From 84942ca5ea2030bf3b3ce156a93f9aa8a353dcd2 Mon Sep 17 00:00:00 2001 From: Zain Rizvi Date: Fri, 6 Mar 2026 14:38:34 -0600 Subject: [PATCH 1/2] Use reusable Claude Code workflow from test-infra Replace the inline workflow with the centralized reusable workflow. Passes lintrunner install via setup_script input. --- .github/workflows/claude-code.yml | 90 +++++-------------------------- 1 file changed, 12 insertions(+), 78 deletions(-) diff --git a/.github/workflows/claude-code.yml b/.github/workflows/claude-code.yml index fd40ea7f3d..fde451faa1 100644 --- a/.github/workflows/claude-code.yml +++ b/.github/workflows/claude-code.yml @@ -3,86 +3,20 @@ name: Claude Code on: issue_comment: types: [created] - pull_request_review_comment: - types: [created] issues: types: [opened] +permissions: + contents: read + pull-requests: write + issues: write + id-token: write + jobs: claude-code: - # Early exit conditions: - # 1. Must be pytorch org - # 2. Must be triggered by pilot user - # 3. Must mention @claude - if: | - github.repository_owner == 'pytorch' && - contains(fromJSON('[ - "huydhn", - "seemethere", - "malfet", - "ZainRizvi", - "jeanschmidt", - "atalman", - "wdvr", - "izaitsevfb", - "yangw-dev", - "ezyang", - "drisspg", - "albanD", - "eellison", - "pytorch-auto-revert[bot]", - "janeyx99", - "SherlockNoMad", - "svekars", - "sekyondaMeta", - "AlannaBurke", - "ngimel" - ]'), github.actor) && - ( - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'issues' && contains(github.event.issue.body, '@claude')) - ) - runs-on: ubuntu-latest - timeout-minutes: 60 - environment: bedrock - permissions: - contents: read - pull-requests: write - issues: write - id-token: write - steps: - # Fork PR support enabled by using izaitsevfb/claude-code-action@forked-pr-fix - - - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install lintrunner - run: | - pip install lintrunner==0.12.5 - lintrunner init - - - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_claude_code - aws-region: us-east-1 - - - name: Run Claude Code - uses: izaitsevfb/claude-code-action@forked-pr-fix - with: - # We filter by github.actor at workflow level, there is no point of filtering here as well - allowed_bots: "*" - claude_args: "--model global.anthropic.claude-opus-4-6-v1" - settings: '{"alwaysThinkingEnabled": true}' - use_bedrock: "true" - - - name: Upload usage metrics - if: always() - uses: pytorch/test-infra/.github/actions/upload-claude-usage@main + uses: pytorch/test-infra/.github/workflows/_claude-code.yml@main + secrets: inherit + with: + setup_script: | + pip install lintrunner==0.12.5 + lintrunner init From bfb4f636ad2bb64797627c315ba660f0cb65a471 Mon Sep 17 00:00:00 2001 From: Zain Rizvi Date: Fri, 6 Mar 2026 15:04:17 -0600 Subject: [PATCH 2/2] Use job-level permissions for reusable workflow --- .github/workflows/claude-code.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/claude-code.yml b/.github/workflows/claude-code.yml index fde451faa1..eec7fdc459 100644 --- a/.github/workflows/claude-code.yml +++ b/.github/workflows/claude-code.yml @@ -6,15 +6,14 @@ on: issues: types: [opened] -permissions: - contents: read - pull-requests: write - issues: write - id-token: write - jobs: claude-code: uses: pytorch/test-infra/.github/workflows/_claude-code.yml@main + permissions: + contents: read + pull-requests: write + issues: write + id-token: write secrets: inherit with: setup_script: |