@@ -33,33 +33,16 @@ jobs:
3333 claude-review-with-tracking :
3434 runs-on : ubuntu-latest
3535
36- # Only run for trusted authors or when explicitly mentioned by them
36+ # Run on PRs or when explicitly triggered via comments
3737 if : |
38- (
39- github.event_name == 'pull_request_target' &&
40- (
41- github.event.pull_request.author_association == 'OWNER' ||
42- github.event.pull_request.author_association == 'MEMBER' ||
43- github.event.pull_request.author_association == 'COLLABORATOR'
44- )
45- ) ||
38+ github.event_name == 'pull_request_target' ||
4639 (
4740 (github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment') &&
48- contains(github.event.comment.body, '@claude') &&
49- (
50- github.event.comment.author_association == 'OWNER' ||
51- github.event.comment.author_association == 'MEMBER' ||
52- github.event.comment.author_association == 'COLLABORATOR'
53- )
41+ contains(github.event.comment.body, '@claude')
5442 ) ||
5543 (
5644 github.event_name == 'pull_request_review' &&
57- contains(github.event.review.body, '@claude') &&
58- (
59- github.event.review.author_association == 'OWNER' ||
60- github.event.review.author_association == 'MEMBER' ||
61- github.event.review.author_association == 'COLLABORATOR'
62- )
45+ contains(github.event.review.body, '@claude')
6346 )
6447
6548steps :
@@ -71,15 +54,35 @@ jobs:
7154 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
7255 run : |
7356 PR_NUMBER=${{ github.event.issue.number }}
74- echo "Resolving HEAD SHA for PR #$PR_NUMBER..."
75- PR_SHA=$(gh pr view $PR_NUMBER --repo ${{ github.repository }} --json headRefOid -q .headRefOid)
57+ echo "Resolving HEAD SHA and Repo for PR #$PR_NUMBER..."
58+
59+ # Get SHA and Repo Name using gh
60+ # Note: Using awk implies fields are space-separated and don't contain spaces themselves,
61+ # which is safe for git SHAs and "owner/repo" strings.
62+ # We use a conditional template to handle cases where the head repository (fork) might be deleted/null.
63+ RESOLVED=$(gh pr view $PR_NUMBER --repo ${{ github.repository }} --json headRefOid,headRepository --template '{{.headRefOid}} {{if .headRepository}}{{.headRepository.owner.login}}/{{.headRepository.name}}{{else}}MISSING{{end}}')
64+
65+ PR_SHA=$(echo "$RESOLVED" | awk '{print $1}')
66+ PR_REPO=$(echo "$RESOLVED" | awk '{print $2}')
67+
7668 echo "Resolved SHA: $PR_SHA"
69+ echo "Resolved Repo: $PR_REPO"
70+
71+ # Check for valid repository format (owner/repo)
72+ if [ "$PR_REPO" = "MISSING" ] || [[ "$PR_REPO" != *"/"* ]]; then
73+ echo "Warning: Could not resolve source repository (fork might be deleted). Falling back to base repository."
74+ PR_REPO="${{ github.repository }}"
75+ fi
76+
7777 echo "pr_sha=$PR_SHA" >> $GITHUB_OUTPUT
78+ echo "pr_repo=$PR_REPO" >> $GITHUB_OUTPUT
7879
7980# Checkout the repository at the appropriate commit for review
8081 - name : Checkout repository
8182 uses : actions/checkout@v6
8283 with :
84+ # Checkout the PR source repository (fork) to ensure branches exist for the action
85+ repository : ${{ steps.resolve-pr-ref.outputs.pr_repo || github.event.pull_request.head.repo.full_name || github.repository }}
8386 # Use PR head SHA for pull_request_target to review the actual PR code
8487 # For comment events, this will default to the base branch (PR context is inferred by Claude action)
8588 ref : ${{ steps.resolve-pr-ref.outputs.pr_sha || github.event.pull_request.head.sha || github.sha }}
@@ -105,6 +108,7 @@ jobs:
105108 with :
106109 anthropic_api_key : ${{ secrets.ANTHROPIC_API_KEY }}
107110 github_token : ${{ secrets.GITHUB_TOKEN }}
111+ allowed_non_write_users : " *"
108112
109113 # Enable progress tracking and show full Claude output in logs
110114 track_progress : true
@@ -145,4 +149,4 @@ jobs:
145149
146150# Restrict tools that Claude can use during the review
147151 claude_args : |
148- --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*) ,Bash(gh pr diff:*),Bash(gh pr view:* )"
152+ --allowedTools "mcp__github__,mcp__github_inline_comment__ ,Bash(gh)"
0 commit comments