diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 7898434..bfd92a6 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -4,51 +4,49 @@ on: pull_request: types: [opened, synchronize, ready_for_review, reopened] +concurrency: + group: claude-code-review-${{ github.event.pull_request.number }} + cancel-in-progress: true + jobs: claude-review: + if: github.event.pull_request.user.login != 'dependabot[bot]' runs-on: ubuntu-latest permissions: - contents: read + contents: write pull-requests: write issues: read - actions: write id-token: write + actions: read steps: - name: Checkout repository + timeout-minutes: 60 uses: actions/checkout@v4 with: - fetch-depth: 1 + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 - name: Run Claude Code Review id: claude-review - uses: anthropics/claude-code-action@v1.0.88 + timeout-minutes: 60 + uses: anthropics/claude-code-action@v1 with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} use_sticky_comment: true track_progress: true allowed_bots: 'claude,claude[bot]' + additional_permissions: | + actions: read + plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' + plugins: 'code-review@claude-code-plugins' prompt: | - REPO: ${{ github.repository }} - PR NUMBER: ${{ github.event.pull_request.number }} - - Review this pull request. For each changed skill file: - - Check that the frontmatter (name, description) is accurate and well-written - - Flag any hardcoded secrets, tokens, or personal data that should be env vars - - Note any broken references (paths, tool names, commands that don't exist) - - Call out anything that contradicts how the skill actually works - - Keep feedback concise and actionable. Skip praise. - Use inline comments for specific code issues. - Use `gh pr comment` for top-level feedback. - If everything looks good and there are no issues, post a comment saying "LGTM" followed by one sentence summarizing what you reviewed. + /code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }} --comment - REVIEW SUBMISSION: - After completing your review, submit a formal GitHub review using gh pr review: - - If you found issues: `gh pr review ${{ github.event.pull_request.number }} --request-changes --body "Summary of issues found"` - - If LGTM: `gh pr review ${{ github.event.pull_request.number }} --approve --body "LGTM - brief summary"` - If gh pr review fails (e.g. permissions), fall back to posting a comment with `gh pr comment` instead. - claude_args: | - --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr review:*)" - --model claude-opus-4-6 - --fallback-model claude-sonnet-4-6 + Additional checks for this repo (skill files): + - Flag hardcoded secrets, tokens, or personal data that should be env vars or placeholders. + - Check that frontmatter (name, description) in skill .md files is accurate and well-written. + - Flag broken references: paths, tool names, or commands that do not exist. + - For every deleted function call or side effect, grep to find what depended on it. A removed side effect with no replacement is a bug. + # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md + # or https://docs.anthropic.com/en/docs/claude-code/sdk#command-line for available options