osa/.github/workflows/claude-code-review.yml at bf0a64332846d2e95b5e57484bd994e29f91831d · OpenScience-Collective/osa · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Claude Code Review

on:
  # Same-repo branches: full access to secrets and write permissions
  pull_request:
    types: [opened, synchronize, ready_for_review, reopened]
  # Fork PRs: runs in base repo context with secrets access
  pull_request_target:
    types: [opened, synchronize, ready_for_review, reopened]

jobs:
  claude-review:
    # Only review PRs from external contributors, skip duplicates:
    # - pull_request for same-repo branches (has secrets access)
    # - pull_request_target for fork PRs only (provides secrets access that pull_request lacks for forks)
    if: |
      github.event.pull_request.user.login != 'neuromechanist' &&
      !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) &&
      !(github.event_name == 'pull_request_target' && !github.event.pull_request.head.repo.fork)
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      issues: read
      id-token: write
      actions: read

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          # For fork PRs via pull_request_target, check out the PR head safely
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 1

      - name: Review and fix PR
        uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          additional_permissions: |
            actions: read
          prompt: |
            Review this pull request thoroughly. For each issue found:

            1. Classify severity: critical, important, or suggestion
            2. For critical and important issues: fix them directly by editing the code and pushing a commit
            3. For suggestions that clearly improve code quality and are not false positives: fix them too
            4. Skip suggestions that are stylistic preferences or false positives

            Follow the project's code style (ruff formatting, type hints, no mocks in tests).
            Do not add AI attribution to commits.
            Keep commit messages concise (<50 chars, no emojis).

            After making fixes, leave a PR comment summarizing what was found and what was fixed.
            If you cannot push to the PR branch (e.g., fork PRs), leave detailed review comments instead.