Skip to content

Commit e4455e3

Browse files
committed
Use pull_request_target for claude-code-review workflow
Switch from pull_request to pull_request_target so fork PRs can access OIDC tokens and secrets needed by claude-code-action. Explicitly checkout the PR head SHA since pull_request_target defaults to the base branch.
1 parent 1ac42fc commit e4455e3

File tree

1 file changed

+3
-14
lines changed

1 file changed

+3
-14
lines changed

.github/workflows/claude-code-review.yml

Lines changed: 3 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,11 @@
11
name: Claude Code Review
22

33
on:
4-
pull_request:
4+
pull_request_target:
55
types: [opened, synchronize, ready_for_review, reopened]
6-
# Optional: Only run on specific file changes
7-
# paths:
8-
# - "src/**/*.ts"
9-
# - "src/**/*.tsx"
10-
# - "src/**/*.js"
11-
# - "src/**/*.jsx"
126

137
jobs:
148
claude-review:
15-
# Optional: Filter by PR author
16-
# if: |
17-
# github.event.pull_request.user.login == 'external-contributor' ||
18-
# github.event.pull_request.user.login == 'new-developer' ||
19-
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
20-
219
runs-on: ubuntu-latest
2210
permissions:
2311
contents: read
@@ -26,9 +14,10 @@ jobs:
2614
id-token: write
2715

2816
steps:
29-
- name: Checkout repository
17+
- name: Checkout PR head
3018
uses: actions/checkout@v4
3119
with:
20+
ref: ${{ github.event.pull_request.head.sha }}
3221
fetch-depth: 1
3322

3423
- name: Run Claude Code Review

0 commit comments

Comments
 (0)