feat: add reusable Claude AI workflow templates

sfreudenthaler · sfreudenthaler · commit cc624bcf6b7e · 2025-06-27T16:34:18.000-04:00
Add centralized, reusable GitHub Actions workflows for Claude AI automation: - claude-executor.yml: Configurable execution engine with custom tool allowlists, timeouts, and runner specifications - claude-orchestrator.yml: Orchestrates all Claude triggers (comments, PRs, issues) with configurable prompts and conditional logic Key features: - Parameterized inputs for repository-specific customization - Support for interactive (@claude mentions) and automatic modes - Configurable allowed tools for different repository types - Flexible timeout and runner configuration - Comprehensive trigger event handling This enables DRY implementation of Claude workflows across all dotCMS repositories while maintaining repository-specific configurations. Usage example: ```yaml jobs: claude: uses: dotCMS/claude-workflows/.github/workflows/claude-orchestrator.yml@main with: allowed_tools: | Bash(terraform plan) Bash(git status) secrets: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} ``` 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Resolves: dotCMS/dotcat#213
diff --git a/.github/workflows/claude-executor.yml b/.github/workflows/claude-executor.yml
@@ -0,0 +1,77 @@
+---
+# Claude Executor Workflow (Reusable)
+#
+# PURPOSE: This is the execution engine that runs Claude AI actions.
+# This is the reusable version that will be hosted in dotCMS/claude-workflows
+#
+# WHY: This workflow contains the shared configuration and execution logic
+# for all Claude interactions. It's designed to be reusable across different
+# repositories and trigger scenarios.
+#
+# ROLE:
+# - Sets up the execution environment (permissions, timeouts, runner)
+# - Configures the anthropics/claude-code-action with configurable allowed tools
+# - Handles the actual Claude AI interaction
+# - Provides a single source of truth for Claude execution configuration
+#
+# USAGE: Called by orchestrator workflows with different parameters
+# for interactive vs automatic modes and different tool configurations.
+
+name: Claude Executor (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      trigger_mode:
+        description: 'Mode of trigger - interactive or automatic'
+        required: true
+        type: string
+      direct_prompt:
+        description: 'Direct prompt for automatic reviews'
+        required: false
+        type: string
+        default: ''
+      allowed_tools:
+        description: 'Custom allowed tools configuration'
+        required: false
+        type: string
+        default: |
+          Bash(git status)
+          Bash(git diff)
+      timeout_minutes:
+        description: 'Timeout in minutes for the Claude execution'
+        required: false
+        type: number
+        default: 15
+      runner:
+        description: 'GitHub runner to use'
+        required: false
+        type: string
+        default: 'ubuntu-latest'
+    secrets:
+      ANTHROPIC_API_KEY:
+        required: true
+
+jobs:
+  claude:
+    runs-on: ${{ inputs.runner }}
+    timeout-minutes: ${{ inputs.timeout_minutes }}
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          direct_prompt: ${{ inputs.direct_prompt }}
+          allowed_tools: ${{ inputs.allowed_tools }}
diff --git a/.github/workflows/claude-orchestrator.yml b/.github/workflows/claude-orchestrator.yml
@@ -0,0 +1,138 @@
+---
+# Claude Orchestrator Workflow (Reusable)
+#
+# PURPOSE: This workflow orchestrates all Claude AI interactions by handling
+# different trigger types and routing them to the appropriate execution mode.
+# This is the reusable version that will be hosted in dotCMS/claude-workflows
+#
+# WHY: Consolidates all Claude triggers into a single workflow to prevent
+# duplicate runs while maintaining clear separation between interactive
+# and automatic modes. Designed to be reusable across different repositories.
+#
+# ROLE:
+# - Handles all trigger events (issues, comments, PR reviews, PR changes)
+# - Routes to appropriate execution mode based on trigger type
+# - Manages conditional logic to prevent duplicate workflow runs
+# - Applies configurable path exclusions
+# - Orchestrates between interactive (@claude mentions) and automatic modes
+#
+# USAGE: This is a reusable orchestrator that can be called from any repository
+# with repository-specific configurations.
+
+name: Claude Orchestrator (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      automatic_review_prompt:
+        description: 'Custom prompt for automatic PR reviews'
+        required: false
+        type: string
+        default: |
+          Please review this pull request and provide feedback on:
+          - Code quality and best practices
+          - Potential bugs or issues
+          - Performance considerations
+          - Security concerns
+          - Test coverage
+
+          Be constructive and helpful in your feedback.
