-
Notifications
You must be signed in to change notification settings - Fork 2
88 lines (81 loc) · 3.51 KB
/
claude.yml
File metadata and controls
88 lines (81 loc) · 3.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# yamllint disable rule:line-length
name: Claude Code
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened]
pull_request_review:
types: [submitted]
# Group by issue/PR number AND actor to prevent bot comments from canceling user runs
# Bot runs will be in separate groups and get skipped by job-level `if` conditions
concurrency:
group: >-
${{ github.workflow }}-${{
github.event.pull_request.number ||
github.event.review.pull_request.number ||
github.event.issue.number ||
github.ref
}}-${{ github.actor }}
cancel-in-progress: true
jobs:
claude:
# Only allow repo collaborators (OWNER, MEMBER, COLLABORATOR) to trigger @claude
# Exclude bots to prevent Claude's own comments from triggering/canceling runs
if: |
github.actor != 'dependabot[bot]' &&
github.actor != 'claude[bot]' &&
(
(github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '@claude') &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) ||
(github.event_name == 'pull_request_review_comment' &&
contains(github.event.comment.body, '@claude') &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) ||
(github.event_name == 'pull_request_review' &&
contains(github.event.review.body, '@claude') &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.review.author_association)) ||
(github.event_name == 'issues' &&
(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association))
)
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: write # Write access for pushing branches
pull-requests: write
issues: write
actions: read # Required by claude-code-action to access workflow run data
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 20
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version-file: ".nvmrc"
- name: Cache npm tools
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
id: at-claude-npm-tools-cache
with:
path: ~/.npm
key: ${{ runner.os }}-npm-lint-tools-v1
- name: Install linting tools
if: steps.at-claude-npm-tools-cache.outputs.cache-hit != 'true'
run: npm install -g markdownlint-cli2 prettier
- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@6e2bd52842c65e914eba5c8badd17560bd26b5de # v1.0.89
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
use_commit_signing: true
track_progress: true
additional_permissions: |
actions: read
claude_args: |
--model claude-opus-4-6
--allowedTools "Read,Edit,Write,Glob,Grep,Task,Bash(gh pr:*),Bash(gh issue:*),Bash(gh run:*),Bash(gh release:*),Bash(markdownlint-cli2:*),Bash(prettier:*),Bash(shellcheck:*),mcp__github_inline_comment__create_inline_comment,mcp__github_ci__get_ci_status,mcp__github_ci__download_job_log"