ci: add claude code github action

[froggy1014]

Changes

Summary by CodeRabbit

• 신규 기능

  • PR 생성·동기화 시 자동 AI 코드 리뷰가 실행됩니다.
  • 댓글·리뷰·이슈 본문에서 @claude 호출로 온디맨드 도움말/분석을 요청할 수 있습니다.
  • 모델, 트리거 문구, 추가 권한, 도구 사용 등 동작을 프로젝트에 맞게 구성할 수 있습니다.

• 기타 작업

  • 워크플로 권한과 실행 조건을 정비해 CI와 연동되고, 저장소 체크아웃 및 토큰 사용을 표준화했습니다.

[changeset-bot]

⚠️ No Changeset found

Latest commit: aa88a27

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

두 개의 GitHub Actions 워크플로우가 추가되었다. 하나는 PR 오픈/동기화 시 자동 코드 리뷰를 수행하고, 다른 하나는 댓글·리뷰·이슈에서 특정 트리거 문구(@claude) 감지 시 작업을 실행한다. 두 워크플로우 모두 저장소 체크아웃 후 claude-code-action을 호출하며 시크릿 토큰과 선택적 설정을 지원한다.

Changes

Cohort / File(s)	Change Summary
PR 자동 코드 리뷰 워크플로우 .github/workflows/claude-code-review.yml	PR(opened, synchronize) 트리거 추가. 권한(contents/pull-requests/issues: read, id-token: write) 설정. 체크아웃(fetch-depth: 1) 후 anthropics/claude-code-action@beta 실행. 모델/프롬프트/스티키 코멘트/파일·작성자별 프롬프트/허용 도구/스킵 조건 등 주석 기반 옵션 포함.
멘션 기반 어시스턴트 트리거 워크플로우 .github/workflows/claude.yml	issue_comment, pull_request_review_comment, issues, pull_request_review 이벤트에서 @claude 트리거 감지 시 실행. 권한(contents/pull-requests/issues/actions: read, id-token: write) 부여. 체크아웃 후 claude-code-action 호출. 추가 권한(actions: read) 전달. 트리거 문구/지정 수신자/허용 도구/커스텀 지시/환경변수 옵션 제공.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub
  participant WF as Workflow: claude-code-review.yml
  participant Act as claude-code-action
  Note over GH,WF: PR opened / synchronize
  Dev->>GH: Open or update PR
  GH-->>WF: Trigger job (permissions set)
  WF->>WF: actions/checkout (fetch-depth: 1)
  WF->>Act: Run with CLAUDE_CODE_OAUTH_TOKEN<br/>model + direct_prompt
  Act-->>WF: Analysis results (review comments)
  WF-->>GH: Post review output

Loading

sequenceDiagram
  autonumber
  actor User as User
  participant GH as GitHub
  participant WF as Workflow: claude.yml
  participant Act as claude-code-action
  rect rgba(200,235,255,0.25)
  Note over GH,WF: Event: issue_comment / PR review comment / issues / PR review
  end
  User->>GH: Create comment/review/issue (@claude)
  GH-->>WF: Conditional trigger (contains @claude)
  WF->>WF: actions/checkout (fetch-depth: 1)
  WF->>Act: Run with token + actions:read
  Note over Act: Optional tools/env/instructions
  Act-->>WF: Response (analysis or reply)
  WF-->>GH: Post comment/reply

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

귀 세운 토끼가 깡총, PR 숲을 누벼요
바람결 멘션 한 줄, “@claude” 부르면 와요
자동 리뷰 한 올, 코멘트 두 올 고와요
워크플로우 길 따라, 체크아웃 발자국 남겨요
오늘도 CI 별빛 아래, 코드 꿈을 엮어요 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-claude-github-actions-1755769236327

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for side-design-system ready!

Name	Link
🔨 Latest commit	aa88a27
🔍 Latest deploy log	https://app.netlify.com/projects/side-design-system/deploys/68a6ea090a8f90000821b94b
😎 Deploy Preview	https://deploy-preview-198--side-design-system.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (10)

.github/workflows/claude-code-review.yml (5)

5-5: PR 재오픈 이벤트도 커버하세요.

pull_request.types에 reopened를 추가하면 재오픈된 PR도 자동 리뷰됩니다.

-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]

---

13-21: 중복 실행 방지: 동시성(concurrency) 그룹 추가 제안.

푸시가 빠르게 연속 발생하면 이전 실행을 취소하도록 워크플로 수준 concurrency를 권장합니다.

 name: Claude Code Review

 on:
   pull_request:
     types: [opened, synchronize, reopened]
+
+concurrency:
+  group: claude-review-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true

---

55-55: 코멘트 스팸 방지: sticky comment 활성화를 고려하세요.

PR에 추가 커밋이 올라와도 같은 코멘트를 업데이트해 노이즈를 줄일 수 있습니다.

