feat(patterns): add trust middleware guardrails recipe #400
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude PR Review | |
| on: | |
| pull_request: | |
| types: [opened, ready_for_review, synchronize] | |
| paths: | |
| - '**/*.ipynb' | |
| - '**/*.py' | |
| - '.github/workflows/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| workflow_dispatch: | |
| inputs: | |
| pr_number: | |
| description: 'PR number to review' | |
| required: true | |
| type: number | |
| jobs: | |
| pr-review: | |
| # Only run for internal contributors (not forks) unless manually triggered | |
| if: github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| id-token: write # Anthropic Workload Identity Federation | |
| steps: | |
| - name: Set PR number | |
| id: pr-number | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| echo "number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout PR | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/pull/{0}/head', inputs.pr_number) || '' }} | |
| - name: Run Claude PR Review | |
| uses: anthropics/claude-code-action@bbfaf8e1ffe3e688f7ab65ceee78de241e24a238 # v1.0.132 (>=v1.0.130 for WIF inputs) | |
| with: | |
| # Anthropic auth via Workload Identity Federation — the action | |
| # exchanges this job's GitHub OIDC token (id-token: write above) | |
| # for a short-lived access token instead of a static API key. | |
| anthropic_federation_rule_id: fdrl_01SqmTwzmEE547mtaYN1mqHL | |
| anthropic_organization_id: 1ec12c5c-6542-4da8-bf2f-c15919aef01c | |
| anthropic_service_account_id: svac_01BHcCBa1UWFvNrHMqJjuaUZ | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| prompt: | | |
| /review-pr-ci ${{ steps.pr-number.outputs.number }} | |
| claude_args: | | |
| --allowedTools "SlashCommand,Task,Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr review:*),Bash(git diff:*),Bash(git log:*),Read,Glob,Grep" | |
| env: | |
| PR_NUMBER: ${{ steps.pr-number.outputs.number }} |