Add Claude Code GitHub Workflow

[leogdion]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

---

Perform an AI-assisted review on

Summary by CodeRabbit

• Chores
  • Added automated code-review workflow that runs on PR open/update to evaluate quality, bugs, performance, security, and test coverage and posts findings as PR comments.
  • Added on-demand code analysis triggered by mentioning Claude in comments, reviews, or issues to request targeted feedback.
  • Updated CI build matrices: removed legacy Xcode/macos entries and refreshed macOS/iOS/watchOS/TVOS/visionOS matrix and Swift toolchain/container versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds two new Claude-triggered GitHub Actions workflows and updates an existing CI workflow to remove legacy Xcode entries, change macOS runners, and update Swift container images in the build matrix.

Changes

Cohort / File(s)	Summary
Automated PR review workflow ​.github/workflows/claude-code-review.yml	New workflow triggered on pull_request (opened, synchronize); checks out repo, sets permissions (contents, pull-requests, issues, id-token) and runs a Claude Code Review action using a secret token, passing a prompt and optional claude_args.
Mention-triggered Claude workflow ​.github/workflows/claude.yml	New workflow triggered on issue_comment, pull_request_review_comment, issues, and pull_request_review; conditionally runs when @claude is mentioned, checks out repo, sets permissions (contents, pull-requests, issues, id-token, actions), and invokes anthropics/claude-code-action@v1 with a Claude OAuth token.
CI matrix & Swift container updates ​.github/workflows/syndikit.yml	Updates CI matrices: removes Xcode 14.3.1 / macos-13 entries across macOS/iOS/watchOS matrices, adjusts macOS runners to macos-14/macOS-15 where applicable, removes/Comments deprecated watchOS blocks, and updates container images (adds swift:6.2, adjusts nightly tags).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Validate GitHub Actions permission scopes and secret usage in claude.yml and claude-code-review.yml.
• Check mention-detection conditionals and comment parsing in claude.yml.
• Confirm matrix/runner and Swift container image changes in syndikit.yml match supported Xcode/toolchain targets.

Possibly related PRs

• v.0.6.0 #85 — Modifies .github/workflows/syndikit.yml build matrix and Swift container images; likely overlaps CI matrix updates here.

Poem

🐰 I hopped through YAML, tail a-fluff,
I nudged old Xcodes off the bluff,
I summoned Claude with tokens bright,
Reviews and CI set just right —
🥕 A tiny hop, a big delight.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add Claude Code GitHub Workflow' directly matches the PR's main objective of adding a GitHub Actions workflow for Claude Code integration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-claude-github-actions-1766348559897

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.75%. Comparing base (038591d) to head (9da43a6).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #90   +/-   ##
=======================================
  Coverage   76.75%   76.75%           
=======================================
  Files          74       74           
  Lines        1493     1493           
=======================================
  Hits         1146     1146           
  Misses        347      347           

Flag	Coverage Δ
spm	76.02% <ø> (ø)
swift-	76.75% <ø> (ø)
ubuntu	76.75% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

.github/workflows/claude-code-review.yml (1)

28-32: Consider deeper fetch depth for comprehensive review context.

The fetch-depth: 1 creates a shallow clone, which is efficient but may limit Claude's ability to access commit history and broader context. For automated code review, consider increasing to fetch-depth: 0 or a specific number (e.g., 10) to provide more context.

🔎 Alternative configuration

       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 1
+          fetch-depth: 0  # or a specific number like 10

.github/workflows/claude.yml (2)

27-31: Consider fetch depth based on Claude's expected tasks.

The shallow clone (fetch-depth: 1) is efficient but may limit Claude's access to repository history. If users frequently ask Claude to analyze historical changes or review commit patterns, consider increasing the fetch depth.

---

33-49: Remove redundant additional_permissions configuration.

The actions: read permission specified in lines 40-41 is already granted at the job level (line 26). Since the action inherits the job's permissions via GITHUB_TOKEN, the additional_permissions block is redundant. If you want to document that this action reads CI results, consider adding a comment instead.

The commented examples for prompt and claude_args are helpful for future customization.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 038591d and 4461d88.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml (1 hunks)
• .github/workflows/claude.yml (1 hunks)

🔇 Additional comments (2)

.github/workflows/claude-code-review.yml (1)

1-11: LGTM! Appropriate trigger configuration.

The workflow triggers on pull request events (opened and synchronize), ensuring Claude reviews both new PRs and subsequent commits. The commented path filter examples provide useful guidance for future customization.

.github/workflows/claude.yml (1)

1-11: LGTM! Comprehensive trigger configuration.

The workflow covers all relevant contexts where @claude can be mentioned: issue comments, PR review comments, new issues, and PR reviews. The event types are appropriate for enabling mention-based Claude interaction.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if CLAUDE.md exists
fd -type f 'CLAUDE\.md$'

# Look for any documentation about the token secret
find . -type f \( -name "*.md" -o -name "*.yml" -o -name "*.yaml" \) | xargs grep -l "CLAUDE_CODE_OAUTH_TOKEN" 2>/dev/null | head -20

Repository: brightdigit/SyndiKit

Length of output: 325

---

🏁 Script executed:

#!/bin/bash
# Corrected fd command to search for CLAUDE.md (using -t for type)
fd -t f 'CLAUDE' .