-          # use_sticky_comment: true
+          use_sticky_comment: true

---

3-12: 포크 PR에서 시크릿 접근 불가 이슈 안내.

pull_request 이벤트는 포크에서 생성된 PR에 대해 리포지토리 시크릿(CLAUDE_CODE_OAUTH_TOKEN)을 노출하지 않습니다. 포크 PR 자동 리뷰가 필요하다면 아래 중 하나를 검토하세요.

• pull_request_target로 전환 + 엄격한 경로/권한 제한(보안 주의 필수)
• 유지보수자 트리거(댓글 명령) 기반 실행으로 한정
• 수동 workflow_dispatch 사용

필요한 운영 모델(포크 PR 자동/수동)에 따라 구성 변경이 필요하면 알려 주세요. 안전한 템플릿을 제안해 드리겠습니다.

---

40-42: YAML 스타일: 후행 공백/불필요 공백 줄 제거.

정적 분석이 후행 공백과 잉여 빈 줄을 지적했습니다. CI 안정성을 위해 정리해 주세요.

영향 라인: 20, 27, 51, 56, 64, 67, 70, 73, 78 (후행 공백), 마지막 빈 줄(79).

팁: pre-commit에 trailing-whitespace 훅 또는 yamlfmt/yamllint를 추가해 자동화하세요.

Also applies to: 54-78

.github/workflows/claude.yml (5)

15-20: 널 세이프 가드 추가로 조건식 견고화.

일부 이벤트에서 body가 null일 수 있습니다. contains() 호출 전 존재 여부를 AND로 가드해 NPE성 오류를 회피하세요.

   claude:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
-      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    if: |
+      (github.event_name == 'issue_comment'
+        && github.event.comment
+        && github.event.comment.body
+        && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment'
+        && github.event.comment
+        && github.event.comment.body
+        && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review'
+        && github.event.review
+        && github.event.review.body
+        && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues'
+        && (
+          (github.event.issue && github.event.issue.body && contains(github.event.issue.body, '@claude')) ||
+          (github.event.issue && github.event.issue.title && contains(github.event.issue.title, '@claude'))
+        ))

---

3-12: 동시성(concurrency) 그룹 추가로 중복 실행 방지.

댓글 폭주 시 이전 실행 취소를 위해 워크플로 상단에 concurrency를 권장합니다.

 on:
   issue_comment:
     types: [created]
   pull_request_review_comment:
     types: [created]
   issues:
     types: [opened, assigned]
   pull_request_review:
     types: [submitted]
+
+concurrency:
+  group: claude-trigger-${{ github.event_name }}-${{ github.run_id }}
+  cancel-in-progress: true

---

16-19: 트리거 오탐 줄이기: 정확도 높은 매칭 사용 고려.

contains(..., '@claude')는 인용문/템플릿에도 반응할 수 있습니다. 의도 시그널만 트리거하려면 startsWith 또는 match 사용을 고려하세요.

예:

startsWith(github.event.comment.body, '@claude')

또는

match(github.event.comment.body, '(^|\\s)@claude(\\b|\\:)')

---

42-42: YAML 포맷: 후행 공백 및 잉여 빈 줄 제거.

정적 분석 경고를 정리해 CI 노이즈를 줄이세요.

팁: yamllint + pre-commit(trailing-whitespace, end-of-file-fixer)로 자동화.

Also applies to: 45-45, 48-48, 51-51, 54-54, 60-60, 64-64

---

37-41: 권한 추가 전달 로직 확인.

additional_permissions: actions: read는 액션 입력으로 전달되어 CI 상태 읽기를 허용합니다. 상단 permissions.actions: read와 중복되지만 목적이 다를 수 있으니(액션 내부 호출) 유지해도 무방합니다. 다만 불필요 시 한쪽만 남겨 단순화 가능합니다.

원하시면 최소 권한 구성을 문서화한 예시도 추가해 드리겠습니다.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e32225d and aa88a27.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml (1 hunks)
• .github/workflows/claude.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/claude.yml

[error] 42-42: trailing spaces

(trailing-spaces)

---

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 48-48: trailing spaces

(trailing-spaces)

---

[error] 51-51: trailing spaces

(trailing-spaces)

---

[error] 54-54: trailing spaces

(trailing-spaces)

---

[error] 60-60: trailing spaces

(trailing-spaces)

---

[warning] 64-64: too many blank lines (1 > 0)

(empty-lines)

.github/workflows/claude-code-review.yml

[error] 20-20: trailing spaces

(trailing-spaces)

---

[error] 27-27: trailing spaces

(trailing-spaces)

---

[error] 51-51: trailing spaces

(trailing-spaces)

---

[error] 56-56: trailing spaces

(trailing-spaces)

---

[error] 64-64: trailing spaces

(trailing-spaces)

---

[error] 67-67: trailing spaces

(trailing-spaces)

---

[error] 70-70: trailing spaces

(trailing-spaces)

---

[error] 73-73: trailing spaces

(trailing-spaces)

---

[warning] 78-78: too many blank lines (1 > 0)

(empty-lines)

[coderabbitai]

⚠️ Potential issue

액션이 코멘트를 남길 권한이 부족합니다 (+ 과도한 id-token 권한).

