| id: pr_info | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| env: | |
| # Pass input via env to avoid template injection | |
| INPUT_PR_NUMBER: ${{ inputs.pr_number }} | |
| with: | |
| script: | | |
| // Get PR number from either issue_comment or workflow_dispatch input | |
| const prNumber = context.eventName === 'workflow_dispatch' | |
| ? parseInt(process.env.INPUT_PR_NUMBER, 10) | |
| : context.issue.number; | |
| const pr = await github.rest.pulls.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: prNumber | |
| }); | |
| core.setOutput('head_repo', pr.data.head.repo.clone_url); | |
| core.setOutput('head_ref', pr.data.head.ref); | |
| core.setOutput('head_sha', pr.data.head.sha); | |
| core.setOutput('base_sha', pr.data.base.sha); | |
| core.setOutput('base_ref', pr.data.base.ref); | |
| core.setOutput('pr_title', pr.data.title); | |
| core.setOutput('pr_body', pr.data.body || ''); | |
| core.setOutput('pr_author', pr.data.user.login); | |
| # Step 3: Checkout base repository (safe - this is our own code) | |
| - name: Checkout base repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ steps.pr_info.outputs.base_ref }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| # Step 4: Fetch PR branch and generate diff (read-only, no execution) | |
| - name: Generate PR diff | |
| id: generate_diff | |
| env: | |
| HEAD_REPO: ${{ steps.pr_info.outputs.head_repo }} | |
| HEAD_REF: ${{ steps.pr_info.outputs.head_ref }} | |
| HEAD_SHA: ${{ steps.pr_info.outputs.head_sha }} | |
| BASE_SHA: ${{ steps.pr_info.outputs.base_sha }} | |
| run: | | |
| # Fetch the PR branch from the fork (read-only) | |
| git remote add fork "${HEAD_REPO}" || true | |
| git fetch fork "${HEAD_REF}" --depth=100 | |
| # Generate the diff as text | |
| git diff "${BASE_SHA}...${HEAD_SHA}" > /tmp/pr.diff | |
| # Get diff stats for context | |
| DIFF_STATS=$(git diff --stat "${BASE_SHA}...${HEAD_SHA}" | tail -1) | |
| echo "diff_stats=${DIFF_STATS}" >> "$GITHUB_OUTPUT" | |
| # Check diff size (limit to ~100KB to avoid token limits) | |
| DIFF_SIZE=$(wc -c < /tmp/pr.diff) | |
| echo "diff_size=${DIFF_SIZE}" >> "$GITHUB_OUTPUT" | |
| if [ "$DIFF_SIZE" -gt 100000 ]; then | |
| echo "⚠️ Diff is large (${DIFF_SIZE} bytes). Review may be truncated." | |
| # Truncate to first 100KB | |
| head -c 100000 /tmp/pr.diff > /tmp/pr_truncated.diff | |
| mv /tmp/pr_truncated.diff /tmp/pr.diff | |
| echo "is_truncated=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "is_truncated=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| # Step 7: Create the prompt (review or query) | |
| - name: Create review prompt | |
| if: steps.command.outputs.type == 'review' || github.event_name == 'workflow_dispatch' | |
| env: | |
| PR_TITLE: ${{ steps.pr_info.outputs.pr_title }} | |
| PR_BODY: ${{ steps.pr_info.outputs.pr_body }} | |
| PR_AUTHOR: ${{ steps.pr_info.outputs.pr_author }} | |
| DIFF_STATS: ${{ steps.generate_diff.outputs.diff_stats }} | |
| IS_TRUNCATED: ${{ steps.generate_diff.outputs.is_truncated }} | |
| ADDITIONAL_CONTEXT: ${{ steps.command.outputs.query }} | |
| run: | | |
| # Create system context first (no variable expansion needed) | |
| cat > /tmp/prompt.txt << 'PROMPT_EOF' | |
| You are an expert C++ code reviewer for the Velox project. Your role is to perform | |
| a thorough, rigorous code review that catches issues before they reach production. | |
| **IMPORTANT**: First, read the CLAUDE.md file in the repository root. It contains: | |
| - Project overview and architecture | |
| - Build commands and environment setup | |
| - Code style and naming conventions | |
| - PR title format requirements | |
| - Testing guidelines | |
