Add Claude Code GitHub Workflow#4988
Conversation
|
Caution Review failedThe pull request is closed. 📝 WalkthroughWalkthroughTwo new GitHub Actions workflows are introduced to integrate Claude AI-assisted code analysis into the repository. The workflows trigger on pull request and issue events, executing the Claude Code action with OAuth authentication and configurable permissions for repository access. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Poem
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
* "Claude PR Assistant workflow" * "Claude Code Review workflow"
There was a problem hiding this comment.
Pull request overview
This PR adds GitHub Actions workflows to enable Claude Code integration in the Wails repository. Claude Code is an AI coding agent that can assist with various development tasks through @claude mentions in PRs and issues. The PR adds two workflows: one for interactive Claude mentions and another for automated code reviews on pull requests.
Changes:
- Added
.github/workflows/claude.ymlfor interactive Claude mentions in issues, PRs, and comments - Added
.github/workflows/claude-code-review.ymlfor automated code reviews on all pull requests - Configured workflows to use the
CLAUDE_CODE_OAUTH_TOKENsecret for authentication
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 10 comments.
| File | Description |
|---|---|
.github/workflows/claude.yml |
Interactive workflow triggered by @claude mentions in comments, reviews, or issue creation/assignment |
.github/workflows/claude-code-review.yml |
Automated code review workflow triggered on PR open/sync/reopen events using Claude's code-review plugin |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| on: | ||
| pull_request: | ||
| types: [opened, synchronize, ready_for_review, reopened] |
There was a problem hiding this comment.
This workflow will trigger for every PR including this one, which could cause it to run immediately after merging. Since the PR description states "@claude mentions won't work until after the merge is complete," it would be better to either:
- Add a condition to skip running on PRs that modify workflow files
- Add an
ifcondition to exclude the initial PR (e.g., checking labels or PR title) - Keep the workflow commented out initially and enable it in a follow-up PR
This prevents the automated review from running on its own setup PR and consuming unnecessary CI resources.
| types: [opened, synchronize, ready_for_review, reopened] | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| paths-ignore: | |
| - ".github/workflows/**" |
| # - "src/**/*.ts" | ||
| # - "src/**/*.tsx" | ||
| # - "src/**/*.js" | ||
| # - "src/**/*.jsx" |
There was a problem hiding this comment.
The commented path filters reference "src//*.ts", "src//.tsx", "src/**/.js", and "src//*.jsx", but this repository doesn't have a "src/" directory at the root level. The repository structure uses "v2/" and "v3/" directories for different versions. If path filtering is needed, update these to match the actual repository structure, such as "v2//.go", "v3/**/.go", etc.
| # - "src/**/*.ts" | |
| # - "src/**/*.tsx" | |
| # - "src/**/*.js" | |
| # - "src/**/*.jsx" | |
| # - "v2/**/*.go" | |
| # - "v3/**/*.go" | |
| # - "v2/**" | |
| # - "v3/**" |
| issues: | ||
| types: [opened, assigned] |
There was a problem hiding this comment.
The workflow triggers on issues: [opened, assigned] which means it will run when an issue is opened or assigned, even if no @claude mention is present. The condition check on line 19 filters for @claude mentions, but the workflow will still be queued and consume resources before being skipped. Consider removing the issues trigger types from line 8-9 to only trigger on actual comments where @claude is mentioned, or ensure this behavior is intentional.
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options | ||
| # claude_args: '--allowed-tools Bash(gh pr:*)' | ||
|
|
There was a problem hiding this comment.
There's an extra blank line at the end of the file. While this doesn't affect functionality, it's inconsistent with typical YAML formatting conventions.
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' | ||
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options | ||
|
|
There was a problem hiding this comment.
There's an extra blank line at the end of the file. While this doesn't affect functionality, it's inconsistent with typical YAML formatting conventions.
| contents: read | ||
| pull-requests: read | ||
| issues: read |
There was a problem hiding this comment.
