feat: add Print menu under Project menu via PrintControl #343
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code Review | |
| # Uses pull_request_target so the workflow has access to repository secrets | |
| # (CLAUDE_CODE_OAUTH_TOKEN) even for PRs opened from forks, which lets Claude | |
| # review and comment on ALL PRs. This is safe here because the job only reads | |
| # the diff and posts comments. It never installs dependencies or executes the | |
| # PR's code, so untrusted fork code is never run with the elevated token. | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| # Optional: Only run on specific file changes | |
| # paths: | |
| # - "src/**/*.ts" | |
| # - "src/**/*.tsx" | |
| # - "src/**/*.js" | |
| # - "src/**/*.jsx" | |
| jobs: | |
| claude-review: | |
| # Optional: Filter by PR author | |
| # if: | | |
| # github.event.pull_request.user.login == 'external-contributor' || | |
| # github.event.pull_request.user.login == 'new-developer' || | |
| # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| steps: | |
| - name: Checkout PR head (read-only; code is reviewed, not executed) | |
| uses: actions/checkout@v6 | |
| with: | |
| # pull_request_target defaults to the base ref; explicitly check out | |
| # the PR head so Claude reviews the proposed changes. | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 1 | |
| - name: Run Claude Code Review | |
| id: claude-review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| # Use the workflow's GITHUB_TOKEN for GitHub API calls instead of the | |
| # default OIDC -> Claude GitHub App token exchange. That exchange | |
| # returns "401 Invalid OIDC token" for OIDC tokens minted in a | |
| # pull_request_target context, which broke review on fork PRs. Under | |
| # pull_request_target GITHUB_TOKEN already carries the pull-requests | |
| # and issues write scopes this job declares, so it can post the review | |
| # (as github-actions[bot]). claude_code_oauth_token still authenticates | |
| # Claude to the model. | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| prompt: | | |
| Perform a thorough code review of pull request ${{ github.repository }}/pull/${{ github.event.pull_request.number }}. | |
| Inspect the changes with `gh pr diff` and `gh pr view`. When the diff alone is not enough to judge correctness, read the surrounding source files for context. | |
| Review the changed code for: | |
| - Bugs and logic errors, including edge cases, race conditions, and missing error handling | |
| - Security issues such as injection, unsafe input handling, and leaked secrets | |
| - Performance problems and obvious inefficiencies | |
| - Code quality, readability, naming, and maintainability | |
| - Adherence to any CLAUDE.md guidelines that apply to the changed files | |
| Concentrate on the changed lines, but use repository context to judge whether they are correct. Report findings across a range of confidence levels, not only near-certain ones. It is fine to raise a well-reasoned concern even when you are not fully certain, as long as you state your confidence and reasoning. Skip pre-existing issues unrelated to this change. | |
| Post specific findings as inline review comments on the relevant lines using the create_inline_comment tool. For each comment, briefly explain the issue and, when the fix is small and self-contained, include a committable suggestion block. Group minor nits together rather than posting many separate inline comments. | |
| After posting inline comments, post exactly one summary comment with `gh pr comment` that starts with the heading "## Code review" and lists the findings grouped by category (Bugs, Security, Performance, Quality, CLAUDE.md), each with a one-line description and confidence. If you genuinely find nothing worth raising, say so and note what you checked. | |
| Do not approve, merge, or modify any code. Only review and comment. Do not use web fetch; use the gh CLI for all GitHub interactions. | |
| claude_args: | | |
| --allowedTools "Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr comment:*),Read,Grep,Glob,mcp__github_inline_comment__create_inline_comment" | |
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | |
| # or https://code.claude.com/docs/en/cli-reference for available options |