현재 pull-requests: read, issues: read로는 리뷰 코멘트/리뷰 제출이 불가합니다. 또한 id-token: write는 OIDC 토큰 발급 권한으로, 필요하지 않다면 제거가 권장됩니다(공급망/권한 최소화). 아래처럼 조정해 주세요.

     permissions:
       contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
+      pull-requests: write
+      issues: write
+      # id-token: write  # 필요 시에만 활성화

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write
	permissions:
	contents: read
	pull-requests: write
	issues: write
	# id-token: write # 필요 시에만 활성화

🧰 Tools

🪛 YAMLlint (1.37.1)

[error] 27-27: trailing spaces

(trailing-spaces)

🤖 Prompt for AI Agents

.github/workflows/claude-code-review.yml lines 22-27: the workflow currently has
only read permissions for pull-requests and issues (so it cannot post review
comments) and also requests id-token: write unnecessarily; change pull-requests
and issues to write so the action can post reviews/comments, remove id-token:
write if OIDC is not required, and keep contents: read (or adjust only the
minimal additional permissions needed).

[coderabbitai]

🛠️ Refactor suggestion

サプライチェーン 리스크: 액션 버전을 커밋 SHA 또는 고정 태그로 핀하세요.

anthropics/claude-code-action@beta는 가변 태그입니다. 보안/재현성을 위해 커밋 SHA(권장) 또는 안정 태그로 고정하세요.

-        uses: anthropics/claude-code-action@beta
+        uses: anthropics/claude-code-action@<pinned-commit-sha>
+# 또는 공개된 안정 태그(예: v1)가 있다면
+#       uses: anthropics/claude-code-action@v1

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: anthropics/claude-code-action@beta
	uses: anthropics/claude-code-action@<pinned-commit-sha>
	# 또는 공개된 안정 태그(예: v1)가 있다면
	# uses: anthropics/claude-code-action@v1

🤖 Prompt for AI Agents

.github/workflows/claude-code-review.yml line 36: the action is using a mutable
tag "anthropics/claude-code-action@beta", which is a supply-chain risk; update
the workflow to pin the action to a specific commit SHA or a stable, immutable
tag (commit SHA preferred) by replacing "@beta" with the chosen commit SHA (or
fixed release tag), and commit that exact value so the workflow references an
immutable version for reproducibility and security.

[coderabbitai]

⚠️ Potential issue

액션이 응답 코멘트를 남길 권한이 부족합니다.

현재 pull-requests: read, issues: read로는 코멘트/리뷰 작성이 불가합니다. actions: read는 유지, PR/이슈는 write로 상향이 필요합니다. id-token: write는 불필요 시 제거 권장.

     permissions:
       contents: read
-      pull-requests: read
-      issues: read
+      pull-requests: write
+      issues: write
       id-token: write
       actions: read # Required for Claude to read CI results on PRs

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write
	actions: read # Required for Claude to read CI results on PRs
	steps:
	permissions:
	contents: read
	pull-requests: write
	issues: write
	id-token: write
	actions: read # Required for Claude to read CI results on PRs
	steps:

🤖 Prompt for AI Agents

.github/workflows/claude.yml around lines 21 to 27: the workflow currently
grants only read on pull-requests and issues, which prevents the action from
posting comments; change pull-requests and issues from read to write so the
action can create PR/comments, keep actions: read, and if id-token: write is not
required remove it (or justify/retain if needed) to minimize permissions.

[coderabbitai]

🛠️ Refactor suggestion

액션 버전 고정으로 공급망 리스크 저감.

@beta 대신 커밋 SHA 또는 안정 태그로 핀ning을 권장합니다.

-        uses: anthropics/claude-code-action@beta
+        uses: anthropics/claude-code-action@<pinned-commit-sha>
+# 또는
+#       uses: anthropics/claude-code-action@v1

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: anthropics/claude-code-action@beta
	uses: anthropics/claude-code-action@<pinned-commit-sha>
	# 또는
	# uses: anthropics/claude-code-action@v1

🤖 Prompt for AI Agents

.github/workflows/claude.yml lines 35-35: the workflow uses the floating
reference "anthropics/claude-code-action@beta", which increases supply-chain
risk; replace it by pinning to a specific commit SHA or an immutable stable tag
(e.g., a released semver tag or the action's latest commit SHA) to ensure
reproducible runs; update the uses line to reference that SHA or stable tag and
add a brief comment noting why it was pinned.