Skip to content

fix(ci): grant id-token write to claude workflows#130

Merged
Oddly merged 1 commit intomainfrom
fix/claude-workflow-oidc
Apr 13, 2026
Merged

fix(ci): grant id-token write to claude workflows#130
Oddly merged 1 commit intomainfrom
fix/claude-workflow-oidc

Conversation

@Oddly
Copy link
Copy Markdown
Owner

@Oddly Oddly commented Apr 13, 2026
edited by coderabbitai Bot
Loading

anthropics/claude-code-action@v1 requests a GitHub OIDC token to authenticate to Anthropic, so the workflow needs id-token: write even when we also pass claude_code_oauth_token. Without the permission the triage step aborts with "Could not fetch an OIDC token" before Claude runs. I only spotted this after an earlier unzip-missing failure on the runner host masked it — fixing that exposed the next layer.

Surfaced while investigating why issue #129 did not get a triage comment despite the maintainer-open gate firing.

Summary by CodeRabbit

  • Chores
    • Updated internal workflow permissions to support enhanced security and deployment capabilities.

Note: This release contains infrastructure updates with no direct impact on user-facing features or functionality.

@Oddly
fix(ci): grant id-token write to claude workflows
5d80cfb 
anthropics/claude-code-action@v1 requests a GitHub OIDC token to authenticate
to Anthropic, so the workflow needs id-token: write even when we also pass
claude_code_oauth_token. Without the permission the triage step aborts with
"Could not fetch an OIDC token" before Claude runs, which I only noticed after
fixing the earlier unzip-missing failure on the runner host exposed this next
layer of the onion.
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 13, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2851a202-5ae1-4263-a227-b29d8cb88d4e

📥 Commits

Reviewing files that changed from the base of the PR and between 3bef767 and 5d80cfb.

📒 Files selected for processing (2)
  • .github/workflows/claude-triage.yaml
  • .github/workflows/claude.yaml
📝 Walkthrough

Walkthrough

Two GitHub workflow files are updated to add id-token: write permission, enabling OIDC token issuance for the anthropics/claude-code-action step. No other workflow logic, triggers, or control flow are modified.

Changes

Cohort / File(s) Summary
OIDC Token Permission Updates
.github/workflows/claude-triage.yaml, .github/workflows/claude.yaml		 Added id-token: write permission to job-level permissions to enable OIDC token issuance for anthropics/claude-code-action.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: adding id-token write permissions to Claude CI workflows to fix OIDC authentication failures.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/claude-workflow-oidc

Comment @coderabbitai help to get the list of available commands and usage tips.

@Oddly Oddly merged commit e5e17b5 into main Apr 13, 2026
11 checks passed
@Oddly Oddly deleted the fix/claude-workflow-oidc branch April 13, 2026 09:07
This was referenced Apr 13, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Oddly