Skip to content
Claude Code

Implement loops within application form flows #224

Sign in to view logs

Implement loops within application form flows

Implement loops within application form flows #224

Workflow file for this run

.github/workflows/claude.yml at a16dcfd
name: Claude Code
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened]
pull_request_review:
types: [submitted]
jobs:
claude:
# Only run for trusted actors (repo owners, members, collaborators).
# Without this guard, any GitHub user commenting "@claude" could trigger
# a job with contents: write / pull-requests: write permissions.
if: |
(
github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '@claude') &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
) ||
(
github.event_name == 'pull_request_review_comment' &&
contains(github.event.comment.body, '@claude') &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
) ||
(
github.event_name == 'pull_request_review' &&
contains(github.event.review.body, '@claude') &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.review.author_association)
) ||
(
github.event_name == 'issues' &&
(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)
)
runs-on: ubuntu-latest
permissions:
contents: write # Required for Claude to push branches
pull-requests: write # Required for Claude to open and update PRs
issues: write # Required for Claude to comment on issues
id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
# Install Ruby and project dependencies so Claude can run `make test` / `make lint`.
# Mirrors the setup in .github/workflows/ci.yml. `make setup` also boots Postgres
# via docker compose and prepares the test DB.
- uses: ruby/setup-ruby@v1
- name: Install deps and initialize DB
run: make setup
# Claude reads CLAUDE.md from the checked-out repo automatically, and CLAUDE.md
# points at .github/claude-sandbox-instructions.md for CI-specific workflow rules
# (plan-then-approve, branch + PR flow, stop-and-comment on hard decisions).
# Edit that file to change how Claude behaves in CI.
- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
actions: read
# Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
# prompt: 'Update the pull request description to include a summary of changes.'
# Allow Claude to create branches and open PRs, but not merge.
# git is enumerated rather than wildcarded to exclude reset/clean/remote/tag.
# Pushes to protected branches are blocked by branch protection rules at the repo level.
# make targets are enumerated (not `make:*`) to prevent `-f` / `-C` / variable
# overrides from being used to execute arbitrary shell. Add new targets here
# explicitly as needs arise.
claude_args: >-
--allowed-tools "Bash(make test),Bash(make lint),Bash(make lint-ci),Bash(make db-migrate),Bash(make db-test-prepare),Bash(git status:*),Bash(git diff:*),Bash(git log:*),Bash(git show:*),Bash(git blame:*),Bash(git rev-parse:*),Bash(git branch:*),Bash(git checkout:*),Bash(git switch:*),Bash(git add:*),Bash(git rm:*),Bash(git mv:*),Bash(git restore:*),Bash(git commit:*),Bash(git push:*),Bash(git fetch:*),Bash(git pull:*),Bash(git stash:*),Bash(git rebase:*),Bash(git merge:*),Bash(git config:*),Bash(gh pr create:*),Bash(gh pr edit:*),Bash(gh pr comment:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh pr diff:*),Bash(gh pr checks:*),Bash(gh issue view:*),Bash(gh issue list:*),Bash(gh issue comment:*)"