Add Claude Code GitHub Workflow

[bootjp]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• Chores
  • Added automated code review workflow to the CI/CD pipeline for pull request validation.
  • Streamlined existing workflow configurations with updated dependency management and improved action setup.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Two GitHub Actions workflows are modified: a new workflow file is added to perform code reviews on pull requests using Claude's code review action, and an existing workflow is updated with downgraded checkout version and simplified claude-code-action configuration by replacing pinned commits with version tags.

Changes

Cohort / File(s)	Summary
New Code Review Workflow .github/workflows/claude-code-review.yml	Adds GitHub Actions workflow triggered on PR events that invokes anthropics/claude-code-action@v1 for automated code reviews, configured with OAuth credentials and plugin settings.
Existing Workflow Updates .github/workflows/claude.yml	Downgrades actions/checkout from v6 to v4, removes temporary diagnostic steps for CLI installation and OAuth verification, replaces pinned anthropics/claude-code-action commit with @v1 tag, and updates --allowed-tools example formatting.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• ci: pin claude-code-action and pass OAuth token via step env #696: Directly addresses the same anthropics/claude-code-action CI workflow step, moving from pinned SHA to @v1 tag in .github/workflows/claude.yml.

Poem

🐰 A workflow so fine, now with Claude's review,
New pipelines hopping, both shiny and new!
From pinned commits leaping to version-tag flights,
CI workflows dancing through automation's nights! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add Claude Code GitHub Workflow' accurately describes the main change: adding a new GitHub Actions workflow file for Claude Code integration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-claude-github-actions-1777386568483

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 394c60e82e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Guard review job from fork PR secret unavailability

This workflow triggers on all pull_request events but the review step depends on secrets.CLAUDE_CODE_OAUTH_TOKEN; GitHub does not provide repository secrets to runs from forked PRs (and Dependabot-style fork-restricted contexts), so those runs will fail authentication instead of reviewing code. Add an explicit fork guard (for example, skip when github.event.pull_request.head.repo.fork is true) or move to a trusted trigger design that safely handles external contributions.

Useful? React with 👍 / 👎.