+      allowed_tools:
+        description: 'Custom allowed tools configuration'
+        required: false
+        type: string
+        default: |
+          Bash(git status)
+          Bash(git diff)
+      timeout_minutes:
+        description: 'Timeout in minutes for Claude execution'
+        required: false
+        type: number
+        default: 15
+      runner:
+        description: 'GitHub runner to use'
+        required: false
+        type: string
+        default: 'ubuntu-latest'
+      executor_workflow_ref:
+        description: 'Reference to the executor workflow'
+        required: false
+        type: string
+        default: 'dotCMS/claude-workflows/.github/workflows/claude-executor.yml@main'
+    secrets:
+      ANTHROPIC_API_KEY:
+        required: true
+
+jobs:
+  # Interactive Claude mentions in comments
+  claude-comment-mention:
+    if: |
+      (github.event_name == 'issue_comment' && (contains(github.event.comment.body, '@claude') || contains(github.event.comment.body, '@Claude') || contains(github.event.comment.body, '@CLAUDE'))) ||
+      (github.event_name == 'pull_request_review_comment' && (contains(github.event.comment.body, '@claude') || contains(github.event.comment.body, '@Claude') || contains(github.event.comment.body, '@CLAUDE')))
+    uses: ${{ inputs.executor_workflow_ref }}
+    with:
+      trigger_mode: interactive
+      allowed_tools: ${{ inputs.allowed_tools }}
+      timeout_minutes: ${{ inputs.timeout_minutes }}
+      runner: ${{ inputs.runner }}
+    secrets:
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+
+  # Interactive Claude mentions in PR reviews
+  claude-review-mention:
+    if: |
+      github.event_name == 'pull_request_review' && (contains(github.event.review.body, '@claude') || contains(github.event.review.body, '@Claude') || contains(github.event.review.body, '@CLAUDE'))
+    uses: ${{ inputs.executor_workflow_ref }}
+    with:
+      trigger_mode: interactive
+      allowed_tools: ${{ inputs.allowed_tools }}
+      timeout_minutes: ${{ inputs.timeout_minutes }}
+      runner: ${{ inputs.runner }}
+    secrets:
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+
+  # Interactive Claude mentions in issues
+  claude-issue-mention:
+    if: |
+      github.event_name == 'issues' &&
+      ((contains(github.event.issue.body, '@claude') || contains(github.event.issue.body, '@Claude') || contains(github.event.issue.body, '@CLAUDE')) ||
+       (contains(github.event.issue.title, '@claude') || contains(github.event.issue.title, '@Claude') || contains(github.event.issue.title, '@CLAUDE')))
+    uses: ${{ inputs.executor_workflow_ref }}
+    with:
+      trigger_mode: interactive
+      allowed_tools: ${{ inputs.allowed_tools }}
+      timeout_minutes: ${{ inputs.timeout_minutes }}
+      runner: ${{ inputs.runner }}
+    secrets:
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+
+  # Interactive Claude mentions in PR titles/bodies
+  claude-pr-mention:
+    if: |
+      github.event_name == 'pull_request' &&
+      ((contains(github.event.pull_request.title, '@claude') || contains(github.event.pull_request.title, '@Claude') || contains(github.event.pull_request.title, '@CLAUDE')) ||
+       (contains(github.event.pull_request.body, '@claude') || contains(github.event.pull_request.body, '@Claude') || contains(github.event.pull_request.body, '@CLAUDE')))
+    uses: ${{ inputs.executor_workflow_ref }}
+    with:
+      trigger_mode: interactive
+      allowed_tools: ${{ inputs.allowed_tools }}
+      timeout_minutes: ${{ inputs.timeout_minutes }}
+      runner: ${{ inputs.runner }}
+    secrets:
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+
+  # Automatic PR reviews (no @claude mention)
+  claude-automatic-review:
+    if: |
+      github.event_name == 'pull_request' &&
+      !contains(github.event.pull_request.title, '@claude') && !contains(github.event.pull_request.title, '@Claude') && !contains(github.event.pull_request.title, '@CLAUDE') &&
+      !contains(github.event.pull_request.body, '@claude') && !contains(github.event.pull_request.body, '@Claude') && !contains(github.event.pull_request.body, '@CLAUDE')
+    uses: ${{ inputs.executor_workflow_ref }}
+    with:
+      trigger_mode: automatic
+      direct_prompt: ${{ inputs.automatic_review_prompt }}
+      allowed_tools: ${{ inputs.allowed_tools }}
+      timeout_minutes: ${{ inputs.timeout_minutes }}
+      runner: ${{ inputs.runner }}
+    secrets:
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
