test: multi-pass pipeline with linter-rule-judge #51

	name: Warden

	on:
	pull_request:
	types: [opened, synchronize, reopened]

	permissions:
	contents: read
	pull-requests: write
	checks: write

	jobs:
	review:
	runs-on: ubuntu-latest
	env:
	CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Strip newlines from OAuth token
	run: echo "CLAUDE_CODE_OAUTH_TOKEN=$(printf '%s' "$CLAUDE_CODE_OAUTH_TOKEN" \| tr -d '\n\r\t ')" >> "$GITHUB_ENV"

	# Build warden from source (testing feat/multi-pass-pipeline)
	- uses: actions/checkout@v4
	with:
	repository: getsentry/warden
	ref: feat/multi-pass-pipeline
	path: .warden-src

	- uses: pnpm/action-setup@v4
	with:
	version: 10

	- uses: actions/setup-node@v4
	with:
	node-version: 22
	cache: pnpm
	cache-dependency-path: .warden-src/pnpm-lock.yaml

	- name: Build warden from source
	run: cd .warden-src && pnpm install --frozen-lockfile && pnpm build \|\| true && pnpm build:action

	- name: Install Claude Code CLI
	run: \|
	CLAUDE_CODE_VERSION="2.1.32"
	for attempt in 1 2 3; do
	if curl -fsSL https://claude.ai/install.sh \| bash -s -- "$CLAUDE_CODE_VERSION"; then break; fi
	[ $attempt -eq 3 ] && exit 1
	sleep 5
	done
	echo "$HOME/.local/bin" >> "$GITHUB_PATH"

	- name: Run Warden
	id: warden
	env:
	INPUT_GITHUB_TOKEN: ${{ github.token }}
	INPUT_CONFIG_PATH: warden.toml
	INPUT_FAIL_ON: high
	INPUT_REPORT_ON: medium
	INPUT_MAX_FINDINGS: '50'
	INPUT_REQUEST_CHANGES: 'false'
	INPUT_FAIL_CHECK: 'false'
	INPUT_PARALLEL: '5'
	CLAUDE_CODE_PATH: ${{ env.HOME }}/.local/bin/claude
	run: node .warden-src/dist/action/index.js

Provide feedback