Add Claude Code Review workflow

* "Claude PR Assistant workflow"

* "Claude Code Review workflow"

* Fix permissions for Claude Code Review workflow

Change pull-requests and issues permissions from read to write
so Claude can leave review comments.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Use ANTHROPIC_API_KEY instead of OAuth token

Simplify authentication by using direct API key.
Also simplified the review prompt.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Add explicit github_token to workflow

OIDC token doesn't work for cross-fork PRs,
using explicit GITHUB_TOKEN instead.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Use pull_request_target to access secrets from fork PRs

GitHub doesn't pass secrets to workflows triggered by pull_request
from forks. Using pull_request_target allows access to secrets
while still reviewing the PR code.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Support both auto-review and interactive @claude mentions

- pull_request_target: auto-review for all PRs (forks + internal)
- issue_comment: respond to @claude mentions in comments
- Updated prompt for Java/Spring focus

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: a-simeshin

.github/workflows/claude-code-review.yml

@@ -0,0 +1,43 @@
+name: Claude Code
+
+on:
+  # Auto-review on PR events (works for both internal PRs and forks)
+  pull_request_target:
+    types: [opened, synchronize, ready_for_review, reopened]
+  # Interactive mode: respond to @claude mentions in comments
+  issue_comment:
+    types: [created]
+
+jobs:
+  claude:
+    # Run for PR events OR when @claude is mentioned in a comment
+    if: |
+      github.event_name == 'pull_request_target' ||
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+          fetch-depth: 1
+
+      - name: Run Claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          prompt: |
+            Review this pull request. Focus on:
+            - Code quality and best practices for Java/Spring
+            - Potential bugs or issues
+            - Security concerns
+            - Performance considerations
+            Provide constructive feedback in Russian or English based on PR language.
+

.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+