Add claude-review reusable workflow#103
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new reusable workflow that runs anthropics/claude-code-action to review pull requests, centralizing a workflow that several Stellar repos currently maintain individually. The reusable workflow supports both pull_request (recommended) and pull_request_target (for repos that need to review fork contributions from org members), with an isolated pr-head/ checkout, an author-association gate, and minimal permissions to mitigate the "pwn request" risks of the latter trigger. Documentation and a README entry are added alongside.
Changes:
- New reusable workflow
.github/workflows/claude-review.ymlwith extensive inline security/threat-model documentation, default review prompt, configurable input, requiredanthropic_api_keysecret, and isolated PR-head checkout pattern. - README updated with a new "Code Review" section and reference link for the new workflow.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/claude-review.yml |
New reusable workflow that gates execution by author association, performs a trusted base + isolated PR-head checkout, then invokes claude-code-action with scoped tool allowlist and a default review prompt. |
README.md |
Adds a "Code Review" subsection and reference link entry pointing to the new workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Check out the BASE ref at the workspace root. This is trusted code from | ||
| # the base branch, so it's safe for the action to operate against (e.g. | ||
| # reading .git/config, .git/hooks, etc. that the action and its tools | ||
| # consult). Do NOT check out the PR head here — see security note above. | ||
| # Fetch full history so the agent can use `git log` / `git blame` for | ||
| # context. | ||
| - uses: actions/checkout@v6 | ||
| with: | ||
| fetch-depth: 0 |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 06a935098b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - uses: actions/checkout@v6 | ||
| with: | ||
| fetch-depth: 0 |
There was a problem hiding this comment.
This checkout relies on the default GITHUB_REF, but for pull_request_target runs GitHub now resolves that ref to the repository’s default branch (since the December 8, 2025 behavior change), not the PR’s base branch. In repos that open PRs against non-default branches (e.g., release branches), Claude will review against the wrong baseline and can produce incorrect diffs/blame/comments. Set an explicit base ref/sha (for example github.event.pull_request.base.sha) for the workspace-root checkout so the review context matches the actual target branch.
Useful? React with 👍 / 👎.
What
Add
.github/workflows/claude-review.ymlas a reusable workflow that runsanthropics/claude-code-actionto review pull requests. Callers should trigger onpull_request(recommended for safety);pull_request_targetis supported but only for repos that strictly require reviewing fork-based contributions. The workflow accepts an optionalpromptinput (with a sensible default) and a requiredanthropic_api_keysecret.Why
Four stellar repos (
rs-stellar-strkey,rs-soroban-sdk,stellar-cli,stellar-core) each maintain their own copy of the claude-review workflow. Thestellar-corecopy diverged with the more securepull_request_targetflow needed for fork PRs from org members. Centralizing here lets all repos share one hardened implementation and keeps the security model in one place, so future updates land in a single file instead of being copied across repos.Example
Caller workflow:
To override the default prompt:
Security model
The reusable workflow supports both
pull_request(recommended) andpull_request_target(use only for repos requiring fork-based contributions):pull_request, fork PRs cannot be reviewed (GitHub strips secrets on this event); only same-repo PRs work. This is the safer default.pull_request_target, fork PRs from orgMEMBERs or the repoOWNERare reviewable because secrets are available and the workflow runs from the trusted base branch. This is the more dangerous "pwn request" trigger; the workflow's mitigations (author-association gate,pr-head/isolation, minimal permissions) exist specifically to make this mode safe to use.if:gate restricts execution to non-draft PRs that are same-repo or authored byMEMBER/OWNER. Inpull_request_targetmode this is a security boundary; inpull_requestmode it just filters which PRs are reviewed.pull_request_target); the PR head is checked out into isolatedpr-head/, exposed to Claude via--add-dir pr-head. Repo-local config in the PR head (.git/config,.git/hooks,.npmrc, etc.) is not picked up by tools running at the workspace root.permissions: {}and minimal job-level permissions (contents: read,pull-requests: write,id-token: write).fetch-depth: 0on both checkouts so the agent can usegit log/git blame.The full threat model and rationale are documented inline in the workflow's security note.
Upstream Changes in Support