Skip to content

Add claude GitHub actions#462

Closed
davidnixon wants to merge 2 commits into
Call-for-Code-for-Racial-Justice:mainfrom
davidnixon:add-claude-github-actions
Closed

Add claude GitHub actions#462
davidnixon wants to merge 2 commits into
Call-for-Code-for-Racial-Justice:mainfrom
davidnixon:add-claude-github-actions

Conversation

@davidnixon

Copy link
Copy Markdown
Member

Enable claude

@davidnixon davidnixon closed this Jul 3, 2026
@qodo-code-review

Copy link
Copy Markdown

PR Summary by Qodo

Add Claude GitHub Actions for PR reviews and @claude requests

⚙️ Configuration changes ✨ Enhancement 🕐 10-20 Minutes

Grey Divider

AI Description

• Add Claude Code workflow triggered by @claude mentions on issues and PR reviews.
• Add Claude Code Review workflow to automatically review PRs on key PR events.
• Configure minimal read permissions and OIDC token access for Claude action execution.
Diagram

graph TD
  A["GitHub Events"] --> B["claude.yml"] --> D["anthropics/claude-code-action@v1"] --> F[("GitHub API")]
  A --> C["claude-code-review.yml"] --> D
  E["Repo Secret: CLAUDE_CODE_OAUTH_TOKEN"] --> D

  subgraph Legend
    direction LR
    _wf["Workflow YAML"] ~~~ _act["GitHub Action"] ~~~ _sec[("Secret")] ~~~ _api[("API")]
  end
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Consolidate into a single workflow with conditional jobs
  • ➕ Single place to manage permissions, secrets, and action version pinning
  • ➕ Avoids duplicated checkout/action configuration
  • ➕ Easier to enforce consistent guardrails (e.g., forks, draft PRs)
  • ➖ More complex conditional logic for different triggers
  • ➖ Harder to reason about which events run which prompts
2. Gate automatic PR reviews behind a label or slash-command
  • ➕ Prevents unintended costs/noise on every PR update
  • ➕ Gives maintainers explicit control over when reviews run
  • ➖ Less automated; reviewers must remember to request runs
  • ➖ Reduced immediate feedback for contributors
3. Add stricter security constraints (fork checks / environment approvals)
  • ➕ Reduces risk of secret exposure or untrusted execution paths
  • ➕ Aligns with least-privilege and enterprise security expectations
  • ➖ May reduce usability for external contributors
  • ➖ Adds operational overhead (approvals / additional conditions)

Recommendation: The two-workflow approach is reasonable for clarity (auto PR reviews vs on-demand @claude). Consider adding gating for the automatic PR review workflow (label/command and/or fork/draft checks) to control noise and cost, and review permissions to ensure they are the minimum needed for intended behavior.

Files changed (2) +94 / -0

Other (2) +94 / -0
claude-code-review.ymlAdd automatic Claude PR code review workflow +44/-0

Add automatic Claude PR code review workflow

• Introduces a pull_request-triggered workflow that runs on opened/synchronize/ready_for_review/reopened. Checks out the repo and invokes anthropics/claude-code-action@v1 with the code-review plugin and a PR-scoped prompt.

.github/workflows/claude-code-review.yml

claude.ymlAdd on-demand Claude workflow triggered by @claude mentions +50/-0

Add on-demand Claude workflow triggered by @claude mentions

• Adds an event-driven workflow that runs when @claude appears in issue comments, PR review comments, PR reviews, or issues. Configures read permissions (including actions:read) and runs anthropics/claude-code-action@v1 using CLAUDE_CODE_OAUTH_TOKEN.

