fix(cmd): defer submit push until PR intent is known #126
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | ||
|
Check failure on line 1 in .github/workflows/claude.yml
|
||
| on: | ||
| issue_comment: | ||
| types: [created] | ||
| pull_request_review_comment: | ||
| types: [created] | ||
| issues: | ||
| types: [opened, edited] | ||
| pull_request_review: | ||
| types: [submitted] | ||
| jobs: | ||
| claude: | ||
| if: | | ||
| (github.event_name == 'issue_comment' && | ||
| contains(github.event.comment.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || | ||
| (github.event_name == 'pull_request_review_comment' && | ||
| contains(github.event.comment.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || | ||
| (github.event_name == 'pull_request_review' && | ||
| contains(github.event.review.body, '@claude') && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.review.author_association)) || | ||
| (github.event_name == 'issues' && | ||
| (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) && | ||
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)) | ||
| # NOTE: For issues:edited, author_association refers to the issue author, not | ||
| # the actor who performed the edit. This means an edit by a non-collaborator | ||
| # could re-trigger Claude if the original author is a collaborator. In practice, | ||
| # only users with write access can edit others' issues, so the risk is limited. | ||
| concurrency: | ||
| group: claude-${{ github.repository }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }} | ||
| cancel-in-progress: true | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write # for progress tracking | ||
| issues: write # for progress tracking | ||
| id-token: write # needed for OAUTH token | ||
| actions: read # Required for Claude to read CI results on PRs | ||
| steps: | ||
| - name: Harden-Runner | ||
| uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 | ||
| with: | ||
| egress-policy: audit | ||
| - name: Checkout repository | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | ||
| with: | ||
| fetch-depth: 1 | ||
| - name: Run Claude Code | ||
| id: claude | ||
| # Pinned to v1 for supply-chain safety | ||
| uses: anthropics/claude-code-action@b2fdd80112e5f140e097b11d7a3d9edf0b226fd0 | ||
| with: | ||
| claude_args: | | ||
| --max-turns 10 | ||
| --allowed-tools 'Bash(gh pr:*),Bash(make:*),Bash(go test:*),Bash(gh stack:*)' | ||
| track_progress: true | ||
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||
| allowed_bots: 'renovate[bot]' | ||
| # This is an optional setting that allows Claude to read CI results on PRs | ||
| additional_permissions: | | ||
| actions: read | ||
| # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. | ||
| # prompt: 'Update the pull request description to include a summary of changes.' | ||
| # Optional: Add claude_args to customize behavior and configuration | ||
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options | ||
| # claude_args: '--allowed-tools Bash(gh pr:*)' | ||
