Add Claude Code GitHub Workflow#6
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds GitHub Actions workflows to integrate Claude Code, an AI coding agent, into the repository. The integration provides both interactive assistance (via @claude mentions) and automated code reviews on pull requests.
Key changes:
- Interactive Claude workflow triggered by @claude mentions in comments
- Automated code review workflow that runs on PR open/sync events
- Configuration for OAuth authentication using repository secrets
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
.github/workflows/claude.yml |
Adds interactive Claude workflow triggered by @claude mentions in issues and PR comments |
.github/workflows/claude-code-review.yml |
Adds automated code review workflow that runs on pull request events with custom review prompt |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| contents: read | ||
| pull-requests: read | ||
| issues: read |
There was a problem hiding this comment.
The workflow has read-only permissions for contents, pull-requests, and issues, but Claude Code likely needs write permissions to create comments, branches, and commits as mentioned in the PR description. Without write permissions, Claude won't be able to perform many of its core functions like responding to comments or making code changes.
| contents: read | |
| pull-requests: read | |
| issues: read | |
| contents: write | |
| pull-requests: write | |
| issues: write |
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
The workflow has read-only permissions for contents, pull-requests, and issues, but the code review workflow needs write permissions to post review comments on the PR. The prompt on line 52 explicitly instructs Claude to "use gh pr comment" which requires write access to pull-requests.
| pull-requests: read | |
| pull-requests: write |
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 |
There was a problem hiding this comment.
The fetch-depth setting is set to 1, which only fetches the latest commit. For a code review workflow that needs to analyze PR diffs and changes, this may be insufficient. Consider using fetch-depth: 0 to fetch the full git history, or at minimum fetch-depth: 2 to include the base commit for comparison.
| fetch-depth: 1 | |
| fetch-depth: 0 |
|
|
||
| # Optional: Add claude_args to customize behavior and configuration | ||
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options |
There was a problem hiding this comment.
The documentation comment references 'code.claude.com/docs/en/cli-reference' but the actual URL structure should be verified. The link format appears inconsistent with the other documentation reference on line 54 which uses 'github.com/anthropics/claude-code-action'. Consider verifying this URL is correct or updating it to match the actual documentation location.
| # or https://code.claude.com/docs/en/cli-reference for available options | |
| # or https://code.anthropic.com/claude/docs/cli-reference for available options |
| Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | ||
|
|
||
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options |
There was a problem hiding this comment.
The documentation comment references 'code.claude.com/docs/en/cli-reference' but the actual URL structure should be verified. The link format appears inconsistent with the other documentation reference on line 54 which uses 'github.com/anthropics/claude-code-action'. Consider verifying this URL is correct or updating it to match the actual documentation location.
| # or https://code.claude.com/docs/en/cli-reference for available options | |
| # or https://github.com/anthropics/claude-code-action/blob/main/docs/cli-reference.md for available options |
| issues: | ||
| types: [opened, assigned] |
There was a problem hiding this comment.
The workflow triggers on 'issues' events with types 'opened' and 'assigned', which means any user who can create an issue can trigger this workflow. Since there's no restriction on who can trigger this (no write access requirement), this could allow external users to consume API quota or potentially abuse the Claude integration. Consider adding a permission check or removing the 'issues' trigger to limit activation to only pull request contexts where access control is better managed.
* "Claude PR Assistant workflow" * "Claude Code Review workflow"
🤖 Installing Claude Code GitHub App
This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.
What is Claude Code?
Claude Code is an AI coding agent that can help with:
How it works
Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.
Important Notes
Security
There's more information in the Claude Code action repo.
After merging this PR, let's try mentioning @claude in a comment on any PR to get started!