-
Notifications
You must be signed in to change notification settings - Fork 0
186 lines (152 loc) · 6.5 KB
/
claude-code-review.yml
File metadata and controls
186 lines (152 loc) · 6.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
name: Claude Code Review
on:
pull_request:
types: [opened, synchronize, ready_for_review]
workflow_dispatch:
inputs:
pr_number:
description: 'PR number to review'
required: true
type: number
jobs:
# Pre-check: Detect if PR only modifies Claude workflow files
# If so, skip gracefully (not fail) to allow other reviewers to approve
check-files:
name: Check Changed Files
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
outputs:
skip_claude: ${{ steps.check.outputs.skip }}
steps:
- name: Check for Claude workflow-only changes
id: check
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
# Get all changed files in this PR
FILES=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json files -q '.files[].path')
# Check if ANY file is NOT a claude workflow file
if echo "$FILES" | grep -qvE '^\.github/workflows/claude'; then
echo "PR contains non-workflow files - Claude will review"
echo "skip=false" >> "$GITHUB_OUTPUT"
else
echo "PR only modifies Claude workflow files - skipping self-review"
echo "skip=true" >> "$GITHUB_OUTPUT"
fi
claude-review:
name: Claude Review
needs: check-files
# Skip if: workflow-only PR, draft, bot, or AI branch
if: |
needs.check-files.outputs.skip_claude != 'true' &&
!github.event.pull_request.draft &&
github.event.pull_request.user.login != 'dependabot[bot]' &&
github.event.pull_request.user.login != 'renovate[bot]' &&
!startsWith(github.event.pull_request.head.ref, 'claude/') &&
!startsWith(github.event.pull_request.head.ref, 'copilot/')
runs-on: ubuntu-latest
# Don't block PR if Claude Code Action has infrastructure issues
continue-on-error: true
permissions:
contents: write
pull-requests: write
issues: read
id-token: write
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
additional_permissions: |
actions: read
prompt: |
# Code Review Task
**Repository:** ${{ github.repository }}
**PR Number:** ${{ github.event.pull_request.number || inputs.pr_number }}
**Author:** ${{ github.event.pull_request.user.login }}
**Branch:** ${{ github.event.pull_request.head.ref }}
## Repository Context
This is a **Claude Code plugin marketplace**:
- Contains: SKILL.md files, plugin.json, shell scripts, YAML workflows
- **FORBIDDEN:** C#/.NET code
## Review Checklist
1. **SKILL.md Quality**
- Clear step-by-step workflows
- No phantom tool references
- No vague instructions like "do something"
- Actionable, specific guidance
2. **Plugin Schema**
- Valid plugin.json syntax
- Required fields present (name, version, description)
- Correct capability declarations
3. **Shell Scripts**
- Shellcheck compliance
- Proper quoting of variables
- No hardcoded paths or secrets
- Portable syntax (bash vs sh)
4. **Configuration Files**
- Valid JSON/YAML syntax
- .mcp.json references correct server paths
5. **CHANGELOG.md**
- Updated for any user-facing changes
6. **Content Violations (CRITICAL)**
- NO C# code (.cs files)
- NO .NET project files (.csproj)
- This repo contains plugins only!
## Steps
1. Run `gh pr diff ${{ github.event.pull_request.number || inputs.pr_number }}` to see changes
2. Read CLAUDE.md or README.md for repository conventions
3. Analyze the changes against the checklist
4. Submit a formal review using `gh pr review`
## Submit Review
```bash
gh pr review ${{ github.event.pull_request.number || inputs.pr_number }} \
--approve|--request-changes|--comment \
--body "## Claude Code Review (Opus 4.6)
**Verdict:** ✅ APPROVED | ⚠️ CHANGES REQUESTED | 💬 COMMENT
### Summary
[Brief description of what this PR does]
### Findings
[Issues found, categorized by severity]
### Strengths
[What was done well]
---
*Autonomous review by Claude Opus 4.6*"
```
**Decision Guide:**
- `--approve`: No blocking issues, plugin config is valid
- `--request-changes`: Invalid JSON or broken references
- `--comment`: Suggestions only, nothing blocking
claude_args: '--model claude-opus-4-6 --allowed-tools "Bash(gh pr merge:*),Bash(gh pr review:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh pr edit:*),Bash(gh pr ready:*),Bash(gh issue view:*),Bash(gh issue list:*),Bash(gh search:*),Bash(cat:*),Bash(head:*),Bash(tail:*),Bash(grep:*),Bash(find:*),Bash(ls:*),Bash(jq:*),Bash(yq:*)"'
# Graceful skip notification - runs when Claude skips self-review
skip-notification:
name: Skip Notification
needs: check-files
if: needs.check-files.outputs.skip_claude == 'true'
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Post skip notification
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
gh pr comment "$PR_NUMBER" --repo "${{ github.repository }}" --body "## Claude Code Review - Skipped
This PR only modifies Claude workflow files. Claude cannot review changes to its own workflow (security measure).
**Alternative reviewers:**
- CodeRabbit (Tier 3a auto-merge)
- Codex Code Review
- Human codeowner (@ANcpLua)
- Other AI reviewers (Gemini, Copilot)
---
*This is expected behavior, not an error.*"