Add claude-review reusable workflow

[leighmcculloch]

What

Add .github/workflows/claude-review.yml as a reusable workflow that runs anthropics/claude-code-action to review pull requests. Callers should trigger on pull_request (recommended for safety); pull_request_target is supported but only for repos that strictly require reviewing fork-based contributions. The workflow accepts an optional prompt input (with a sensible default) and a required anthropic_api_key secret.

Why

Four stellar repos (rs-stellar-strkey, rs-soroban-sdk, stellar-cli, stellar-core) each maintain their own copy of the claude-review workflow. The stellar-core copy diverged with the more secure pull_request_target flow needed for fork PRs from org members. Centralizing here lets all repos share one hardened implementation and keeps the security model in one place, so future updates land in a single file instead of being copied across repos.

Example

Caller workflow:

name: Claude Review
on:
  pull_request:
    types: [ready_for_review, synchronize]

concurrency:
  group: claude-review-${{ github.event.pull_request.number }}
  cancel-in-progress: true

permissions: {}

jobs:
  review:
    uses: stellar/actions/.github/workflows/claude-review.yml@main
    secrets:
      anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

To override the default prompt:

jobs:
  review:
    uses: stellar/actions/.github/workflows/claude-review.yml@main
    with:
      prompt: |
        REPO: ${{ github.repository }}
        PR NUMBER: ${{ github.event.pull_request.number }}
        The PR's checked-out files are in the `pr-head/` subdirectory.
        ...custom instructions...
    secrets:
      anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

Security model

The reusable workflow supports both pull_request (recommended) and pull_request_target (use only for repos requiring fork-based contributions):

• With pull_request, fork PRs cannot be reviewed (GitHub strips secrets on this event); only same-repo PRs work. This is the safer default.
• With pull_request_target, fork PRs from org MEMBERs or the repo OWNER are reviewable because secrets are available and the workflow runs from the trusted base branch. This is the more dangerous "pwn request" trigger; the workflow's mitigations (author-association gate, pr-head/ isolation, minimal permissions) exist specifically to make this mode safe to use.
• An if: gate restricts execution to non-draft PRs that are same-repo or authored by MEMBER/OWNER. In pull_request_target mode this is a security boundary; in pull_request mode it just filters which PRs are reviewed.
• Trusted base ref is checked out at the workspace root (for pull_request_target); the PR head is checked out into isolated pr-head/, exposed to Claude via --add-dir pr-head. Repo-local config in the PR head (.git/config, .git/hooks, .npmrc, etc.) is not picked up by tools running at the workspace root.
• Workflow-level permissions: {} and minimal job-level permissions (contents: read, pull-requests: write, id-token: write).
• fetch-depth: 0 on both checkouts so the agent can use git log / git blame.

The full threat model and rationale are documented inline in the workflow's security note.

Upstream Changes in Support

• Use shared claude-review reusable workflow stellar-core#5270
• Use shared claude-review reusable workflow stellar-cli#2580
• Use shared claude-review reusable workflow rs-stellar-strkey#120
• Use shared claude-review reusable workflow rs-soroban-sdk#1874

[Copilot]

Pull request overview

Adds a new reusable workflow that runs anthropics/claude-code-action to review pull requests, centralizing a workflow that several Stellar repos currently maintain individually. The reusable workflow supports both pull_request (recommended) and pull_request_target (for repos that need to review fork contributions from org members), with an isolated pr-head/ checkout, an author-association gate, and minimal permissions to mitigate the "pwn request" risks of the latter trigger. Documentation and a README entry are added alongside.

Changes:

• New reusable workflow .github/workflows/claude-review.yml with extensive inline security/threat-model documentation, default review prompt, configurable input, required anthropic_api_key secret, and isolated PR-head checkout pattern.
• README updated with a new "Code Review" section and reference link for the new workflow.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/claude-review.yml	New reusable workflow that gates execution by author association, performs a trusted base + isolated PR-head checkout, then invokes claude-code-action with scoped tool allowlist and a default review prompt.
README.md	Adds a "Code Review" subsection and reference link entry pointing to the new workflow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 06a935098b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Pin base checkout to PR base ref

This checkout relies on the default GITHUB_REF, but for pull_request_target runs GitHub now resolves that ref to the repository’s default branch (since the December 8, 2025 behavior change), not the PR’s base branch. In repos that open PRs against non-default branches (e.g., release branches), Claude will review against the wrong baseline and can produce incorrect diffs/blame/comments. Set an explicit base ref/sha (for example github.event.pull_request.base.sha) for the workspace-root checkout so the review context matches the actual target branch.

Useful? React with 👍 / 👎.