Remove secrets from Claude Code workflow caller

The reusable Claude Code workflow in eng-dev-ecosystem now uses GitHub
OIDC federation instead of static secrets, so callers no longer need
to pass any credentials.

Co-authored-by: Isaac

Author: shreyas-goenka

.github/workflows/claude-code.yml

@@ -15,26 +15,23 @@ jobs:
   review:
     if: github.event_name == 'pull_request'
     uses: databricks-eng/eng-dev-ecosystem/.github/workflows/claude-code.yml@main
-    secrets:
-      DATABRICKS_SP_CLIENT_ID: ${{ secrets.DATABRICKS_SP_CLIENT_ID }}
-      DATABRICKS_SP_CLIENT_SECRET: ${{ secrets.DATABRICKS_SP_CLIENT_SECRET }}
     with:
-      prompt: "Review this PR. Focus on correctness, error handling, and adherence to the project's Go conventions documented in CLAUDE.md."
+      prompt: "Review this PR. Focus on correctness, error handling, and adherence to the project's Go conventions documented in CLAUDE.md. Post your review as a PR comment. If you have no issues to raise, post a short comment saying the PR looks good."
       allowed_tools: |
+        Bash(gh pr diff)
+        Bash(gh pr comment)
+        Bash(grep)
         Read
         Glob
         Grep
-      claude_args: "--max-turns 10"
+      claude_args: "--max-turns 100"
 
   # Interactive @claude mentions — Claude can make changes and push commits.
   assist:
     if: |
       (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
       (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
     uses: databricks-eng/eng-dev-ecosystem/.github/workflows/claude-code.yml@main
-    secrets:
-      DATABRICKS_SP_CLIENT_ID: ${{ secrets.DATABRICKS_SP_CLIENT_ID }}
-      DATABRICKS_SP_CLIENT_SECRET: ${{ secrets.DATABRICKS_SP_CLIENT_SECRET }}
     with:
       allowed_tools: |
         Bash(make lint)
@@ -46,4 +43,4 @@ jobs:
         Write
         Glob
         Grep
-      claude_args: "--max-turns 20"
+      claude_args: "--max-turns 100"