# Also check for .claude directory
ls -la .claude 2>/dev/null || echo "No .claude directory found"

# Search for any documentation about the secret
find . -type f \( -name "*.md" \) | xargs grep -l "CLAUDE_CODE_OAUTH_TOKEN" 2>/dev/null

Repository: brightdigit/SyndiKit

Length of output: 92

---

🏁 Script executed:

#!/bin/bash
# Simple check for CLAUDE.md in repository root
ls -la CLAUDE.md 2>/dev/null || echo "CLAUDE.md not found in root"

# Check if it exists anywhere in the repo
find . -name "CLAUDE.md" -type f 2>/dev/null

# Check for any setup documentation
find . -maxdepth 2 -name "*.md" -type f | head -20

# Check the workflow files to understand what they expect
cat .github/workflows/claude-code-review.yml | head -70

Repository: brightdigit/SyndiKit

Length of output: 2055

---

🏁 Script executed:

#!/bin/bash
# Check README for any setup instructions
cat README.md

# Check for any other documentation files
find . -maxdepth 2 -name "*.md" -type f

# Look for any GitHub-specific docs
ls -la .github/

Repository: brightdigit/SyndiKit

Length of output: 10690

---

Create CLAUDE.md file and document the CLAUDE_CODE_OAUTH_TOKEN secret setup.

The workflow references a CLAUDE.md file for style and convention guidance (line 50), but this file does not exist in the repository. Create a CLAUDE.md file at the repository root with appropriate coding standards and guidelines for the SyndiKit project.

Additionally, document in the README.md or a CONTRIBUTING.md guide how to configure the CLAUDE_CODE_OAUTH_TOKEN secret in the repository's GitHub Actions settings before this workflow can run.

🤖 Prompt for AI Agents

.github/workflows/claude-code-review.yml lines 34-56: add a CLAUDE.md at the
repository root containing the project's coding standards, style conventions,
review expectations and how Claude should use them (brief sections on linting,
formatting, test expectations, security checks, and preferred PR feedback tone),
and update README.md or CONTRIBUTING.md to include exact steps to configure the
CLAUDE_CODE_OAUTH_TOKEN secret (where to generate the token, the required name
CLAUDE_CODE_OAUTH_TOKEN, and how to add it under Settings → Secrets → Actions
for the repo) so the workflow can run.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/claude.yml (1)

40-41: Consider removing redundant additional_permissions block.

The actions: read permission is already granted in the job-level permissions block (line 26). Unless the additional_permissions parameter serves a distinct purpose within the Claude Code action itself, this configuration is redundant.

🔎 Proposed simplification

-          # This is an optional setting that allows Claude to read CI results on PRs
-          additional_permissions: |
-            actions: read
-

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4461d88 and 1d4d3a4.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml (1 hunks)
• .github/workflows/claude.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/claude-code-review.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build on Ubuntu (swiftlang/swift:nightly-6.2-noble)

🔇 Additional comments (4)

.github/workflows/claude.yml (4)

3-19: LGTM - Trigger events and conditional logic are well-structured.

The workflow appropriately triggers on comment and review events, and the conditional ensures the job only runs when @claude is explicitly mentioned. The broad triggers with specific conditionals prevent unnecessary runs while ensuring Claude responds when summoned.

---

21-26: Previous permission issue resolved.

The write permissions for pull-requests and issues have been correctly added, allowing Claude to post comments on PRs and issues as intended.

---

28-31: LGTM - Shallow clone is appropriate.

Using fetch-depth: 1 is suitable for this workflow's purpose of responding to @claude mentions, as it reduces checkout time without sacrificing functionality for the comment-driven interaction model.

---

15-19: The workflow's permission enforcement is handled by the Claude Code action, not just the @claude mention check.

The conditional checks for @claude mentions, but the anthropics/claude-code-action internally validates that github.actor has write access to the repository. This write permission check is the action's primary security mechanism and can only be bypassed using the allowed_non_write_users parameter with extreme caution. Read-only users cannot trigger Claude runs by default.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/syndikit.yml (1)

100-105: Remove commented-out code or add a TODO explaining why it's disabled.

Commented-out configuration entries add clutter without value. If this Xcode 15.1 watchOS configuration is no longer needed, remove it entirely. If temporarily disabled, add a comment explaining the reason.

🔎 Proposed removal

-          # watchOS Build Matrix - Xcode 15.1
-          # - type: watchos
-          #   runs-on: macos-14
-          #   xcode: "/Applications/Xcode_15.1.app"
-          #   deviceName: "Apple Watch Ultra (49mm)"
-          #   osVersion: "10.2"
-

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce39c44 and 9da43a6.

📒 Files selected for processing (1)

• .github/workflows/syndikit.yml (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Build on macOS (ios, macos-15, /Applications/Xcode_16.4.app, iPhone 16 Pro, 18.4)
• GitHub Check: Build on macOS (visionos, macos-15, /Applications/Xcode_16.4.app, Apple Vision Pro, 2.4)
• GitHub Check: Build on macOS (watchos, macos-14, /Applications/Xcode_15.4.app, Apple Watch Series 9 (41mm), 10.5)
• GitHub Check: Build on macOS (watchos, macos-14, /Applications/Xcode_15.0.1.app, Apple Watch Series 9 (41mm), 1...
• GitHub Check: Build on macOS (ios, macos-14, /Applications/Xcode_15.4.app, iPhone 15 Pro, 17.5)
• GitHub Check: Build on Ubuntu (swiftlang/swift:nightly-6.2-noble)

🔇 Additional comments (2)

.github/workflows/syndikit.yml (2)

50-52: Runner migration to macos-14 for Xcode 15.0.1 is appropriate.

The macos-13 runner images began deprecation in September 2024 and are fully unsupported as of December. Xcode 15.0.1 is available on macos-14, so the updates to lines 51, 74, and 95 are compatible and necessary.

---

194-199: Verify container image availability before merging.

The swift:6.2 image is available on Docker Hub, making it a suitable choice for testing against the latest stable Swift version. However, the swiftlang/swift:nightly-6.3-noble image should be verified to exist before the workflow is deployed, as nightly builds for Swift development versions may not have stable documentation.