| - Function addition requirements | |
| Use CLAUDE.md as your primary reference for project-specific standards. | |
| Key things to know about Velox: | |
| - Uses C++20 standard | |
| - Heavy use of templates and SFINAE | |
| - Custom memory management with MemoryPool | |
| - Vectorized execution with custom Vector types | |
| - Follows Google C++ style with some modifications | |
| ## Review Approach | |
| **Think deeply and carefully about this code.** Take your time to: | |
| - Trace through the logic step by step | |
| - Consider what happens at boundary conditions (empty inputs, null values, max sizes) | |
| - Think about concurrency issues if multiple threads could access this code | |
| - Consider memory safety: ownership, lifetimes, dangling references | |
| - Look for off-by-one errors, integer overflow, and other subtle bugs | |
| - Examine error handling paths - what happens when things fail? | |
| - Consider how this code interacts with existing code in the codebase | |
| **Be thorough and strict.** This is a high-performance database engine where bugs can | |
| cause data corruption, crashes, or security vulnerabilities. It's better to flag a | |
| potential issue that turns out to be fine than to miss a real bug. | |
| **Explore edge cases exhaustively:** | |
| - What if the input is empty? Null? Maximum size? | |
| - What if allocation fails? What if an exception is thrown? | |
| - What happens on the first iteration? The last iteration? | |
| - Are there race conditions if called concurrently? | |
| - What assumptions does this code make? Are they documented and validated? | |
| Provide actionable, specific feedback. Reference exact file paths and line numbers. | |
| Be constructive and educational in your feedback. | |
| If the diff looks good after thorough analysis, say so - but only after genuinely | |
| examining edge cases and potential issues. | |
| --- | |
| PROMPT_EOF | |
| # Note: Using unquoted PROMPT_EOF to enable variable expansion | |
| cat >> /tmp/prompt.txt << PROMPT_EOF | |
| Please review the following pull request for the Velox project. | |
| ## Pull Request Information | |
| - **Title:** ${PR_TITLE} | |
| - **Author:** ${PR_AUTHOR} | |
| - **Changes:** ${DIFF_STATS} | |
| PROMPT_EOF | |
| if [ "${IS_TRUNCATED}" = "true" ]; then | |
| echo "- **Note:** This diff was truncated due to size. Focus on the visible changes." >> /tmp/prompt.txt | |
| fi | |
| # Using quoted 'PROMPT_EOF' here since this section has no variables to expand | |
| cat >> /tmp/prompt.txt << 'PROMPT_EOF' | |
| ## PR Description | |
| PROMPT_EOF | |
| # PR body may contain special characters, write it safely | |
| printf '%s\n' "${PR_BODY}" >> /tmp/prompt.txt | |
| # Add additional context/instructions if provided via /claude-review <context> | |
| if [ -n "${ADDITIONAL_CONTEXT}" ]; then | |
| cat >> /tmp/prompt.txt << 'PROMPT_EOF' | |
| ## Additional Instructions from Reviewer | |
| PROMPT_EOF | |
| printf '%s\n' "${ADDITIONAL_CONTEXT}" >> /tmp/prompt.txt | |
| fi | |
| cat >> /tmp/prompt.txt << 'PROMPT_EOF' | |
| ## Review Guidelines | |
| Velox is a C++ execution engine library for analytical data processing. This is | |
| performance-critical code that must be correct, efficient, and robust. | |
| **Analyze each of these areas thoroughly:** | |
| 1. **Correctness & Edge Cases** | |
| - Logic errors, off-by-one bugs, incorrect conditions | |
| - Null/empty input handling | |
| - Boundary conditions (first element, last element, single element, max size) | |
| - Integer overflow/underflow | |
| - Floating point edge cases (NaN, Inf, negative zero) | |
| 2. **Memory Safety** | |
| - Use-after-free, double-free, memory leaks | |
