Skip to content

Commit 5bd3c35

Browse files
sbryngelsonsbryngelson
authored
Enhance Claude Code Review workflow configuration
Updated Claude Code Review workflow with new permissions and improved prompt instructions.
1 parent 9f3f0a1 commit 5bd3c35

1 file changed

Lines changed: 60 additions & 16 deletions

File tree

.github/workflows/claude-code-review.yml

Lines changed: 60 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,34 @@
1+
name: Claude Code Review
2+
3+
on:
4+
pull_request_target:
5+
types: [opened, synchronize, ready_for_review, reopened]
6+
7+
jobs:
8+
claude-review:
9+
runs-on: ubuntu-latest
10+
permissions:
11+
contents: read
12+
pull-requests: write
13+
issues: write
14+
actions: read
15+
id-token: write
16+
17+
steps:
18+
# IMPORTANT: checkout BASE repo only (safe on forks)
19+
- name: Checkout base repo (safe)
20+
uses: actions/checkout@v4
21+
with:
22+
fetch-depth: 1
23+
124
- name: Run Claude Code Review
2-
id: claude-review
325
uses: anthropics/claude-code-action@v1
426
with:
527
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
628
github_token: ${{ github.token }}
729

8-
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
9-
plugins: 'code-review@claude-code-plugins'
30+
plugin_marketplaces: "https://github.com/anthropics/claude-code.git"
31+
plugins: "code-review@claude-code-plugins"
1032

1133
claude_args: >
1234
--dangerously-skip-permissions
@@ -15,25 +37,47 @@
1537
"Bash(gh pr view:*)"
1638
"Bash(gh pr diff:*)"
1739
"Bash(gh pr comment:*)"
18-
"Bash(gh api repos/*/pulls/*:*)"
19-
"Bash(gh api repos/*/issues/*/comments:*)"
40+
"Bash(gh pr list:*)"
41+
"Bash(gh pr status:*)"
42+
"Bash(gh issue comment:*)"
43+
"Bash(gh api:*)"
2044
"Bash(cat:*)"
2145
"Bash(ls:*)"
2246
"Bash(grep:*)"
2347
"Bash(find:*)"
48+
"Bash(sed:*)"
49+
"Bash(awk:*)"
50+
"Bash(head:*)"
51+
"Bash(tail:*)"
52+
"Bash(wc:*)"
53+
"Bash(sort:*)"
54+
"Bash(uniq:*)"
55+
"Bash(cut:*)"
56+
"Bash(xargs:*)"
57+
"Bash(jq:*)"
58+
"Bash(python3:*)"
2459
2560
prompt: |
26-
/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}
61+
You are running in pull_request_target. DO NOT execute or inspect the fork's checked-out code.
62+
Review ONLY via GitHub API/gh commands.
63+
64+
Always use numeric PR form with --repo:
65+
- gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --json files,title,body
66+
- gh pr diff ${{ github.event.pull_request.number }} --repo ${{ github.repository }}
2767
28-
Always use the numeric PR form with --repo, e.g.:
29-
- gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
30-
- gh pr diff ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
31-
- gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
68+
If CLAUDE.md exists in the base repo checkout, read it with:
69+
- cat CLAUDE.md
70+
Prefer jq/python3 for JSON parsing instead of shell loops.
3271
3372
Output requirements (even if no issues):
34-
- Start with: files changed count + list up to 15 changed file paths
35-
- Then: a short summary of what the PR changes (3–6 bullets)
36-
- Then: findings:
37-
- If issues: list them with file path + line numbers when possible
38-
- If no issues: list at least 3 concrete "improvement opportunities" with file paths
39-
Post the results as ONE top-level PR comment titled "Claude Code Review".
73+
- Files changed count + list up to 15 file paths
74+
- Summary (3–6 bullets)
75+
- Findings:
76+
- If issues: include file + line numbers when possible
77+
- If no issues: at least 3 concrete improvement opportunities with file paths
78+
79+
Post ONE top-level PR comment titled "Claude Code Review".
80+
If posting a PR comment is blocked, write the full review to the GitHub Actions job summary instead.
81+
82+
additional_permissions: |
83+
actions: read

0 commit comments

Comments
 (0)