Use reusable Claude Code workflow from test-infra#18525
Conversation
The hand-rolled claude-code.yml was failing because it only installed lintrunner but not lintrunner-adapters or the lintrunner requirements, causing `lintrunner init` to fail with "No module named lintrunner_adapters". Switch to the centralized reusable workflow from pytorch/test-infra which also provides additional features: ghstack PR detection, commit author attribution, and write-access verification. The lintrunner setup is passed via the setup_script input. Also drops the pull_request_review_comment trigger which the reusable workflow intentionally does not support for security reasons (PR branch code could be injected when a maintainer comments).
🔗 Helpful Links🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/18525
Note: Links to docs will display an error until the docs builds have been completed. ❌ 2 New Failures, 1 Pending, 2 Unrelated FailuresAs of commit 4300947 with merge base 59838fc ( NEW FAILURES - The following jobs have failed:
BROKEN TRUNK - The following jobs failed but were present on the merge base:👉 Rebase onto the `viable/strict` branch to avoid these failures
This comment was automatically generated by Dr. CI and updates every 15 minutes. |
meta-cla
Bot
added
the
CLA Signed
This PR needs a
|
There was a problem hiding this comment.
Pull request overview
Updates the repository’s Claude Code GitHub Actions workflow to use the centralized reusable workflow from pytorch/test-infra, aiming to fix the current lintrunner initialization failure and inherit standardized behavior (e.g., PR detection and access checks).
Changes:
- Replace the in-repo “hand-rolled” Claude Code workflow steps with a reusable workflow invocation (
pytorch/test-infra/.github/workflows/_claude-code.yml@main). - Provide a
setup_scriptto installlintrunner,lintrunner-adapters, andrequirements-lintrunner.txtbefore runninglintrunner init. - Remove the
pull_request_review_commenttrigger.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| claude-code: | ||
| # Early exit conditions (fast gate — avoids spinning up a runner for unauthorized users): | ||
| # 1. Must be pytorch org | ||
| # 2. Must mention @claude | ||
| # 3. Must be org member/collaborator OR an allowed bot | ||
| # Note: issue_comment and pull_request_review_comment share the same payload paths | ||
| if: | | ||
| github.repository_owner == 'pytorch' && | ||
| ( | ||
| (github.event_name != 'issues' && | ||
| contains(github.event.comment.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || | ||
| (github.event_name == 'issues' && | ||
| contains(github.event.issue.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)) | ||
| ) | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 60 | ||
| environment: bedrock | ||
| uses: pytorch/test-infra/.github/workflows/_claude-code.yml@main | ||
| with: | ||
| setup_script: | | ||
| pip install lintrunner==0.12.7 lintrunner-adapters==0.13.0 | ||
| pip install -r requirements-lintrunner.txt | ||
| lintrunner init |
There was a problem hiding this comment.
The previous workflow had a caller-side job if: gate (repo owner, @claude mention, and author_association) to avoid running for every new issue/issue_comment and to prevent unauthorized users from triggering a secrets-enabled job. With the reusable workflow call, that gate is gone, so this workflow will trigger on all issues: opened and issue_comment: created events unless the reusable workflow reintroduces an equivalent top-level guard.
Consider adding back a job-level if: in this caller (even if the reusable workflow also checks) to preserve the fast exit behavior and reduce both cost/noise and the blast radius if the called workflow’s checks ever regress.
| types: [opened] | ||
|
|
||
| jobs: | ||
| claude-code: |
There was a problem hiding this comment.
The previous job set environment: bedrock. That environment context is now removed in the caller. If that environment was relied on for protection rules (required reviewers) or for environment-scoped secrets/vars used by the Claude/BEDROCK setup, this change could either break the workflow or weaken the intended access controls.
If the reusable workflow supports specifying an environment, consider passing/setting it explicitly (or document why it’s no longer needed).
| claude-code: | |
| claude-code: | |
| environment: bedrock |
|
Thank you |
|
@ZainRizvi has imported this pull request. If you are a Meta employee, you can view this in D98337905. |
Summary
claude-code.ymlwas failing because it only installedlintrunnerbut notlintrunner-adaptersor the lintrunner requirements, causinglintrunner initto fail withNo module named lintrunner_adapterspytorch/test-infra(_claude-code.yml), passing lintrunner setup via thesetup_scriptinputpull_request_review_commenttrigger which the reusable workflow intentionally does not support for security reasonsExample of the failing job: https://github.com/pytorch/executorch/actions/runs/23601405262/job/68732162666
Test plan
usesreference resolves@claudeon a PR comment to confirm the job runs successfully