Publish Package Metadata gcp@v9.29.0 #1111
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code Review | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - ready_for_review | |
| jobs: | |
| review: | |
| # Skip draft PRs | |
| if: ${{ !github.event.pull_request.draft }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: read | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Check if review should run | |
| id: should_review | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| const author = context.payload.pull_request.user.login; | |
| const labels = context.payload.pull_request.labels.map(l => l.name); | |
| // Skip known bot accounts | |
| const skipBots = ['pulumi-bot', 'dependabot[bot]', 'github-actions[bot]', 'pulumi-renovate[bot]']; | |
| if (skipBots.includes(author)) { | |
| core.info(`Skipping review for bot author: ${author}`); | |
| core.setOutput('should_run', 'false'); | |
| return; | |
| } | |
| // Skip automation-labeled PRs (metadata-only, no preview needed) | |
| if (labels.includes('automation/tfgen-provider-docs')) { | |
| core.info(`Skipping review for automation PR with label: automation/tfgen-provider-docs`); | |
| core.setOutput('should_run', 'false'); | |
| return; | |
| } | |
| // Always allow whitelisted bots | |
| const allowedBots = ['github-copilot[bot]']; | |
| if (allowedBots.includes(author)) { | |
| core.setOutput('should_run', 'true'); | |
| return; | |
| } | |
| // Check if author has write access | |
| try { | |
| const { data: permissionData } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: author, | |
| }); | |
| const permission = permissionData.permission; | |
| const hasPermission = ['write', 'maintain', 'admin'].includes(permission); | |
| core.setOutput('should_run', hasPermission.toString()); | |
| if (!hasPermission) { | |
| core.info(`Author ${author} has '${permission}' permission. Skipping auto-review.`); | |
| } | |
| } catch (error) { | |
| core.info(`Could not check permissions for ${author}: ${error.message}. Skipping.`); | |
| core.setOutput('should_run', 'false'); | |
| } | |
| - name: Checkout repository | |
| if: steps.should_review.outputs.should_run == 'true' | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run Claude Code Review | |
| if: steps.should_review.outputs.should_run == 'true' | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| model: claude-opus-4-6 | |
| prompt: | | |
| You are running in a CI environment. Review pull request #${{ github.event.pull_request.number }} by following the instructions in .claude/commands/registry-review.md under the 'Continuous Integration (CI) Context' section. | |
| claude_args: "--allowedTools 'Read,Glob,Grep,Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr comment:*),Bash(gh issue view:*)'" |