Add Claude Code review workflow (#1353)

syed-ahsan-ishtiaque · web-flow · commit 39526505f912 · 2026-04-14T00:23:15.000Z
## Summary
- Adds a Claude Code review workflow that automatically reviews PRs for
bugs, security issues, and code quality
- Uses Bedrock with OIDC authentication via
`TELEGEN_AWS_ASSUME_ROLE_ARN` secret
- Triggers on PR open, sync, ready_for_review, and reopen events
targeting `main`
- Includes concurrency control, draft PR filtering, and a 15-minute
timeout

## Test plan
- [x] Set the `TELEGEN_AWS_ASSUME_ROLE_ARN` repo secret with the
appropriate IAM role ARN
- [x] Open a test PR to verify the workflow triggers and Claude posts
review comments
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -0,0 +1,51 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    branches:
+      - main
+    types: [opened, synchronize, ready_for_review, reopened]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "**/*.java"
+    #   - "**/*.gradle"
+    #   - "**/*.kt"
+
+concurrency:
+  group: claude-review-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  claude-review:
+    if: ${{ !github.event.pull_request.draft }}
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1
+        with:
+          fetch-depth: 50
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
+        with:
+          role-to-assume: ${{ secrets.TELEGEN_AWS_ASSUME_ROLE_ARN }}
+          aws-region: ${{ vars.AWS_DEFAULT_REGION || 'us-east-1' }}
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@1b422b3517b51140e4484faab676c5e68b914866 #v1.0.73
+        with:
+          use_bedrock: "true"
+          direct_api: "true"
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          claude_args: |
+            --model us.anthropic.claude-opus-4-6-v1 --allowedTools "Bash(gh pr diff *),Bash(gh pr view *),Bash(gh api repos/*/pulls/*/comments*),Bash(gh api repos/*/pulls/*/reviews*)"
+          prompt: |
+            Review this PR for bugs, security issues, and code quality. Post your findings as inline review comments on the relevant lines.