The permissions are set to read-only, but according to the PR description, Claude should be able to "create comments, branches, and commits." To enable Claude to perform these actions, the workflow needs write permissions. Consider adding:
pull-requests: write(for creating PR comments)issues: write(for creating issue comments)contents: write(for creating branches and commits)
Without these write permissions, Claude will only be able to read the repository but won't be able to execute actions or respond with comments.
| contents: read | |
| pull-requests: read | |
| issues: read | |
| contents: write | |
| pull-requests: write | |
| issues: write |
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
The permissions are set to read-only, but the claude-code-review workflow needs to post review comments on pull requests. Add pull-requests: write permission to enable Claude to create review comments with its findings.
| pull-requests: read | |
| pull-requests: write |
| # This is an optional setting that allows Claude to read CI results on PRs | ||
| additional_permissions: | | ||
| actions: read | ||
|
|
There was a problem hiding this comment.
The additional_permissions parameter duplicates the actions: read permission that's already declared at the job level (line 26). This duplication is unnecessary and could lead to confusion. Remove either the job-level permission or the additional_permissions configuration.
| # This is an optional setting that allows Claude to read CI results on PRs | |
| additional_permissions: | | |
| actions: read |
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | ||
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) |
There was a problem hiding this comment.
The workflow can be triggered by any user who can create comments on issues or PRs, including external contributors on public repositories. The PR description claims "Only users with write access to the repository can trigger the workflow," but there's no access control check in the workflow. While GitHub Actions provides some protection through permission scoping, consider adding an explicit check to verify the user has write access before executing Claude:
if: |
github.event_name != 'issue_comment' ||
github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'COLLABORATOR'This prevents unauthorized users from consuming API quota or triggering potentially expensive operations.
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | |
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) | |
| ( | |
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | |
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) | |
| ) && ( | |
| github.event_name != 'issue_comment' || | |
| github.event.comment.author_association == 'OWNER' || | |
| github.event.comment.author_association == 'MEMBER' || | |
| github.event.comment.author_association == 'COLLABORATOR' | |
| ) && ( | |
| github.event_name != 'pull_request_review_comment' || | |
| github.event.comment.author_association == 'OWNER' || | |
| github.event.comment.author_association == 'MEMBER' || | |
| github.event.comment.author_association == 'COLLABORATOR' | |
| ) && ( | |
| github.event_name != 'pull_request_review' || | |
| github.event.review.author_association == 'OWNER' || | |
| github.event.review.author_association == 'MEMBER' || | |
| github.event.review.author_association == 'COLLABORATOR' | |
| ) && ( | |
| github.event_name != 'issues' || | |
| github.event.issue.author_association == 'OWNER' || | |
| github.event.issue.author_association == 'MEMBER' || | |
| github.event.issue.author_association == 'COLLABORATOR' | |
| ) |
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: |
There was a problem hiding this comment.
When the workflow is triggered by an issue_comment event on a regular issue (not a PR), the checkout will fetch the default branch code, not the PR code. This could lead to Claude operating on the wrong codebase context when mentioned in issue comments that reference PRs. Consider adding logic to detect if the comment is on a PR and checkout the PR branch accordingly, or document that @claude mentions on issues will work with the default branch context.
| with: | |
| with: | |
| # Note: For `issue_comment` events on regular issues (not PRs), this will check out the default branch. | |
| # @claude mentions in such issues therefore operate on the default branch codebase, even if the comment references a PR. |
* "Claude PR Assistant workflow" * "Claude Code Review workflow"
🤖 Installing Claude Code GitHub App
This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.
What is Claude Code?
Claude Code is an AI coding agent that can help with:
How it works
Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.
Important Notes
Security
There's more information in the Claude Code action repo.
After merging this PR, let's try mentioning @claude in a comment on any PR to get started!
Summary by CodeRabbit