.github/workflows/claude.yml

@qodo-code-review

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📜 Skill insights (0)

Grey Divider


Action required

1. Secret exposed to commenters 🐞 Bug ⛨ Security
Description
.github/workflows/claude.yml runs on issues and comment-based events whenever text contains
@claude and passes secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party action, so any user who
can open/comment can trigger secret-backed execution. This enables unauthorized token consumption
and increases risk of prompt-injection-driven abuse of the action.
Code

.github/workflows/claude.yml[R15-37]

+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
Evidence
The workflow is explicitly triggered by issue/comment/review events and gated only by `contains(...,
'@claude'), and it passes the repository secret CLAUDE_CODE_OAUTH_TOKEN` into a third-party action
input.

.github/workflows/claude.yml[3-20]
.github/workflows/claude.yml[21-38]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The `claude` workflow is triggered by user-generated events (issues/comments/reviews) and only checks for the substring `@claude`, then injects `secrets.CLAUDE_CODE_OAUTH_TOKEN` into `anthropics/claude-code-action`. This allows any actor who can open an issue or add a comment in this repo to invoke a secret-backed workflow.

### Issue Context
This is a trust-boundary problem: the workflow grants a privileged capability (using an OAuth token) based solely on user-controlled text. It should be restricted to trusted actors (e.g., members/collaborators) or require explicit approval.

### Fix Focus Areas
- .github/workflows/claude.yml[3-41]

### Suggested remediation
- Add an author trust gate to the job `if:` (or a separate early step) such as:
 - `github.event.comment.author_association` / `github.event.issue.author_association` in `{OWNER,MEMBER,COLLABORATOR}`
 - or restrict to `github.actor` in an allowlist
- Consider moving invocation behind `workflow_dispatch` and require a protected `environment` with reviewers.
- If you must allow public triggers, do **not** pass long-lived secrets; use short-lived tokens or a broker service with strict policy.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools



Remediation recommended

2. Unneeded OIDC permission 🐞 Bug ⛨ Security
Description
Both workflows request id-token: write but no step in either workflow uses OIDC, so this
unnecessarily allows minting GitHub OIDC tokens. This expands the blast radius if a step/action is
compromised now or in the future.
Code

.github/workflows/claude-code-review.yml[R22-27]

+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
Evidence
Both workflow permission blocks explicitly enable id-token: write, and the only steps are checkout
plus the Claude action; there is no other step indicating OIDC usage.

.github/workflows/claude.yml[21-37]
.github/workflows/claude-code-review.yml[21-41]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The workflows request `permissions: id-token: write` even though there are no OIDC consumers (no cloud login step, no explicit OIDC token usage). This violates least privilege and increases risk if any action is compromised.

### Issue Context
`id-token: write` enables OIDC token minting. Unless a step explicitly needs OIDC federation, it should be omitted.

### Fix Focus Areas
- .github/workflows/claude.yml[21-26]
- .github/workflows/claude-code-review.yml[22-27]

### Suggested remediation
- Remove `id-token: write` from both workflows (or set it to `none`).
- If OIDC is needed later, add it back narrowly and document which step requires it.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


3. Unpinned external plugins 🐞 Bug ⛨ Security
Description
.github/workflows/claude-code-review.yml fetches plugin code from an external GitHub repository
and references a plugin without pinning to an immutable version/commit, so CI behavior can change
without review. This creates a supply-chain and reproducibility risk for PR checks.
Code

.github/workflows/claude-code-review.yml[R36-41]

+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
Evidence
The workflow explicitly points to an external plugin marketplace URL and enables a plugin by name,
meaning code can be fetched/changed externally at runtime.

.github/workflows/claude-code-review.yml[34-41]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The code-review workflow loads Claude plugins from an external repository (`plugin_marketplaces`) and selects a plugin by name (`plugins`) without pinning to an immutable ref. This allows remote changes to alter workflow behavior without a PR in this repo.

### Issue Context
This is a CI supply-chain integrity issue: results may change over time, and a compromise in the plugin source could impact your workflow.