| - Dangling pointers/references | |
| - Buffer overflows/underflows | |
| - Ownership and lifetime issues | |
| - Exception safety (what happens if an exception is thrown mid-operation?) | |
| 3. **Concurrency** | |
| - Race conditions, data races | |
| - Deadlocks, lock ordering | |
| - Thread-safety of shared state | |
| 4. **Performance** | |
| - Unnecessary copies (should use move semantics?) | |
| - Inefficient algorithms (O(n²) when O(n) is possible?) | |
| - Cache-unfriendly access patterns | |
| - Excessive allocations in hot paths | |
| 5. **Error Handling** | |
| - Are all error paths handled? | |
| - Are exceptions caught appropriately? | |
| - Are error messages informative? | |
| 6. **Code Quality** | |
| - RAII, const-correctness, proper use of smart pointers | |
| - Following Velox naming conventions (PascalCase for types, camelCase for functions) | |
| - Clear, maintainable code structure | |
| 7. **Testing** | |
| - Are there sufficient tests for the new/changed code? | |
| - Are edge cases covered in tests? | |
| - Are error paths tested? | |
| ## Format Your Review As | |
| ### Summary | |
| Brief overall assessment (1-2 sentences) | |
| ### Issues Found | |
| List any problems, categorized by severity: | |
| - 🔴 **Critical**: Must fix before merge | |
| - 🟡 **Suggestion**: Should consider | |
| - 🟢 **Nitpick**: Minor style issues | |
| For each issue, include: | |
| - File and line reference | |
| - Description of the issue | |
| - Suggested fix if applicable | |
| ### Positive Observations | |
| Note any particularly good patterns or improvements. | |
| --- | |
| ## Diff to Review | |
| PROMPT_EOF | |
| cat /tmp/pr.diff >> /tmp/prompt.txt | |
| # Step 8: Create query prompt (for /claude-query) | |
| - name: Create query prompt | |
| if: steps.command.outputs.type == 'query' | |
| env: | |
| PR_TITLE: ${{ steps.pr_info.outputs.pr_title }} | |
| PR_BODY: ${{ steps.pr_info.outputs.pr_body }} | |
| PR_AUTHOR: ${{ steps.pr_info.outputs.pr_author }} | |
| DIFF_STATS: ${{ steps.generate_diff.outputs.diff_stats }} | |
| USER_QUERY: ${{ steps.command.outputs.query }} | |
| run: | | |
| cat > /tmp/prompt.txt << 'PROMPT_EOF' | |
| You are an expert C++ engineer helping with questions about the Velox project. | |
| **IMPORTANT**: First, read the CLAUDE.md file in the repository root for project context. | |
| Key things to know about Velox: | |
| - Velox is a C++ execution engine library for analytical data processing | |
| - Uses C++20 standard with heavy use of templates and SFINAE | |
| - Custom memory management with MemoryPool | |
| - Vectorized execution with custom Vector types | |
| - Follows Google C++ style with some modifications | |
| You have access to: | |
| - The PR diff (changes being proposed) | |
| - The full codebase via View, GlobTool, and GrepTool | |
| - The CLAUDE.md file with project guidelines | |
| Answer the user's question thoroughly and accurately. If the question is about | |
| the PR changes, analyze them carefully. If it's about the codebase, explore | |
| relevant files to provide a complete answer. | |
| Be specific and reference exact file paths and line numbers when relevant. | |
| --- | |
| PROMPT_EOF | |
| cat >> /tmp/prompt.txt << PROMPT_EOF | |
| ## Pull Request Context | |
| - **Title:** ${PR_TITLE} | |
| - **Author:** ${PR_AUTHOR} | |
| - **Changes:** ${DIFF_STATS} | |
| ## PR Description | |
| PROMPT_EOF | |
| printf '%s\n' "${PR_BODY}" >> /tmp/prompt.txt | |
| cat >> /tmp/prompt.txt << 'PROMPT_EOF' | |
| ## User Question | |
| PROMPT_EOF | |
| printf '%s\n' "${USER_QUERY}" >> /tmp/prompt.txt | |
| cat >> /tmp/prompt.txt << 'PROMPT_EOF' | |
| --- | |
| ## PR Diff (for reference) | |
| PROMPT_EOF | |
| cat /tmp/pr.diff >> /tmp/prompt.txt | |
| # Step 9: Run Claude | |
| - name: Run Claude | |
| id: claude_review | |
| uses: anthropics/claude-code-base-action@e8132bc5e637a42c27763fc757faa37e1ee43b34 # beta | |
| env: | |
| CLAUDE_MODEL: ${{ github.event_name == 'workflow_dispatch' && inputs.model || 'claude-opus-4-6' }} | |
| with: | |
| prompt_file: /tmp/prompt.txt | |
| # Use configurable model for thorough analysis, with read-only tools | |
| claude_args: >- | |
| --model ${{ github.event_name == 'workflow_dispatch' && inputs.model || 'claude-opus-4-6' }} | |
| --max-turns 25 | |
| --allowedTools View,GlobTool,GrepTool | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| # Step 7: Save execution log as artifact for debugging | |
| - name: Upload execution log | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: claude-execution-log-${{ github.event_name == 'workflow_dispatch' && inputs.pr_number || github.event.issue.number }} | |
| path: ${{ steps.claude_review.outputs.execution_file }} | |
| retention-days: 7 | |
| if-no-files-found: warn | |
| # Step 11: Post response as PR comment (skip if dry_run) | |
| - name: Post Claude response | |
| if: ${{ !(github.event_name == 'workflow_dispatch' && inputs.dry_run) }} | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| env: | |
| EXECUTION_FILE: ${{ steps.claude_review.outputs.execution_file }} | |
| CONCLUSION: ${{ steps.claude_review.outputs.conclusion }} | |
| REVIEWER: ${{ github.event_name == 'workflow_dispatch' && github.actor || github.event.comment.user.login }} | |
| PR_NUMBER: ${{ github.event_name == 'workflow_dispatch' && inputs.pr_number || github.event.issue.number }} | |
| COMMAND_TYPE: ${{ steps.command.outputs.type || 'review' }} | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| let responseBody = ''; | |
| const commandType = process.env.COMMAND_TYPE; | |
| const isReview = commandType === 'review'; | |
| try { | |
| // Read the execution log (array of messages from claude-code-base-action) | |
| const executionLog = JSON.parse(fs.readFileSync(process.env.EXECUTION_FILE, 'utf8')); | |
| if (!Array.isArray(executionLog)) { | |
| throw new Error('Expected array format from claude-code-base-action'); | |
| } | |
| // Find the "result" message which contains the final response | |
| const resultMessage = executionLog.find(m => m.type === 'result'); | |
| if (!resultMessage) { | |
| responseBody = '⚠️ No result message found in execution log.'; | |
| } else if (resultMessage.subtype === 'success' && resultMessage.result) { | |
| responseBody = resultMessage.result; | |
| } else if (resultMessage.is_error || resultMessage.subtype === 'error') { | |
| const errorInfo = resultMessage.result || resultMessage.error || 'Unknown error'; | |
| responseBody = `❌ **Claude encountered an error:**\n\n${errorInfo}`; | |
| } else if (resultMessage.result) { | |
| responseBody = `⚠️ **Completed with status: ${resultMessage.subtype}**\n\n${resultMessage.result}`; | |
| } else { | |
| responseBody = '⚠️ Claude completed but produced no output.'; | |
| } | |
| } catch (error) { | |
| console.error('Error parsing execution log:', error); | |
| responseBody = '❌ Error parsing Claude response. Please check the workflow logs.'; | |
| } | |
| // Add header and footer based on command type | |
| const conclusion = process.env.CONCLUSION === 'success' ? '✅' : '⚠️'; | |
| const headerTitle = isReview ? 'Claude Code Review' : 'Claude Response'; | |
| const aboutText = isReview | |
| ? 'This review was generated by [Claude Code](https://github.com/anthropics/claude-code-action). It analyzed the PR diff and codebase to provide feedback.' | |
