From bf86772eb3fa0e6273cf12247b8ca2386b9b1a67 Mon Sep 17 00:00:00 2001 From: Paul Hernandez <60959+phernandez@users.noreply.github.com> Date: Fri, 4 Apr 2025 21:17:57 -0500 Subject: [PATCH 01/14] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1a0aa3c..2724a9c 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ This GitHub Action integrates Claude Code in your GitHub workflows, enabling AI- ### 1. Add Claude to Your Repository -Create two simple workflow files to integrate Claude with your repository: +Create a workflow file to integrate Claude with your repository: **File: `.github/workflows/claude-code.yml`** ```yaml @@ -214,4 +214,4 @@ permissions: ## License -MIT \ No newline at end of file +MIT From 417d8819156ffa7beb4145dfa8d29fa5ced3360c Mon Sep 17 00:00:00 2001 From: phernandez Date: Fri, 4 Apr 2025 23:26:47 -0500 Subject: [PATCH 02/14] Add organization membership check and PAT support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added organization membership verification for issue requests - Added personal access token support for custom commit attribution - Updated documentation with new features - Bumped version to 0.6.0 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- README.md | 35 ++++++++++++------- action.yml | 14 ++++++-- package.json | 2 +- scripts/issue-analyze-mode.sh | 37 +++++++++++++++++++- scripts/issue-fix-mode.sh | 64 +++++++++++++++++++++++++++++++++-- 5 files changed, 134 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 2724a9c..2adf9b5 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ on: jobs: claude-integration: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.5.6 + uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.6.0 with: issue-label: 'claude-fix' # Optional: customize the trigger label secrets: @@ -47,7 +47,7 @@ on: jobs: claude-label-fix: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.5.6 + uses: fractureinc/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.6.0 with: issue-label: 'claude-fix' # Must match your chosen label secrets: @@ -97,15 +97,18 @@ The reusable workflows support several configuration options: ```yaml jobs: claude-integration: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.5.6 + uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.6.0 with: # All parameters are optional with sensible defaults - issue-label: 'claude-fix' # Label that triggers issue fixes - branch-prefix: 'fix' # Prefix for branches created by fixes - debug-mode: false # Enable verbose logging - strict-mode: true # When false, allows Claude to add improvements + issue-label: 'claude-fix' # Label that triggers issue fixes + branch-prefix: 'fix' # Prefix for branches created by fixes + require-org-membership: true # Only process issues from org members + organization: 'my-org' # Organization to check membership against + debug-mode: false # Enable verbose logging + strict-mode: true # When false, allows Claude to add improvements secrets: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} # Optional: For commit attribution ``` ### Label-Based Integration (`claude-label-fix.yml`) @@ -113,14 +116,17 @@ jobs: ```yaml jobs: claude-label-fix: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.5.6 + uses: fractureinc/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.6.0 with: # All parameters are optional with sensible defaults - issue-label: 'claude-fix' # Must match the label you're using - branch-prefix: 'fix' # Prefix for branches created by fixes - debug-mode: false # Enable verbose logging + issue-label: 'claude-fix' # Must match the label you're using + branch-prefix: 'fix' # Prefix for branches created by fixes + require-org-membership: true # Only process issues from org members + organization: 'my-org' # Organization to check membership against + debug-mode: false # Enable verbose logging secrets: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} # Optional: For commit attribution ``` Only repo maintainers with write access can add labels, providing security control over which issues Claude will fix. @@ -145,6 +151,9 @@ When using our reusable workflows, you only need to configure a few key options: |-----------|-------------|---------|---------| | `issue-label` | Label that triggers issue fixes | `claude-fix` | Both workflows | | `branch-prefix` | Prefix for branches created by fixes | `fix` | Both workflows | +| `require-org-membership` | Require the issue creator to be an organization member | `true` | Both workflows | +| `organization` | Organization name to check membership against | Repository owner | Both workflows | +| `personal-access-token` | Token for commits to override the default GitHub token | None | Both workflows | | `debug-mode` | Enable verbose logging | `false` | Both workflows | | `strict-mode` | Controls whether Claude adds improvements beyond what's requested | `true` | Comment workflow only | @@ -152,7 +161,7 @@ All parameters are optional and have sensible defaults. ## Enhanced Context for Claude -With version 0.5.6, Claude now receives complete context for your PRs and issues, including: +With version 0.6.0, Claude now receives complete context for your PRs and issues, including: - PR metadata (title, description, branch info) - Issue details (title, description, labels) @@ -211,6 +220,8 @@ permissions: - Only users with appropriate GitHub permissions can trigger Claude Code actions - For issue fixes, using the label-based approach gives you more control over who can trigger code changes - The `strict-mode` parameter limits Claude to only making requested changes +- The `require-org-membership` option ensures only organization members can use Claude for issues +- Using a personal access token for commits ensures proper attribution and bypasses CLA requirements ## License diff --git a/action.yml b/action.yml index d941b0e..65a8da4 100644 --- a/action.yml +++ b/action.yml @@ -29,6 +29,13 @@ inputs: description: 'Label that triggers issue fix workflows' required: false default: 'claude-fix' + require-org-membership: + description: 'Whether to require the issue creator to be an organization member to process the issue' + required: false + default: 'true' + organization: + description: 'The GitHub organization name to check membership against (defaults to the repo owner)' + required: false debug-mode: description: 'Enable full debug mode with shell tracing and Claude debug output' required: false @@ -55,6 +62,9 @@ inputs: github-token: description: 'GitHub token for API access' required: true + personal-access-token: + description: 'Optional personal access token for commits, to override the default GitHub token' + required: false output-file: description: 'Path to write the output to (for direct mode)' required: false @@ -111,11 +121,11 @@ runs: shell: bash run: | chmod +x ${{ github.action_path }}/scripts/issue-fix-mode.sh - ${{ github.action_path }}/scripts/issue-fix-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.branch-prefix }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.issue-label }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" + ${{ github.action_path }}/scripts/issue-fix-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.branch-prefix }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.issue-label }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}" - name: Process Issue Analysis if: inputs.mode == 'issue-analyze' shell: bash run: | chmod +x ${{ github.action_path }}/scripts/issue-analyze-mode.sh - ${{ github.action_path }}/scripts/issue-analyze-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" \ No newline at end of file + ${{ github.action_path }}/scripts/issue-analyze-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" \ No newline at end of file diff --git a/package.json b/package.json index a53c65a..2e43215 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "claude-code-github-action", - "version": "0.5.6", + "version": "0.6.0", "description": "GitHub action for Claude Code Integration in PR comments, reviews, inline code suggestions, and issue-based fixes", "main": "index.js", "scripts": { diff --git a/scripts/issue-analyze-mode.sh b/scripts/issue-analyze-mode.sh index 4fab8cf..a54112d 100755 --- a/scripts/issue-analyze-mode.sh +++ b/scripts/issue-analyze-mode.sh @@ -10,6 +10,8 @@ ANTHROPIC_API_KEY=$4 GITHUB_TOKEN=$5 DEBUG_MODE=${6:-"false"} FEEDBACK=$7 +REQUIRE_ORG_MEMBERSHIP=${8:-"true"} +ORGANIZATION=${9:-$REPO_OWNER} # Enable debug mode if requested if [[ "$DEBUG_MODE" == "true" ]]; then @@ -92,7 +94,7 @@ else FULL_REPO="$REPO_OWNER/$REPO_NAME" fi echo "Using repository: $FULL_REPO" -if ! ISSUE_DETAILS=$(gh issue view $ISSUE_NUMBER --repo "$FULL_REPO" --json title,body,labels); then +if ! ISSUE_DETAILS=$(gh issue view $ISSUE_NUMBER --repo "$FULL_REPO" --json title,body,labels,author); then echo "Error fetching issue details" exit 1 fi @@ -101,6 +103,39 @@ fi ISSUE_TITLE=$(echo "$ISSUE_DETAILS" | jq -r '.title') ISSUE_BODY=$(echo "$ISSUE_DETAILS" | jq -r '.body') ISSUE_LABELS=$(echo "$ISSUE_DETAILS" | jq -r '.labels[].name' | tr '\n' ',' | sed 's/,$//' || echo "none") +ISSUE_AUTHOR=$(echo "$ISSUE_DETAILS" | jq -r '.author.login') + +# Check if user is a member of the organization if required +if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then + echo "Checking if $ISSUE_AUTHOR is a member of organization $ORGANIZATION" + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) + + if [[ "$STATUS_CODE" != "204" ]]; then + echo "User $ISSUE_AUTHOR is not a member of organization $ORGANIZATION. Skipping Claude analysis." + + # Leave a comment on the issue explaining why the analysis is skipped + ISSUE_COMMENT=$(cat < Date: Sat, 5 Apr 2025 12:00:41 -0500 Subject: [PATCH 03/14] Update organization references to basicmachines-co and prepare for v0.7.0 release --- .github/workflows/claude-full.yml | 12 ++++++------ .github/workflows/claude-label-fix.yml | 2 +- .github/workflows/example-minimal.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/claude-full.yml b/.github/workflows/claude-full.yml index 0da4e3b..8973934 100644 --- a/.github/workflows/claude-full.yml +++ b/.github/workflows/claude-full.yml @@ -55,7 +55,7 @@ jobs: echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue analysis - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'issue-analyze' issue-number: ${{ steps.issue.outputs.number }} @@ -110,7 +110,7 @@ jobs: echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue fix - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'issue-fix' issue-number: ${{ steps.issue.outputs.number }} @@ -157,7 +157,7 @@ jobs: echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT - name: Process with Claude Code - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'review' pr-number: ${{ steps.pr.outputs.number }} @@ -192,7 +192,7 @@ jobs: echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT - name: Process with Claude Code Suggestions - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'suggest' pr-number: ${{ steps.pr.outputs.number }} @@ -237,7 +237,7 @@ jobs: echo "line=${LINE}" >> $GITHUB_OUTPUT - name: Process with Claude Code for code review comment - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'review' pr-number: ${{ steps.details.outputs.number }} @@ -280,7 +280,7 @@ jobs: echo "line=${LINE}" >> $GITHUB_OUTPUT - name: Process with Claude Code Suggestions for code review - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'suggest-review' pr-number: ${{ steps.details.outputs.number }} diff --git a/.github/workflows/claude-label-fix.yml b/.github/workflows/claude-label-fix.yml index 8ce7a15..8e110ed 100644 --- a/.github/workflows/claude-label-fix.yml +++ b/.github/workflows/claude-label-fix.yml @@ -47,7 +47,7 @@ jobs: git config --global user.email "claude-bot@example.com" - name: Process issue with Claude Code - uses: fractureinc/claude-code-github-action@v0.5.5 + uses: basicmachines-co/claude-code-github-action@v0.7.0 with: mode: 'issue-fix' issue-number: ${{ github.event.issue.number }} diff --git a/.github/workflows/example-minimal.yml b/.github/workflows/example-minimal.yml index 5dd7365..5f9935c 100644 --- a/.github/workflows/example-minimal.yml +++ b/.github/workflows/example-minimal.yml @@ -9,7 +9,7 @@ on: # This demonstrates how to use the reusable workflow for comment-based interactions jobs: claude-integration: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.5.6 + uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-full.yml@v0.7.0 with: # Optional customizations: issue-label: 'claude-fix' # The label used to trigger issue fixes From 7de3ac5e717ff7676bbc48c1251f36f1d4b616f8 Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 12:12:29 -0500 Subject: [PATCH 04/14] Add PERSONAL_ACCESS_TOKEN to claude-full.yml workflow --- .github/workflows/claude-full.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/claude-full.yml b/.github/workflows/claude-full.yml index 8973934..18eb562 100644 --- a/.github/workflows/claude-full.yml +++ b/.github/workflows/claude-full.yml @@ -26,6 +26,8 @@ on: secrets: ANTHROPIC_API_KEY: required: true + PERSONAL_ACCESS_TOKEN: + required: false jobs: # Handle issue analysis comments @@ -122,6 +124,7 @@ jobs: feedback: ${{ steps.issue.outputs.feedback }} anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }} github-token: ${{ github.token }} + personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - name: Upload claude output artifacts if: always() From decced3a7171ec2b8d88a9c7890327eb274c2290 Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 12:42:05 -0500 Subject: [PATCH 05/14] Fix organization membership check to use PERSONAL_ACCESS_TOKEN --- .github/workflows/claude-full.yml | 1 + scripts/issue-analyze-mode.sh | 16 +++++++++++++++- scripts/issue-fix-mode.sh | 15 ++++++++++++++- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/.github/workflows/claude-full.yml b/.github/workflows/claude-full.yml index 18eb562..0571446 100644 --- a/.github/workflows/claude-full.yml +++ b/.github/workflows/claude-full.yml @@ -67,6 +67,7 @@ jobs: debug-mode: ${{ inputs.debug-mode || 'false' }} anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }} github-token: ${{ github.token }} + personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - name: Upload claude output artifacts if: always() diff --git a/scripts/issue-analyze-mode.sh b/scripts/issue-analyze-mode.sh index a54112d..fbd260d 100755 --- a/scripts/issue-analyze-mode.sh +++ b/scripts/issue-analyze-mode.sh @@ -12,6 +12,7 @@ DEBUG_MODE=${6:-"false"} FEEDBACK=$7 REQUIRE_ORG_MEMBERSHIP=${8:-"true"} ORGANIZATION=${9:-$REPO_OWNER} +PERSONAL_ACCESS_TOKEN=${10:-$GITHUB_TOKEN} # Enable debug mode if requested if [[ "$DEBUG_MODE" == "true" ]]; then @@ -108,7 +109,20 @@ ISSUE_AUTHOR=$(echo "$ISSUE_DETAILS" | jq -r '.author.login') # Check if user is a member of the organization if required if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then echo "Checking if $ISSUE_AUTHOR is a member of organization $ORGANIZATION" - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + + # Temporarily use the personal access token for org membership check if provided + if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then + # Save current token auth + TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in") + # Switch to personal token for org check + echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + # Switch back to github token + echo "$GITHUB_TOKEN" | gh auth login --with-token + else + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + fi + STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) if [[ "$STATUS_CODE" != "204" ]]; then diff --git a/scripts/issue-fix-mode.sh b/scripts/issue-fix-mode.sh index b1ada93..37e8c4f 100755 --- a/scripts/issue-fix-mode.sh +++ b/scripts/issue-fix-mode.sh @@ -140,7 +140,20 @@ ISSUE_AUTHOR=$(echo "$ISSUE_DETAILS" | jq -r '.author.login') # Check if user is a member of the organization if required if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then echo "Checking if $ISSUE_AUTHOR is a member of organization $ORGANIZATION" - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + + # Temporarily use the personal access token for org membership check if provided + if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then + # Save current token auth + TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in") + # Switch to personal token for org check + echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + # Switch back to github token + echo "$GITHUB_TOKEN" | gh auth login --with-token + else + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + fi + STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) if [[ "$STATUS_CODE" != "204" ]]; then From 6efa8399721de98e3961ff618af643777e26b05c Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 12:54:01 -0500 Subject: [PATCH 06/14] Check comment author for organization membership in both issue-fix and issue-analyze modes --- .github/workflows/claude-full.yml | 6 ++++++ action.yml | 7 +++++-- scripts/issue-analyze-mode.sh | 20 +++++++++++++++----- 3 files changed, 26 insertions(+), 7 deletions(-) diff --git a/.github/workflows/claude-full.yml b/.github/workflows/claude-full.yml index 0571446..96cbda7 100644 --- a/.github/workflows/claude-full.yml +++ b/.github/workflows/claude-full.yml @@ -49,12 +49,14 @@ jobs: run: | ISSUE_NUMBER="${{ github.event.issue.number }}" FEEDBACK="${{ github.event.comment.body }}" + COMMENT_AUTHOR="${{ github.event.comment.user.login }}" # Remove the "claude:" prefix FEEDBACK="${FEEDBACK#claude:}" # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${ISSUE_NUMBER}" >> $GITHUB_OUTPUT echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue analysis uses: basicmachines-co/claude-code-github-action@v0.7.0 @@ -68,6 +70,7 @@ jobs: anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }} github-token: ${{ github.token }} personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + comment-author: ${{ steps.issue.outputs.comment_author }} - name: Upload claude output artifacts if: always() @@ -105,12 +108,14 @@ jobs: run: | ISSUE_NUMBER="${{ github.event.issue.number }}" FEEDBACK="${{ github.event.comment.body }}" + COMMENT_AUTHOR="${{ github.event.comment.user.login }}" # Remove the "claude-fix:" prefix FEEDBACK="${FEEDBACK#claude-fix:}" # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${ISSUE_NUMBER}" >> $GITHUB_OUTPUT echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue fix uses: basicmachines-co/claude-code-github-action@v0.7.0 @@ -126,6 +131,7 @@ jobs: anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }} github-token: ${{ github.token }} personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + comment-author: ${{ steps.issue.outputs.comment_author }} - name: Upload claude output artifacts if: always() diff --git a/action.yml b/action.yml index 65a8da4..e304162 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,9 @@ inputs: personal-access-token: description: 'Optional personal access token for commits, to override the default GitHub token' required: false + comment-author: + description: 'The GitHub username of the person who made the comment' + required: false output-file: description: 'Path to write the output to (for direct mode)' required: false @@ -121,11 +124,11 @@ runs: shell: bash run: | chmod +x ${{ github.action_path }}/scripts/issue-fix-mode.sh - ${{ github.action_path }}/scripts/issue-fix-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.branch-prefix }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.issue-label }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}" + ${{ github.action_path }}/scripts/issue-fix-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.branch-prefix }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.issue-label }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}" "${{ inputs.comment-author }}" - name: Process Issue Analysis if: inputs.mode == 'issue-analyze' shell: bash run: | chmod +x ${{ github.action_path }}/scripts/issue-analyze-mode.sh - ${{ github.action_path }}/scripts/issue-analyze-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" \ No newline at end of file + ${{ github.action_path }}/scripts/issue-analyze-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}" "${{ inputs.comment-author }}" \ No newline at end of file diff --git a/scripts/issue-analyze-mode.sh b/scripts/issue-analyze-mode.sh index fbd260d..64986ff 100755 --- a/scripts/issue-analyze-mode.sh +++ b/scripts/issue-analyze-mode.sh @@ -13,6 +13,7 @@ FEEDBACK=$7 REQUIRE_ORG_MEMBERSHIP=${8:-"true"} ORGANIZATION=${9:-$REPO_OWNER} PERSONAL_ACCESS_TOKEN=${10:-$GITHUB_TOKEN} +COMMENT_AUTHOR=${11:-""} # Enable debug mode if requested if [[ "$DEBUG_MODE" == "true" ]]; then @@ -108,25 +109,34 @@ ISSUE_AUTHOR=$(echo "$ISSUE_DETAILS" | jq -r '.author.login') # Check if user is a member of the organization if required if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then - echo "Checking if $ISSUE_AUTHOR is a member of organization $ORGANIZATION" + # Use the comment author for the org membership check if provided, otherwise fall back to issue author + CHECK_USER="${COMMENT_AUTHOR:-$ISSUE_AUTHOR}" + echo "Checking if $CHECK_USER is a member of organization $ORGANIZATION" + + # Debug output + echo "Comment Author: $COMMENT_AUTHOR" + echo "Issue Author: $ISSUE_AUTHOR" + echo "User being checked: $CHECK_USER" # Temporarily use the personal access token for org membership check if provided if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then + echo "Using Personal Access Token for organization membership check" # Save current token auth TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in") # Switch to personal token for org check echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) # Switch back to github token echo "$GITHUB_TOKEN" | gh auth login --with-token else - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + echo "Using GitHub Token for organization membership check" + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) fi STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) if [[ "$STATUS_CODE" != "204" ]]; then - echo "User $ISSUE_AUTHOR is not a member of organization $ORGANIZATION. Skipping Claude analysis." + echo "User $CHECK_USER is not a member of organization $ORGANIZATION. Skipping Claude analysis." # Leave a comment on the issue explaining why the analysis is skipped ISSUE_COMMENT=$(cat < Date: Sat, 5 Apr 2025 13:09:59 -0500 Subject: [PATCH 07/14] Update README with public org membership requirement and v0.10.0 references --- README.md | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2adf9b5..c38e0d5 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ on: jobs: claude-integration: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.6.0 + uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-full.yml@v0.10.0 with: issue-label: 'claude-fix' # Optional: customize the trigger label secrets: @@ -47,7 +47,7 @@ on: jobs: claude-label-fix: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.6.0 + uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.10.0 with: issue-label: 'claude-fix' # Must match your chosen label secrets: @@ -97,7 +97,7 @@ The reusable workflows support several configuration options: ```yaml jobs: claude-integration: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-full.yml@v0.6.0 + uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-full.yml@v0.10.0 with: # All parameters are optional with sensible defaults issue-label: 'claude-fix' # Label that triggers issue fixes @@ -116,7 +116,7 @@ jobs: ```yaml jobs: claude-label-fix: - uses: fractureinc/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.6.0 + uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-label-fix.yml@v0.10.0 with: # All parameters are optional with sensible defaults issue-label: 'claude-fix' # Must match the label you're using @@ -151,7 +151,7 @@ When using our reusable workflows, you only need to configure a few key options: |-----------|-------------|---------|---------| | `issue-label` | Label that triggers issue fixes | `claude-fix` | Both workflows | | `branch-prefix` | Prefix for branches created by fixes | `fix` | Both workflows | -| `require-org-membership` | Require the issue creator to be an organization member | `true` | Both workflows | +| `require-org-membership` | Require the comment author to be a public member of the organization | `true` | Both workflows | | `organization` | Organization name to check membership against | Repository owner | Both workflows | | `personal-access-token` | Token for commits to override the default GitHub token | None | Both workflows | | `debug-mode` | Enable verbose logging | `false` | Both workflows | @@ -161,7 +161,7 @@ All parameters are optional and have sensible defaults. ## Enhanced Context for Claude -With version 0.6.0, Claude now receives complete context for your PRs and issues, including: +With version 0.10.0, Claude receives complete context for your PRs and issues, including: - PR metadata (title, description, branch info) - Issue details (title, description, labels) @@ -223,6 +223,26 @@ permissions: - The `require-org-membership` option ensures only organization members can use Claude for issues - Using a personal access token for commits ensures proper attribution and bypasses CLA requirements +### Organization Membership Visibility Requirement + +When using `require-org-membership: true` (which is the default), the GitHub user who triggers Claude (by commenting with `claude:` or `claude-fix:`) must be a **public** member of the organization. + +**Important:** By default, GitHub organization memberships are private, which means the API cannot verify your membership. To make your membership public: + +1. **Go to your organization page**: `https://github.com/your-organization-name` +2. **Click on the "People" tab** +3. **Find your username** in the member list +4. **Click on the "Private" dropdown** next to your name +5. **Select "Make public"** + +Alternatively, you can do this from your profile: +1. Go to your GitHub profile +2. Click on "Organizations" in the left sidebar +3. Find the organization in the list +4. Click the "Make public" button + +This allows the GitHub API to verify your organization membership when you use Claude Code action. + ## License MIT From 1f4a5ce3a08b9aebb973d10d1e4315a7b49be108 Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 19:55:41 -0500 Subject: [PATCH 08/14] Fix backtick handling in issue-fix-mode.sh and bump version to 0.11.0 --- package.json | 2 +- scripts/issue-fix-mode.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 2e43215..d515301 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "claude-code-github-action", - "version": "0.6.0", + "version": "0.11.0", "description": "GitHub action for Claude Code Integration in PR comments, reviews, inline code suggestions, and issue-based fixes", "main": "index.js", "scripts": { diff --git a/scripts/issue-fix-mode.sh b/scripts/issue-fix-mode.sh index 37e8c4f..d5e2eea 100755 --- a/scripts/issue-fix-mode.sh +++ b/scripts/issue-fix-mode.sh @@ -192,7 +192,7 @@ git fetch origin $DEFAULT_BRANCH git checkout -b $FIX_BRANCH origin/$DEFAULT_BRANCH # Create prompt for Claude -CLAUDE_PROMPT=$(cat < Date: Sat, 5 Apr 2025 19:57:08 -0500 Subject: [PATCH 09/14] Update workflows to use v0.11.0 --- .github/workflows/claude-full.yml | 12 ++++++------ .github/workflows/claude-label-fix.yml | 2 +- .github/workflows/example-minimal.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/claude-full.yml b/.github/workflows/claude-full.yml index 96cbda7..8913fba 100644 --- a/.github/workflows/claude-full.yml +++ b/.github/workflows/claude-full.yml @@ -59,7 +59,7 @@ jobs: echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue analysis - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'issue-analyze' issue-number: ${{ steps.issue.outputs.number }} @@ -118,7 +118,7 @@ jobs: echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue fix - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'issue-fix' issue-number: ${{ steps.issue.outputs.number }} @@ -167,7 +167,7 @@ jobs: echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT - name: Process with Claude Code - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'review' pr-number: ${{ steps.pr.outputs.number }} @@ -202,7 +202,7 @@ jobs: echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT - name: Process with Claude Code Suggestions - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'suggest' pr-number: ${{ steps.pr.outputs.number }} @@ -247,7 +247,7 @@ jobs: echo "line=${LINE}" >> $GITHUB_OUTPUT - name: Process with Claude Code for code review comment - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'review' pr-number: ${{ steps.details.outputs.number }} @@ -290,7 +290,7 @@ jobs: echo "line=${LINE}" >> $GITHUB_OUTPUT - name: Process with Claude Code Suggestions for code review - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'suggest-review' pr-number: ${{ steps.details.outputs.number }} diff --git a/.github/workflows/claude-label-fix.yml b/.github/workflows/claude-label-fix.yml index 8e110ed..9feaeca 100644 --- a/.github/workflows/claude-label-fix.yml +++ b/.github/workflows/claude-label-fix.yml @@ -47,7 +47,7 @@ jobs: git config --global user.email "claude-bot@example.com" - name: Process issue with Claude Code - uses: basicmachines-co/claude-code-github-action@v0.7.0 + uses: basicmachines-co/claude-code-github-action@v0.11.0 with: mode: 'issue-fix' issue-number: ${{ github.event.issue.number }} diff --git a/.github/workflows/example-minimal.yml b/.github/workflows/example-minimal.yml index 5f9935c..d03c2e9 100644 --- a/.github/workflows/example-minimal.yml +++ b/.github/workflows/example-minimal.yml @@ -9,7 +9,7 @@ on: # This demonstrates how to use the reusable workflow for comment-based interactions jobs: claude-integration: - uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-full.yml@v0.7.0 + uses: basicmachines-co/claude-code-github-action/.github/workflows/claude-full.yml@v0.11.0 with: # Optional customizations: issue-label: 'claude-fix' # The label used to trigger issue fixes From d3c93dabe70d04199245480683f1602b3c502f28 Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 20:04:12 -0500 Subject: [PATCH 10/14] Fix special character handling in workflow scripts --- .github/workflows/claude-full.yml | 48 +++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/.github/workflows/claude-full.yml b/.github/workflows/claude-full.yml index 8913fba..e444b47 100644 --- a/.github/workflows/claude-full.yml +++ b/.github/workflows/claude-full.yml @@ -48,14 +48,18 @@ jobs: id: issue run: | ISSUE_NUMBER="${{ github.event.issue.number }}" - FEEDBACK="${{ github.event.comment.body }}" + # Use single quotes to prevent Bash from interpreting special characters + FEEDBACK='${{ github.event.comment.body }}' COMMENT_AUTHOR="${{ github.event.comment.user.login }}" # Remove the "claude:" prefix FEEDBACK="${FEEDBACK#claude:}" # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${ISSUE_NUMBER}" >> $GITHUB_OUTPUT - echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + # Use EOF to properly handle special characters in GITHUB_OUTPUT + echo "feedback<> $GITHUB_OUTPUT + echo "$FEEDBACK_CLEANED" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue analysis @@ -107,14 +111,18 @@ jobs: id: issue run: | ISSUE_NUMBER="${{ github.event.issue.number }}" - FEEDBACK="${{ github.event.comment.body }}" + # Use single quotes to prevent Bash from interpreting special characters + FEEDBACK='${{ github.event.comment.body }}' COMMENT_AUTHOR="${{ github.event.comment.user.login }}" # Remove the "claude-fix:" prefix FEEDBACK="${FEEDBACK#claude-fix:}" # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${ISSUE_NUMBER}" >> $GITHUB_OUTPUT - echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + # Use EOF to properly handle special characters in GITHUB_OUTPUT + echo "feedback<> $GITHUB_OUTPUT + echo "$FEEDBACK_CLEANED" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT - name: Process with Claude Code for issue fix @@ -158,13 +166,17 @@ jobs: id: pr run: | PR_NUMBER="${{ github.event.issue.number }}" - FEEDBACK="${{ github.event.comment.body }}" + # Use single quotes to prevent Bash from interpreting special characters + FEEDBACK='${{ github.event.comment.body }}' # Remove the "claude:" prefix FEEDBACK="${FEEDBACK#claude:}" # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${PR_NUMBER}" >> $GITHUB_OUTPUT - echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + # Use EOF to properly handle special characters in GITHUB_OUTPUT + echo "feedback<> $GITHUB_OUTPUT + echo "$FEEDBACK_CLEANED" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - name: Process with Claude Code uses: basicmachines-co/claude-code-github-action@v0.11.0 @@ -193,13 +205,17 @@ jobs: id: pr run: | PR_NUMBER="${{ github.event.issue.number }}" - FEEDBACK="${{ github.event.comment.body }}" + # Use single quotes to prevent Bash from interpreting special characters + FEEDBACK='${{ github.event.comment.body }}' # Remove the "claude-suggest:" prefix FEEDBACK="${FEEDBACK#claude-suggest:}" # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${PR_NUMBER}" >> $GITHUB_OUTPUT - echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + # Use EOF to properly handle special characters in GITHUB_OUTPUT + echo "feedback<> $GITHUB_OUTPUT + echo "$FEEDBACK_CLEANED" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - name: Process with Claude Code Suggestions uses: basicmachines-co/claude-code-github-action@v0.11.0 @@ -230,7 +246,8 @@ jobs: id: details run: | PR_NUMBER="${{ github.event.pull_request.number }}" - FEEDBACK="${{ github.event.comment.body }}" + # Use single quotes to prevent Bash from interpreting special characters + FEEDBACK='${{ github.event.comment.body }}' # Remove the "claude:" prefix FEEDBACK="${FEEDBACK#claude:}" COMMENT_ID="${{ github.event.comment.id }}" @@ -240,7 +257,10 @@ jobs: # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${PR_NUMBER}" >> $GITHUB_OUTPUT - echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + # Use EOF to properly handle special characters in GITHUB_OUTPUT + echo "feedback<> $GITHUB_OUTPUT + echo "$FEEDBACK_CLEANED" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT echo "comment_id=${COMMENT_ID}" >> $GITHUB_OUTPUT echo "file_path=${FILE_PATH}" >> $GITHUB_OUTPUT @@ -273,7 +293,8 @@ jobs: id: details run: | PR_NUMBER="${{ github.event.pull_request.number }}" - FEEDBACK="${{ github.event.comment.body }}" + # Use single quotes to prevent Bash from interpreting special characters + FEEDBACK='${{ github.event.comment.body }}' # Remove the "claude-suggest:" prefix FEEDBACK="${FEEDBACK#claude-suggest:}" COMMENT_ID="${{ github.event.comment.id }}" @@ -283,7 +304,10 @@ jobs: # Remove newlines from feedback to prevent GitHub Actions output issues FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')" echo "number=${PR_NUMBER}" >> $GITHUB_OUTPUT - echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT + # Use EOF to properly handle special characters in GITHUB_OUTPUT + echo "feedback<> $GITHUB_OUTPUT + echo "$FEEDBACK_CLEANED" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT echo "comment_id=${COMMENT_ID}" >> $GITHUB_OUTPUT echo "file_path=${FILE_PATH}" >> $GITHUB_OUTPUT From 7c8a192c17b92b4c0645409a69ce68d056f170f6 Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 20:15:15 -0500 Subject: [PATCH 11/14] Update issue-fix-mode.sh to check comment author instead of issue creator for org membership --- scripts/issue-fix-mode.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/scripts/issue-fix-mode.sh b/scripts/issue-fix-mode.sh index d5e2eea..9e126d6 100755 --- a/scripts/issue-fix-mode.sh +++ b/scripts/issue-fix-mode.sh @@ -15,6 +15,7 @@ FEEDBACK=$9 REQUIRE_ORG_MEMBERSHIP=${10:-"true"} ORGANIZATION=${11:-$REPO_OWNER} PERSONAL_ACCESS_TOKEN=${12:-$GITHUB_TOKEN} +COMMENT_AUTHOR=${13:-""} # Enable debug mode if requested if [[ "$DEBUG_MODE" == "true" ]]; then @@ -139,31 +140,40 @@ ISSUE_AUTHOR=$(echo "$ISSUE_DETAILS" | jq -r '.author.login') # Check if user is a member of the organization if required if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then - echo "Checking if $ISSUE_AUTHOR is a member of organization $ORGANIZATION" + # Use the comment author for the org membership check if provided, otherwise fall back to issue author + CHECK_USER="${COMMENT_AUTHOR:-$ISSUE_AUTHOR}" + echo "Checking if $CHECK_USER is a member of organization $ORGANIZATION" + + # Debug output + echo "Comment Author: $COMMENT_AUTHOR" + echo "Issue Author: $ISSUE_AUTHOR" + echo "User being checked: $CHECK_USER" # Temporarily use the personal access token for org membership check if provided if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then + echo "Using Personal Access Token for organization membership check" # Save current token auth TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in") # Switch to personal token for org check echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) # Switch back to github token echo "$GITHUB_TOKEN" | gh auth login --with-token else - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true) + echo "Using GitHub Token for organization membership check" + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) fi STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) if [[ "$STATUS_CODE" != "204" ]]; then - echo "User $ISSUE_AUTHOR is not a member of organization $ORGANIZATION. Skipping Claude fix." + echo "User $CHECK_USER is not a member of organization $ORGANIZATION. Skipping Claude fix." # Leave a comment on the issue explaining why the fix is skipped - ISSUE_COMMENT=$(cat < Date: Sat, 5 Apr 2025 20:18:49 -0500 Subject: [PATCH 12/14] Stop using personal access token for organization membership checks --- scripts/issue-analyze-mode.sh | 17 +++-------------- scripts/issue-fix-mode.sh | 17 +++-------------- 2 files changed, 6 insertions(+), 28 deletions(-) diff --git a/scripts/issue-analyze-mode.sh b/scripts/issue-analyze-mode.sh index 64986ff..0a0b4d4 100755 --- a/scripts/issue-analyze-mode.sh +++ b/scripts/issue-analyze-mode.sh @@ -118,20 +118,9 @@ if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then echo "Issue Author: $ISSUE_AUTHOR" echo "User being checked: $CHECK_USER" - # Temporarily use the personal access token for org membership check if provided - if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then - echo "Using Personal Access Token for organization membership check" - # Save current token auth - TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in") - # Switch to personal token for org check - echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) - # Switch back to github token - echo "$GITHUB_TOKEN" | gh auth login --with-token - else - echo "Using GitHub Token for organization membership check" - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) - fi + # Always use the GitHub token for org membership check + echo "Using GitHub Token for organization membership check" + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) diff --git a/scripts/issue-fix-mode.sh b/scripts/issue-fix-mode.sh index 9e126d6..4e24b66 100755 --- a/scripts/issue-fix-mode.sh +++ b/scripts/issue-fix-mode.sh @@ -149,20 +149,9 @@ if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then echo "Issue Author: $ISSUE_AUTHOR" echo "User being checked: $CHECK_USER" - # Temporarily use the personal access token for org membership check if provided - if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then - echo "Using Personal Access Token for organization membership check" - # Save current token auth - TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in") - # Switch to personal token for org check - echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) - # Switch back to github token - echo "$GITHUB_TOKEN" | gh auth login --with-token - else - echo "Using GitHub Token for organization membership check" - ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) - fi + # Always use the GitHub token for org membership check + echo "Using GitHub Token for organization membership check" + ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true) STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2) From ee0551c0ec02297b2f58307554d00e5abbe594ea Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 20:24:49 -0500 Subject: [PATCH 13/14] Add --sign-off to git commits for DCO checks --- scripts/issue-fix-mode.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/issue-fix-mode.sh b/scripts/issue-fix-mode.sh index 4e24b66..0eac69c 100755 --- a/scripts/issue-fix-mode.sh +++ b/scripts/issue-fix-mode.sh @@ -276,7 +276,7 @@ EOF # Commit the changes echo "Committing changes..." git add . -git commit -m "$COMMIT_MESSAGE" +git commit -s -m "$COMMIT_MESSAGE" # Push the branch echo "Pushing branch to remote..." From cff30567ca0ad1572129511ca46922b7cf2a569b Mon Sep 17 00:00:00 2001 From: phernandez Date: Sat, 5 Apr 2025 20:36:00 -0500 Subject: [PATCH 14/14] Update PR title format to use lowercase fix: for semantic commits --- scripts/issue-fix-mode.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/issue-fix-mode.sh b/scripts/issue-fix-mode.sh index 0eac69c..b778574 100755 --- a/scripts/issue-fix-mode.sh +++ b/scripts/issue-fix-mode.sh @@ -301,7 +301,7 @@ EOF # Create the PR echo "Creating pull request..." -PR_URL=$(gh pr create --repo "$FULL_REPO" --title "Fix: $ISSUE_TITLE" --body "$PR_BODY" --base "$DEFAULT_BRANCH" --head "$FIX_BRANCH") +PR_URL=$(gh pr create --repo "$FULL_REPO" --title "fix: $ISSUE_TITLE" --body "$PR_BODY" --base "$DEFAULT_BRANCH" --head "$FIX_BRANCH") # Add a comment to the issue ISSUE_COMMENT=$(cat <