Skip to content

Commit eee7ea7

Browse files
ondrejmirtesondrejmirtes
committed
Safer workflows
1 parent f0039f4 commit eee7ea7

File tree

2 files changed

+26
-42
lines changed

2 files changed

+26
-42
lines changed

.github/workflows/claude-fix-issue.yml

Lines changed: 13 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -61,20 +61,24 @@ jobs:
6161
echo "url=$URL" >> "$GITHUB_OUTPUT"
6262
echo "$ISSUE_JSON" | jq -r '.body' > /tmp/issue-body.txt
6363
64-
- name: "Build prompt"
64+
- name: "Run Claude Code"
65+
env:
66+
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
67+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6568
run: |
66-
{
67-
cat << 'PROMPT_PART1'
69+
git config user.name "phpstan-bot"
70+
git config user.email "ondrej+phpstanbot@mirtes.cz"
71+
72+
claude -p \
73+
--model claude-opus-4-6 \
74+
"$(cat << 'PROMPT_EOF'
6875
You are working on phpstan/phpstan-src, the source code of PHPStan - a PHP static analysis tool.
6976
7077
Your task is to fix the following GitHub issue from the phpstan/phpstan repository:
7178
Issue phpstan/phpstan#${{ inputs.issue-number }}: ${{ steps.issue.outputs.title }}
7279
URL: ${{ steps.issue.outputs.url }}
7380
74-
Issue body:
75-
PROMPT_PART1
76-
cat /tmp/issue-body.txt
77-
cat << 'PROMPT_PART2'
81+
Issue body is in the file /tmp/issue-body.txt — read it before proceeding.
7882
7983
## Step 1: Write a regression test
8084
@@ -137,20 +141,8 @@ jobs:
137141
Fixes phpstan/phpstan#${{ inputs.issue-number }}
138142
139143
These files are critical - they will be used for the commit message and PR description.
140-
PROMPT_PART2
141-
} > /tmp/claude-prompt.txt
142-
143-
- name: "Run Claude Code"
144-
env:
145-
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
146-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
147-
run: |
148-
git config user.name "phpstan-bot"
149-
git config user.email "ondrej+phpstanbot@mirtes.cz"
150-
151-
claude -p \
152-
--model claude-opus-4-6 \
153-
"$(cat /tmp/claude-prompt.txt)"
144+
PROMPT_EOF
145+
)"
154146
155147
- name: "Read Claude's summary"
156148
id: claude-summary

.github/workflows/claude-fix-pr-ci.yml

Lines changed: 13 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -136,20 +136,25 @@ jobs:
136136
if: steps.check-attempts.outputs.skip != 'true' && steps.failures.outputs.skip != 'true'
137137
run: npm install -g @anthropic-ai/claude-code
138138

139-
- name: "Build prompt"
139+
- name: "Run Claude Code"
140140
if: steps.check-attempts.outputs.skip != 'true' && steps.failures.outputs.skip != 'true'
141+
env:
142+
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
143+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
141144
run: |
142-
{
143-
cat << 'PROMPT_PART1'
145+
git config user.name "phpstan-bot"
146+
git config user.email "ondrej+phpstanbot@mirtes.cz"
147+
148+
claude -p \
149+
--model claude-opus-4-6 \
150+
"$(cat << 'PROMPT_EOF'
144151
You are working on phpstan/phpstan-src. CI has failed on PR #${{ github.event.pull_request.number }} which was created by an automated process.
145152
146153
This is CI fix attempt ${{ steps.check-attempts.outputs.attempt_number }} of maximum 2.
147154
148155
## CI Failure Logs
149156
150-
PROMPT_PART1
151-
cat /tmp/ci-failure-context.txt
152-
cat << 'PROMPT_PART2'
157+
Read the CI failure logs from the file /tmp/ci-failure-context.txt.
153158
154159
## Your Task
155160
@@ -181,21 +186,8 @@ jobs:
181186
- Do NOT create a branch, push, or create a PR — this is handled automatically after you finish
182187
- Focus only on fixing the CI failures, do not refactor or add unrelated changes
183188
- If you cannot determine how to fix the failure, create a file /tmp/ci-fix-failed.txt with an explanation
184-
PROMPT_PART2
185-
} > /tmp/claude-ci-prompt.txt
186-
187-
- name: "Run Claude Code"
188-
if: steps.check-attempts.outputs.skip != 'true' && steps.failures.outputs.skip != 'true'
189-
env:
190-
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
191-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
192-
run: |
193-
git config user.name "phpstan-bot"
194-
git config user.email "ondrej+phpstanbot@mirtes.cz"
195-
196-
claude -p \
197-
--model claude-opus-4-6 \
198-
"$(cat /tmp/claude-ci-prompt.txt)"
189+
PROMPT_EOF
190+
)"
199191
200192
- name: "Commit and push fixes"
201193
if: steps.check-attempts.outputs.skip != 'true' && steps.failures.outputs.skip != 'true'

0 commit comments

Comments
 (0)