| : 'This response was generated by [Claude Code](https://github.com/anthropics/claude-code-action). It analyzed the PR and codebase to answer your question.'; | |
| const fullComment = `## ${conclusion} ${headerTitle} | |
| *Requested by @${process.env.REVIEWER}* | |
| --- | |
| ${responseBody} | |
| --- | |
| <details> | |
| <summary>ℹ️ About this response</summary> | |
| ${aboutText} | |
| **Limitations:** | |
| - Claude may miss context from files not in the diff | |
| - Large PRs may be truncated | |
| - Always apply human judgment to AI suggestions | |
| **Available commands:** | |
| - \`/claude-review [additional context]\` - Request a code review. Optionally provide additional instructions (e.g., \`/claude-review Please focus on memory safety\`) | |
| - \`/claude-query <question>\` - Ask a question about the PR or codebase | |
| </details>`; | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: parseInt(process.env.PR_NUMBER), | |
| body: fullComment | |
| }); | |
| # Step 8b: Print review to logs if dry_run | |
| - name: Print review to logs (dry run) | |
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }} | |
| env: | |
| EXECUTION_FILE: ${{ steps.claude_review.outputs.execution_file }} | |
| run: | | |
| echo "=== DRY RUN - Review would be posted as comment ===" | |
| echo "" | |
| echo "=== Extracting review from result message ===" | |
| # Find the "result" message and extract based on subtype | |
| RESULT_MSG=$(jq '[.[] | select(.type == "result")] | .[0]' "$EXECUTION_FILE" 2>/dev/null) | |
| if [ "$RESULT_MSG" = "null" ] || [ -z "$RESULT_MSG" ]; then | |
| echo "⚠️ No result message found" | |
| else | |
| SUBTYPE=$(echo "$RESULT_MSG" | jq -r '.subtype // "unknown"') | |
| echo "Status: $SUBTYPE" | |
| echo "" | |
| if [ "$SUBTYPE" = "success" ]; then | |
| echo "$RESULT_MSG" | jq -r '.result // "No result field"' | |
| elif [ "$SUBTYPE" = "error" ]; then | |
| echo "❌ Error:" | |
| echo "$RESULT_MSG" | jq -r '.result // .error // "Unknown error"' | |
| else | |
| echo "⚠️ Status: $SUBTYPE" | |
| echo "$RESULT_MSG" | jq -r '.result // "No result"' | |
| fi | |
| fi | |
| echo "" | |
| echo "=== End of review ===" | |
| # Step 9: Update reaction on completion (only for issue_comment trigger) | |
| - name: Update reaction on success | |
| if: success() && github.event_name == 'issue_comment' | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: 'rocket' | |
| }); | |
| - name: Update reaction on failure | |
| if: failure() && github.event_name == 'issue_comment' | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: 'confused' | |
| }); | |
| # Job to handle unauthorized users attempting to trigger Claude (issue_comment only) | |
| unauthorized-notice: | |
| name: Unauthorized Notice | |
| runs-on: ubuntu-latest | |
| # Job-level permissions | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| if: >- | |
| github.event_name == 'issue_comment' && | |
| github.event.issue.pull_request && | |
| (contains(github.event.comment.body, '/claude-review') || contains(github.event.comment.body, '/claude-query')) && | |
| !contains(fromJSON('["kgpai", "mbasmanova", "pedroerp", "yuhta", "kagamiori", "bikramSingh91", "kevinwilfong", "xiaoxmeng", "kKPulla", "juwentus1234", "penescu", "srsuryadev", "jainxrohit"]'), github.event.comment.user.login) | |
| steps: | |
| - name: Post unauthorized notice | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: `👋 @${context.payload.comment.user.login}, the \`/claude-review\` and \`/claude-query\` commands are currently restricted to a small group of users during this initial rollout. | |
| If you'd like a Claude review, please ask a maintainer to run this command.` | |
| }); |