Skip to content

Commit 88465fc

Browse files
dvasilasdvasilas
authored
Merge pull request #84 from scality/feat/add-dependency-review-workflow
Add dependency bump review workflow
2 parents 9eabca5 + 1ead741 commit 88465fc

File tree

2 files changed

+74
-0
lines changed

2 files changed

+74
-0
lines changed

.github/workflows/claude-code-dependency-review.yml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
name: Claude Code Dependency Review
2+
3+
on:
4+
workflow_call:
5+
secrets:
6+
GCP_WORKLOAD_IDENTITY_PROVIDER:
7+
required: true
8+
description: GCP Workload Identity Provider for Vertex AI
9+
GCP_SERVICE_ACCOUNT:
10+
required: true
11+
description: GCP Service Account for Vertex AI
12+
ANTHROPIC_VERTEX_PROJECT_ID:
13+
required: true
14+
description: GCP project ID for Vertex AI
15+
CLOUD_ML_REGION:
16+
required: true
17+
description: GCP region for Vertex AI
18+
19+
jobs:
20+
dependency-review:
21+
runs-on: ubuntu-latest
22+
timeout-minutes: 15
23+
permissions:
24+
contents: read
25+
pull-requests: write
26+
id-token: write
27+
28+
steps:
29+
- uses: actions/checkout@v6
30+
with:
31+
fetch-depth: 1
32+
33+
- name: Install dependencies
34+
id: install-deps
35+
if: hashFiles('yarn.lock') != ''
36+
continue-on-error: true
37+
run: yarn install --frozen-lockfile
38+
39+
- name: Warn on failed dependency install
40+
if: steps.install-deps.outcome == 'failure'
41+
run: echo "::warning::yarn install failed — dependency review will run without node_modules. This may happen if the project uses private registries requiring authentication."
42+
43+
- name: Authenticate to Google Cloud
44+
uses: google-github-actions/auth@v2
45+
with:
46+
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
47+
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
48+
49+
- name: Run Claude Code Dependency Review
50+
id: dependency-review
51+
continue-on-error: true
52+
uses: anthropics/claude-code-action@v1
53+
with:
54+
github_token: ${{ github.token }}
55+
use_vertex: "true"
56+
plugin_marketplaces: https://github.com/scality/agent-hub
57+
plugins: scality-skills@scality-agent-hub
58+
prompt: "/review-dependency-bump REPO: ${{ github.repository }} PR_NUMBER: ${{ github.event.pull_request.number }}"
59+
claude_args: |
60+
--allowedTools "Read" "Grep" "WebFetch" "Bash(gh repo view *)" "Bash(gh pr view *)" "Bash(gh pr comment *)" "Bash(gh pr review *)" "Bash(gh api *)"
61+
--model "claude-opus-4-6"
62+
env:
63+
ANTHROPIC_VERTEX_PROJECT_ID: ${{ secrets.ANTHROPIC_VERTEX_PROJECT_ID }}
64+
CLOUD_ML_REGION: ${{ secrets.CLOUD_ML_REGION }}

.github/workflows/review.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,19 @@ on:
66

77
jobs:
88
review:
9+
if: github.actor != 'dependabot[bot]'
910
uses: ./.github/workflows/claude-code-review.yml
1011
secrets:
1112
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
1213
GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
1314
ANTHROPIC_VERTEX_PROJECT_ID: ${{ secrets.ANTHROPIC_VERTEX_PROJECT_ID }}
1415
CLOUD_ML_REGION: ${{ secrets.CLOUD_ML_REGION }}
16+
17+
review-dependency-bump:
18+
if: github.actor == 'dependabot[bot]'
19+
uses: ./.github/workflows/claude-code-dependency-review.yml
20+
secrets:
21+
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
22+
GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
23+
ANTHROPIC_VERTEX_PROJECT_ID: ${{ secrets.ANTHROPIC_VERTEX_PROJECT_ID }}
24+
CLOUD_ML_REGION: ${{ secrets.CLOUD_ML_REGION }}

0 commit comments

Comments
 (0)