-
Notifications
You must be signed in to change notification settings - Fork 395
136 lines (117 loc) · 5.68 KB
/
claude-code-review.yml
File metadata and controls
136 lines (117 loc) · 5.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Claude Code Review
on:
pull_request_target:
types: [opened, synchronize, ready_for_review]
workflow_dispatch:
inputs:
pr_number:
description: Pull request number to review
required: true
type: string
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"
jobs:
claude-review:
if:
github.event_name == 'workflow_dispatch' || github.event.action ==
'ready_for_review' || !github.event.pull_request.draft
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
id-token: write
actions: read
steps:
# Resolve the PR head repo/ref first so both pull_request_target and
# workflow_dispatch runs can checkout forked branches correctly.
- name: Resolve PR metadata
id: pr
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const prNumber =
context.eventName === 'workflow_dispatch'
? Number('${{ inputs.pr_number }}')
: context.payload.pull_request.number;
const { data: pr } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: prNumber,
});
core.setOutput('number', String(pr.number));
core.setOutput('head_repo', pr.head.repo.full_name);
core.setOutput('head_ref', pr.head.ref);
# Checkout the fork's branch so Claude can read the actual PR code.
# Using the PR head repo/ref works for both fork and non-fork PRs.
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: ${{ steps.pr.outputs.head_repo }}
ref: ${{ steps.pr.outputs.head_ref }}
fetch-depth: 0
- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
allowed_bots: dependabot,dependabot[bot],kodiakhq,kodiakhq[bot],github-actions,github-actions[bot],cursor,cursor[bot],claude,claude[bot]
github_token: ${{ secrets.GITHUB_TOKEN }} # Bypasses OIDC auth (required for pull_request_target)
allowed_non_write_users: '*' # Allows fork contributors to trigger reviews
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ steps.pr.outputs.number }}
Please review this pull request. Use the repository's CLAUDE.md for guidance on style and conventions.
**IMPORTANT: Keep your review SHORT and ACTIONABLE.**
Format your review as a concise bulleted list focusing ONLY on:
- Critical bugs or security issues (if any)
- Important code quality issues or violations of project patterns
- Must-fix items before merge
Skip minor style nitpicks, explanations of obvious issues, and lengthy justifications unless critical.
Each item should be: **Issue** → **Fix** (one line each when possible).
Example format:
- ❌ Unvalidated user input in API endpoint → Add input validation
- ⚠️ Missing error handling in async function → Wrap in try-catch
- 🔒 Hardcoded credentials in config.ts → Move to environment variables
If there are NO critical issues, simply say "✅ No critical issues found."
Note: If the team wants a more thorough review, they can comment on the PR requesting one.
CRITICAL OUTPUT REQUIREMENTS:
1. Return a JSON object with a single "review" field containing your full markdown review.
2. The review markdown must start with EXACTLY these two lines:
<!-- claude-code-review -->
## PR Review
3. Do not post the review yourself using GitHub CLI or any comment tool.
4. The workflow will create or update the PR comment using your structured output.
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
claude_args: |
--setting-sources user
--allowedTools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"
--json-schema '{"type":"object","properties":{"review":{"type":"string","description":"Complete markdown review starting with <!-- claude-code-review --> on the first line and ## PR Review on the second line"}},"required":["review"]}'
- name: Find existing Claude review
uses: peter-evans/find-comment@v4
id: find-claude-comment
with:
issue-number: ${{ steps.pr.outputs.number }}
comment-author: github-actions[bot]
body-includes: '<!-- claude-code-review -->'
direction: last
- name: Post or update Claude review
uses: peter-evans/create-or-update-comment@v5
with:
comment-id: ${{ steps.find-claude-comment.outputs.comment-id }}
issue-number: ${{ steps.pr.outputs.number }}
body:
${{ fromJSON(steps.claude-review.outputs.structured_output).review
}}
edit-mode: replace