### Fix Focus Areas
- .github/workflows/claude-code-review.yml[34-41]

### Suggested remediation
- Prefer vendoring the plugin code in-repo, or pin the plugin source to a specific commit SHA/tag if the action supports it.
- Pin `anthropics/claude-code-action` (and ideally `actions/checkout`) to a commit SHA instead of a moving tag to reduce supply-chain risk.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Grey Divider

Qodo Logo

Comment on lines +15 to +37
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Secret exposed to commenters 🐞 Bug ⛨ Security

.github/workflows/claude.yml runs on issues and comment-based events whenever text contains
@claude and passes secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party action, so any user who
can open/comment can trigger secret-backed execution. This enables unauthorized token consumption
and increases risk of prompt-injection-driven abuse of the action.
Agent Prompt
### Issue description
The `claude` workflow is triggered by user-generated events (issues/comments/reviews) and only checks for the substring `@claude`, then injects `secrets.CLAUDE_CODE_OAUTH_TOKEN` into `anthropics/claude-code-action`. This allows any actor who can open an issue or add a comment in this repo to invoke a secret-backed workflow.

### Issue Context
This is a trust-boundary problem: the workflow grants a privileged capability (using an OAuth token) based solely on user-controlled text. It should be restricted to trusted actors (e.g., members/collaborators) or require explicit approval.

### Fix Focus Areas
- .github/workflows/claude.yml[3-41]

### Suggested remediation
- Add an author trust gate to the job `if:` (or a separate early step) such as:
  - `github.event.comment.author_association` / `github.event.issue.author_association` in `{OWNER,MEMBER,COLLABORATOR}`
  - or restrict to `github.actor` in an allowlist
- Consider moving invocation behind `workflow_dispatch` and require a protected `environment` with reviewers.
- If you must allow public triggers, do **not** pass long-lived secrets; use short-lived tokens or a broker service with strict policy.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Comment on lines +22 to +27
permissions:
contents: read
pull-requests: read
issues: read
id-token: write

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remediation recommended

2. Unneeded oidc permission 🐞 Bug ⛨ Security

Both workflows request id-token: write but no step in either workflow uses OIDC, so this
unnecessarily allows minting GitHub OIDC tokens. This expands the blast radius if a step/action is
compromised now or in the future.
Agent Prompt
### Issue description
The workflows request `permissions: id-token: write` even though there are no OIDC consumers (no cloud login step, no explicit OIDC token usage). This violates least privilege and increases risk if any action is compromised.

### Issue Context
`id-token: write` enables OIDC token minting. Unless a step explicitly needs OIDC federation, it should be omitted.

### Fix Focus Areas
- .github/workflows/claude.yml[21-26]
- .github/workflows/claude-code-review.yml[22-27]

### Suggested remediation
- Remove `id-token: write` from both workflows (or set it to `none`).
- If OIDC is needed later, add it back narrowly and document which step requires it.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Comment on lines +36 to +41
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
plugins: 'code-review@claude-code-plugins'
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remediation recommended

3. Unpinned external plugins 🐞 Bug ⛨ Security

.github/workflows/claude-code-review.yml fetches plugin code from an external GitHub repository
and references a plugin without pinning to an immutable version/commit, so CI behavior can change
without review. This creates a supply-chain and reproducibility risk for PR checks.
Agent Prompt
### Issue description
The code-review workflow loads Claude plugins from an external repository (`plugin_marketplaces`) and selects a plugin by name (`plugins`) without pinning to an immutable ref. This allows remote changes to alter workflow behavior without a PR in this repo.

### Issue Context
This is a CI supply-chain integrity issue: results may change over time, and a compromise in the plugin source could impact your workflow.

### Fix Focus Areas
- .github/workflows/claude-code-review.yml[34-41]

### Suggested remediation
- Prefer vendoring the plugin code in-repo, or pin the plugin source to a specific commit SHA/tag if the action supports it.
- Pin `anthropics/claude-code-action` (and ideally `actions/checkout`) to a commit SHA instead of a moving tag to reduce supply-chain risk.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant