Add Claude Code GitHub Workflow

[obro79]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[claude]

Code Review: Claude Code GitHub Actions Integration

Thank you for adding Claude Code integration to the Tower repository! This is a well-structured PR that will enable AI-assisted development workflows.

✅ Strengths

1. Good Workflow Structure - Both workflow files are well-organized with clear purposes

2. Appropriate Permissions - Correctly scoped with read-only access where possible

3. Helpful Documentation - Excellent PR description with clear context

4. Security-Conscious Design - Uses GitHub secrets, limited tool access, includes safeguards

🔍 Issues and Recommendations

1. Tool Access Scope (Medium Priority)

Issue: Line 56 in claude-code-review.yml has restricted tools that may prevent thorough code reviews. Claude cannot read repository files to perform deep analysis.

Recommendation: Add Read, Glob, and Grep tools:

claude_args: '--allowed-tools "Read,Glob,Grep,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

2. Fetch Depth (Low Priority)

Issue: Both workflows use fetch-depth: 1 which may limit context for code reviews.

Recommendation: Consider fetch-depth: 0 or 10 for the review workflow to access git history.

3. Missing CLAUDE.md (Medium Priority)

Issue: The prompt references CLAUDE.md for style guidelines, but this file doesn't exist in the repository.

Recommendation: Either create CLAUDE.md with repository conventions OR remove this reference from the prompt.

4. Workflow Trigger Optimization (Low Priority)

Issue: Auto-review triggers on ALL PRs which could consume significant API quota.

Recommendation: Consider filtering by contributor status, file paths, or using label-based triggers.

🎯 Best Practices

Good practices observed: Clean YAML formatting, descriptive names, proper conditionals, latest action versions, secure secret management.

Minor suggestions:

• Add timeout-minutes: 30 to prevent runaway jobs
• Consider continue-on-error: true for the review step

📊 Summary

Category	Rating
Code Quality	⭐⭐⭐⭐⭐
Security	⭐⭐⭐⭐☆
Documentation	⭐⭐⭐⭐⭐
Best Practices	⭐⭐⭐⭐☆
Completeness	⭐⭐⭐⭐☆

✨ Overall Assessment

Recommendation: ✅ Approve with minor suggestions

This is a well-implemented PR that adds valuable AI capabilities to Tower. The code quality is excellent and security is thoughtfully considered. The issues identified are minor optimizations rather than critical bugs. The workflows are production-ready!

Great work on bringing Claude Code to Tower! 🎉

[AndyJLi0]

Goated pr. lgtm