Skip to content
.github/workflows/claude-issue-duplicate-check.yml

ci: harden Claude workflows #28

Sign in to view logs

ci: harden Claude workflows

ci: harden Claude workflows #28

Workflow file for this run

.github/workflows/claude-issue-duplicate-check.yml at 21c796a
name: Claude Issue Duplicate Check

Check failure on line 1 in .github/workflows/claude-issue-duplicate-check.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/claude-issue-duplicate-check.yml

Invalid workflow file 

(Line: 22, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANTHROPIC_API_KEY == '', (Line: 26, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANTHROPIC_API_KEY != '', (Line: 32, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANTHROPIC_API_KEY != '', (Line: 58, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANTHROPIC_API_KEY != '', (Line: 69, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANTHROPIC_API_KEY != ''
on:
issues:
types: [opened]
jobs:
check-duplicate:
if: |
!endsWith(github.actor, '[bot]')
runs-on: ubuntu-latest
timeout-minutes: 10
concurrency:
group: ${{ github.workflow }}-${{ github.event.issue.number }}
cancel-in-progress: false
permissions:
contents: read
issues: write
steps:
- name: Skip (missing ANTHROPIC_API_KEY)
if: ${{ secrets.ANTHROPIC_API_KEY == '' }}
run: echo "ANTHROPIC_API_KEY is not configured; skipping duplicate check."
- name: Checkout repository
if: ${{ secrets.ANTHROPIC_API_KEY != '' }}
uses: actions/checkout@v5
with:
fetch-depth: 1
- name: Ensure duplicate label exists
if: ${{ secrets.ANTHROPIC_API_KEY != '' }}
uses: actions/github-script@v7
with:
github-token: ${{ github.token }}
script: |
const { owner, repo } = context.repo;
const name = "duplicate";
try {
await github.rest.issues.getLabel({ owner, repo, name });
return;
} catch (e) {
if (e.status !== 404) throw e;
}
try {
await github.rest.issues.createLabel({
owner,
repo,
name,
color: "cfd3d7",
description: "Duplicate issue",
});
} catch (e) {
if (e.status !== 422) throw e;
}
- name: Load prompt
if: ${{ secrets.ANTHROPIC_API_KEY != '' }}
id: prompt
shell: bash
run: |
{
echo "prompt<<'EOF'"
cat .github/prompts/claude-issue-duplicate-check.md
echo "EOF"
} >> "$GITHUB_OUTPUT"
- name: Run Claude duplicate check
if: ${{ secrets.ANTHROPIC_API_KEY != '' }}
uses: anthropics/claude-code-action@v1
env:
ISSUE_NUMBER: ${{ github.event.issue.number }}
GH_TOKEN: ${{ github.token }}
GITHUB_TOKEN: ${{ github.token }}
ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
github_token: ${{ github.token }}
allowed_non_write_users: "*"
prompt: ${{ steps.prompt.outputs.prompt }}
claude_args: "--max-turns 30 --allowedTools Bash(*)"
use_commit_signing: false