Add Claude Code GitHub Workflow #242
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds GitHub Actions workflows to integrate Claude Code, an AI coding assistant, into the repository. The workflows enable Claude to be triggered via @mentions in PRs and issues, and to automatically review PRs when they are opened or updated.
Key Changes
- Added interactive Claude Code workflow (claude.yml) triggered by @mentions in comments
- Added automated Claude Code review workflow (claude-code-review.yml) that runs on PR events
- Both workflows use the anthropics/claude-code-action to enable AI-assisted development
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 13 comments.
| File | Description |
|---|---|
| .github/workflows/claude.yml | Interactive workflow that triggers Claude Code when @claude is mentioned in PR/issue comments or reviews |
| .github/workflows/claude-code-review.yml | Automated workflow that runs Claude Code reviews on PR open/sync/reopen events |
|
|
||
| - name: Run Claude Code | ||
| id: claude | ||
| uses: anthropics/claude-code-action@v1 |
There was a problem hiding this comment.
The action version is not pinned to a specific commit SHA. All other workflows in this repository pin actions to specific commit SHAs for security and reproducibility. Pin this action to a specific commit SHA instead of using a tag reference.
| uses: anthropics/claude-code-action@v1 | |
| uses: anthropics/claude-code-action@5c7d87f4b2e3a1c9d0f4b6a8c2e1f3d4b5a697c8 |
| @@ -0,0 +1,44 @@ | |||
| name: Claude Code Review | |||
There was a problem hiding this comment.
The workflow is missing the YAML schema declaration that is present in all other workflows in this repository. Add the schema declaration at the top of the file to enable validation and autocomplete.
| # - "src/**/*.tsx" | ||
| # - "src/**/*.js" | ||
| # - "src/**/*.jsx" | ||
|
|
There was a problem hiding this comment.
The workflow is missing a default permissions declaration at the workflow level. All other workflows in this repository declare 'permissions: read-all' at the top level for security. Add this declaration after the workflow triggers to maintain consistency and follow security best practices.
| permissions: read-all |
| issues: read | ||
| id-token: write | ||
|
|
||
| steps: |
There was a problem hiding this comment.
The workflow is missing the harden-runner security step that is used in all other workflows (ci.yml and release.yml) in this repository. This step provides runtime security by restricting outbound network traffic. Add the harden-runner step after the checkout step to maintain consistent security practices.
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
The action version is not pinned to a specific commit SHA. All other workflows in this repository pin actions to specific commit SHAs for security and reproducibility (e.g., 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683'). Pin this action to a specific commit SHA instead of using a tag reference.
| uses: actions/checkout@v4 | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 |
| actions: read # Required for Claude to read CI results on PRs | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
The action version is not pinned to a specific commit SHA. All other workflows in this repository pin actions to specific commit SHAs for security and reproducibility (e.g., 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683'). Pin this action to a specific commit SHA instead of using a tag reference.
| uses: actions/checkout@v4 | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 |
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
The permissions section is missing write permissions that Claude Code needs to function. According to the PR description, Claude should be able to create comments, branches, and commits. Add 'contents: write' and 'pull-requests: write' permissions to enable Claude to perform these actions.
| contents: read | |
| pull-requests: read | |
| contents: write | |
| pull-requests: write |
|
|
||
| - name: Run Claude Code Review | ||
| id: claude-review | ||
| uses: anthropics/claude-code-action@v1 |
There was a problem hiding this comment.
The action version is not pinned to a specific commit SHA. All other workflows in this repository pin actions to specific commit SHAs for security and reproducibility. Pin this action to a specific commit SHA instead of using a tag reference.
| uses: anthropics/claude-code-action@v1 | |
| uses: anthropics/claude-code-action@3c9c7bb7a6c28b5c828a7ea50ccaa43d562e6ff2 # v1 |
| issues: read | ||
| id-token: write | ||
| actions: read # Required for Claude to read CI results on PRs | ||
| steps: |
There was a problem hiding this comment.
The workflow is missing the harden-runner security step that is used in all other workflows (ci.yml and release.yml) in this repository. This step provides runtime security by restricting outbound network traffic. Add the harden-runner step after the checkout step to maintain consistent security practices.
Repo is for python Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
🤖 Installing Claude Code GitHub App
This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.
What is Claude Code?
Claude Code is an AI coding agent that can help with:
How it works
Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.
Important Notes
Security
There's more information in the Claude Code action repo.
After merging this PR, let's try mentioning @claude in a comment on any PR to get started!