File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11name : Claude Code Review
22
33on :
4- # Use pull_request_target so this works for fork PRs and can mint an OIDC token.
5- # IMPORTANT: do NOT checkout or run fork code in this workflow.
64 pull_request_target :
75 types : [opened, synchronize, ready_for_review, reopened]
8- # Optional: Only run on specific file changes
9- # paths:
10- # - "src/**/*.ts"
11- # - "src/**/*.tsx"
12- # - "src/**/*.js"
13- # - "src/**/*.jsx"
146
157jobs :
168 claude-review :
17- # Optional: Filter by PR author / association
18- # if: |
19- # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' ||
20- # github.event.pull_request.author_association == 'CONTRIBUTOR'
21-
229 runs-on : ubuntu-latest
2310 permissions :
2411 contents : read
2512 pull-requests : write
2613 issues : read
14+ actions : read
2715 id-token : write
2816
2917 steps :
30- # NOTE: No checkout step on purpose.
31- # With pull_request_target, checking out PR code from forks can expose secrets.
32-
18+ # IMPORTANT: no checkout for pull_request_target (fork-safe)
3319 - name : Run Claude Code Review
3420 id : claude-review
3521 uses : anthropics/claude-code-action@v1
3622 with :
3723 claude_code_oauth_token : ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
24+
25+ # Workaround: bypass Anthropic OIDC->GitHub App token exchange
26+ github_token : ${{ github.token }}
27+
3828 plugin_marketplaces : ' https://github.com/anthropics/claude-code.git'
3929 plugins : ' code-review@claude-code-plugins'
4030 prompt : ' /code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
41- # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
42- # or https://code.claude.com/docs/en/cli-reference for available options
31+
32+ # Optional: lets Claude read CI results
33+ additional_permissions : |
34+ actions: read
You can’t perform that action at this time.
0 commit comments