Skip to content

Sync Claude workflows from workspace #1772

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tarrencev wants to merge 1 commit into from
Closed

Sync Claude workflows from workspace #1772

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 87 additions & 32 deletions .github/workflows/claude-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,21 @@
name: claude-code-review
name: claude

on:
pull_request:
types: [opened, synchronize]

jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
pull-requests: write
Copy link
Contributor

@claude claude bot Jun 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Security Note: Changing from pull-requests: read to pull-requests: write grants the workflow permission to create/modify PR reviews and comments.

This is required for the inline review functionality, but ensure this is intentional since it grants broader permissions to the workflow. The anthropics/claude-code-action should be trusted, but it's worth documenting this permission escalation.

issues: read
id-token: write

Expand All @@ -19,8 +25,30 @@ jobs:
with:
fetch-depth: 1

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"

- name: Install ast-grep
run: |
npm install -g @ast-grep/cli
ast-grep --version

- name: Check if commit is from Claude
id: check-author
run: |
AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae')
AUTHOR_NAME=$(git log -1 --pretty=format:'%an')
if [[ "$AUTHOR_EMAIL" == *"claude[bot]"* ]] || [[ "$AUTHOR_NAME" == *"claude[bot]"* ]]; then
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "skip=false" >> $GITHUB_OUTPUT
fi

- name: Run Claude Code Review
id: claude-review
if: steps.check-author.outputs.skip != 'true'
uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
Expand All @@ -30,33 +58,60 @@ jobs:

# Direct prompt for automated review (no @claude mention needed)
direct_prompt: |
Please review this pull request and provide feedback on:
- Code quality and best practices
- Potential bugs or issues
- Performance considerations
- Security concerns
- Test coverage

Be constructive and helpful in your feedback.

# Optional: Customize review based on file types
# direct_prompt: |
# Review this PR focusing on:
# - For TypeScript files: Type safety and proper interface usage
# - For API endpoints: Security, input validation, and error handling
# - For React components: Performance, accessibility, and best practices
# - For tests: Coverage, edge cases, and test quality

# Optional: Different prompts for different authors
# direct_prompt: |
# ${{ github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' &&
# 'Welcome! Please review this PR from a first-time contributor. Be encouraging and provide detailed explanations for any suggestions.' ||
# 'Please provide a thorough code review focusing on our coding standards and best practices.' }}

# Optional: Add specific tools for running tests or linting
# allowed_tools: "Bash(npm run test),Bash(npm run lint),Bash(npm run typecheck)"

# Optional: Skip review for certain conditions
# if: |
# !contains(github.event.pull_request.title, '[skip-review]') &&
# !contains(github.event.pull_request.title, '[WIP]')
Please review this frontend PR and provide inline feedback using the GitHub review system. Follow these steps:

1. **Start a review**: Use `mcp__github__create_pending_pull_request_review` to begin a pending review
2. **Get diff information**: Use `mcp__github__get_pull_request_diff` to understand the code changes and line numbers
3. **Add inline comments**: Use `mcp__github__add_pull_request_review_comment_to_pending_review` for each specific piece of feedback on particular lines, including code change suggestions where appropriate using multiline comments and the suggestion syntax:

```suggestion
// Example TypeScript improvement
const result: ApiResponse<User> = await fetchUser(userId);
if (result.error) {
throw new Error(result.error.message);
}
```

4. **Submit the review**: Use `mcp__github__submit_pending_pull_request_review` with event type "COMMENT" (not "REQUEST_CHANGES") to publish all comments as a non-blocking review

Only comment when something is off, wrong, or could be improved but don't be overly pedantic; if a given implementation is already good, do not comment on it.

Focus your review on:

**TypeScript & React:**
- Type safety and proper interface usage
- React component best practices and patterns
- Hook usage and lifecycle management
- State management and side effects
- Component composition and reusability

**Web3 & Gaming Integration:**
- Starknet wallet integration security
- WebAuthn implementation best practices
- Session management and authentication flows
- Gaming API integrations and error handling
- Iframe security and cross-origin considerations

**Performance & UX:**
- Bundle size and code splitting optimization
- React rendering optimization (useMemo, useCallback)
- Loading states and error boundaries
- Accessibility considerations
- Mobile responsiveness and touch interactions

**Testing & Quality:**
- Component testing coverage and quality
- Integration test completeness
- Mock usage and test isolation
- Edge case handling

**Security:**
- Input validation and sanitization
- Secure storage of sensitive data
- Cross-site scripting (XSS) prevention
- Content Security Policy adherence

Provide specific, actionable feedback with inline comments and suggestions for line-specific issues and include an concise overall summary when submitting the review. **Important**: Submit as "COMMENT" type so the review doesn't block the PR.

# Add MCP GitHub tools for inline comments and project-specific testing
allowed_tools: "mcp__github__create_pending_pull_request_review,mcp__github__add_pull_request_review_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff,Bash(pnpm dev),Bash(pnpm test),Bash(pnpm build),Bash(pnpm lint)"
Copy link
Contributor

@claude claude bot Jun 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The direct_prompt is quite extensive (~4.5KB). While comprehensive, consider that GitHub Actions has environment variable size limits (~32KB total). If you add more content or have many environment variables, you might hit limits.

Consider splitting the prompt into multiple sections or referencing a separate documentation file if it grows larger.

Copy link
Contributor

@claude claude bot Jun 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The allowed_tools list grants access to both MCP GitHub tools and pnpm commands. This looks appropriate for the repository's needs based on the CLAUDE.md file.

Consider if you need all these tools for every review, or if some could be conditional based on the changes (e.g., only run pnpm test if test files are modified). However, for comprehensive reviews, this set makes sense.

Loading