Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds GitHub Actions workflows to enable Claude Code integration in the repository. Claude Code is an AI coding agent that can assist with bug fixes, documentation, feature implementation, code reviews, and testing through @claude mentions in PR and issue comments.
Changes:
- Added two GitHub Actions workflows for Claude Code integration
- Configured automatic workflow triggers based on PR/issue comments and events
- Set up necessary permissions and security configurations for Claude Code access
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/workflows/claude.yml | Defines workflow to trigger Claude Code when @claude is mentioned in comments or issue/PR bodies |
| .github/workflows/claude-code-review.yml | Sets up automated Claude Code reviews for PRs when opened, synchronized, or reopened |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read |
There was a problem hiding this comment.
The workflow requires 'contents: read' permission but Claude Code may need to create branches and commits as mentioned in the PR description. Consider adding 'contents: write' permission to allow Claude to perform file modifications.
| contents: read | |
| contents: write |
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
The workflow has 'pull-requests: read' but Claude needs to create comments and potentially modify PRs as described in the PR description. Consider changing this to 'pull-requests: write' to enable full Claude functionality.
| pull-requests: read | |
| pull-requests: write |
| permissions: | ||
| contents: read | ||
| pull-requests: read | ||
| issues: read |
There was a problem hiding this comment.
The workflow has 'issues: read' but Claude needs to comment on issues as mentioned in the PR description. Consider changing this to 'issues: write' to allow Claude to respond to issues.
| issues: read | |
| issues: write |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This PR is being reviewed by Cursor Bugbot
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| contents: read | ||
| pull-requests: read | ||
| issues: read | ||
| id-token: write |
There was a problem hiding this comment.
Workflow permissions too restrictive for write operations
Medium Severity
The workflow permissions specify contents: read, pull-requests: read, and issues: read, but the PR description states Claude can "create comments, branches, and commits." These write operations require contents: write, pull-requests: write, and issues: write permissions respectively. Unless the claude-code-action uses a separate GitHub App for authentication, these restrictive permissions will prevent Claude from posting review comments or creating branches/commits.
Additional Locations (1)
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | ||
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) |
There was a problem hiding this comment.
Workflow triggers duplicate runs on issue assignment
Low Severity
The issues trigger includes both opened and assigned event types, but the if condition only checks if @claude exists in the issue body or title. When an issue containing @claude is created, Claude runs. Later, when that same issue is assigned to someone, the workflow triggers again because the body still contains @claude. This causes duplicate Claude responses for the same mention and wastes API credits.
🤖 Installing Claude Code GitHub App
This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.
What is Claude Code?
Claude Code is an AI coding agent that can help with:
How it works
Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.
Important Notes
Security
There's more information in the Claude Code action repo.
After merging this PR, let's try mentioning @claude in a comment on any PR to get started!
Note
Medium Risk
Adds third-party GitHub Actions that run on PR events and on
@claudementions, introducing new automation and dependency on external action/plugin execution (and related secret/permissions configuration). Main risk is unintended workflow triggers or over-broad permissions rather than code changes.Overview
Adds two new GitHub Actions workflows to integrate Anthropic Claude Code.
claude.ymlruns theanthropics/claude-code-action@v1when an issue/PR comment or review contains@claude, with read permissions (includingactions: read) and an OAuth token secret.claude-code-review.ymlruns an automated PR review job on PR open/sync/reopen events using the Claude Code Review plugin (code-review@claude-code-plugins) and a fixed/code-review:code-reviewprompt.Written by Cursor Bugbot for commit 64f8f4e. This will update automatically on new commits. Configure here.