-
Notifications
You must be signed in to change notification settings - Fork 1k
Use reusable Claude Code workflow from test-infra #18525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,68 +3,20 @@ name: Claude Code | |
| on: | ||
| issue_comment: | ||
| types: [created] | ||
| pull_request_review_comment: | ||
| types: [created] | ||
| issues: | ||
| types: [opened] | ||
|
|
||
| jobs: | ||
| claude-code: | ||
| # Early exit conditions (fast gate — avoids spinning up a runner for unauthorized users): | ||
| # 1. Must be pytorch org | ||
| # 2. Must mention @claude | ||
| # 3. Must be org member/collaborator OR an allowed bot | ||
| # Note: issue_comment and pull_request_review_comment share the same payload paths | ||
| if: | | ||
| github.repository_owner == 'pytorch' && | ||
| ( | ||
| (github.event_name != 'issues' && | ||
| contains(github.event.comment.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || | ||
| (github.event_name == 'issues' && | ||
| contains(github.event.issue.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)) | ||
| ) | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 60 | ||
| environment: bedrock | ||
| uses: pytorch/test-infra/.github/workflows/_claude-code.yml@main | ||
| with: | ||
| setup_script: | | ||
| pip install lintrunner==0.12.7 lintrunner-adapters==0.13.0 | ||
| pip install -r requirements-lintrunner.txt | ||
| lintrunner init | ||
|
Comment on lines
10
to
+16
|
||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| issues: write | ||
| id-token: write | ||
| steps: | ||
| # Fork PR support enabled by using izaitsevfb/claude-code-action@forked-pr-fix | ||
|
|
||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: '3.12' | ||
|
|
||
| - name: Install lintrunner | ||
| run: | | ||
| pip install lintrunner==0.12.5 | ||
| lintrunner init | ||
|
|
||
| - name: Configure AWS credentials via OIDC | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_claude_code | ||
| aws-region: us-east-1 | ||
|
|
||
| - name: Run Claude Code | ||
| uses: izaitsevfb/claude-code-action@forked-pr-fix | ||
| with: | ||
| # We filter by github.actor at workflow level, there is no point of filtering here as well | ||
| allowed_bots: "*" | ||
| claude_args: "--model global.anthropic.claude-opus-4-6-v1" | ||
| settings: '{"alwaysThinkingEnabled": true}' | ||
| use_bedrock: "true" | ||
|
|
||
| - name: Upload usage metrics | ||
| if: always() | ||
| uses: pytorch/test-infra/.github/actions/upload-claude-usage@main | ||
| secrets: inherit | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The previous job set
environment: bedrock. That environment context is now removed in the caller. If that environment was relied on for protection rules (required reviewers) or for environment-scoped secrets/vars used by the Claude/BEDROCK setup, this change could either break the workflow or weaken the intended access controls.If the reusable workflow supports specifying an environment, consider passing/setting it explicitly (or document why it’s no longer needed).