Skip to content
Claude Main Branch Check

Release: dev to main (v1.0.0) #3

Sign in to view logs

Release: dev to main (v1.0.0)

Release: dev to main (v1.0.0) #3

Workflow file for this run

.github/workflows/claude-main-check.yml at a451691
name: Claude Main Branch Check
# Final release validation: enforces dev to main rule and runs a minimal
# Claude check before merging into main.
on:
pull_request:
types: [opened, synchronize, reopened]
branches: [main]
permissions:
contents: read
pull-requests: write
issues: read
id-token: write
concurrency:
group: claude-main-check-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
enforce-source-branch:
name: Enforce dev to main rule
runs-on: ubuntu-latest
outputs:
is_from_dev: ${{ steps.check.outputs.is_from_dev }}
steps:
- name: Check source branch
id: check
env:
HEAD_REF: ${{ github.event.pull_request.head.ref }}
uses: actions/github-script@v7
with:
script: |
const headRef = process.env.HEAD_REF;
const isFromDev = headRef === 'dev';
core.setOutput('is_from_dev', String(isFromDev));
if (!isFromDev) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: [
'**Invalid PR source**',
'',
'PRs to `main` must come from the `dev` branch only.',
'',
`Current source: \`${headRef}\``,
'',
'Please:',
'1. Close this PR',
'2. Merge your changes into `dev` first',
'3. Use the `Auto-Create Release PR (dev to main)` workflow',
].join('\n'),
});
core.setFailed(`PRs to main must come from 'dev'. Got: ${headRef}`);
}
claude-release-validation:
name: Claude Release Validation
needs: enforce-source-branch
if: needs.enforce-source-branch.outputs.is_from_dev == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Claude minimal release check
id: claude-check
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
This is a RELEASE PR from dev to main. Perform a MINIMAL final validation
(heavy review already happened on dev). Focus only on release-readiness:
1. CHANGELOG.md
- Is CHANGELOG.md updated with a new version section?
- Has the [Unreleased] content been moved into a versioned section?
- Does the version follow semver (MAJOR.MINOR.PATCH)?
2. Version consistency
- Does pyproject.toml version match the CHANGELOG version?
3. Breaking changes
- Documented? Migration notes provided when needed?
4. Quality gates
- Use `gh pr view ${{ github.event.pull_request.number }} --json statusCheckRollup`
to confirm dev-side checks were green.
Do NOT re-review code or re-run security scans.
Reply with one of:
- `Release validation passed - ready to merge`
- `Release validation failed: <reasons>`
Use `gh pr comment` to post your verdict.
claude_args: '--allowed-tools "Bash(gh pr view:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr list:*)"'
- name: Validation summary
if: always()
uses: actions/github-script@v7
env:
CHECK_OUTCOME: ${{ steps.claude-check.outcome }}
with:
script: |
const outcome = process.env.CHECK_OUTCOME;
const passed = outcome === 'success';
const body = passed
? 'Claude release validation completed successfully. Heavy review already passed on `dev`; this was a minimal final gate.'
: 'Claude release validation completed with warnings. Please review feedback above before merging.';
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body,
});