Skip to content

dev-inf: Use GITHUB_TOKEN for Claude Code review action #154856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 6, 2025
Merged

dev-inf: Use GITHUB_TOKEN for Claude Code review action #154856

merged 2 commits into from
Oct 6, 2025
+5 −0

Conversation

ajstorm
Copy link
Collaborator

@ajstorm ajstorm commented Oct 6, 2025

The action's OIDC token exchange is failing, likely because the GitHub
app isn't configured to accept OIDC tokens from this workflow. By
explicitly providing the built-in GITHUB_TOKEN, we bypass the OIDC
exchange entirely.

The built-in token has sufficient permissions for PR analysis and
commenting, which is all this workflow needs.

🤖 Generated with Claude Code

@ajstorm
dev-inf: Use GITHUB_TOKEN for Claude Code review action
eaab577 
The action's OIDC token exchange is failing, likely because the GitHub
app isn't configured to accept OIDC tokens from this workflow. By
explicitly providing the built-in GITHUB_TOKEN, we bypass the OIDC
exchange entirely.

The built-in token has sufficient permissions for PR analysis and
commenting, which is all this workflow needs.

Release note: None
Epic: None
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@ajstorm ajstorm requested a review from rickystewart October 6, 2025 13:17
@ajstorm ajstorm marked this pull request as ready for review October 6, 2025 13:17
@ajstorm ajstorm requested a review from a team as a code owner October 6, 2025 13:17
@ajstorm
dev-inf: Checkout PR head SHA for Claude Code review action
a39066a 
When using pull_request_target, the workflow runs in the context of the
base branch. By default, checkout merges with the target branch, which
could result in the LLM reporting on things that don't appear to
actually exist in the PR.

Explicitly set ref to the PR head SHA to analyze the actual PR code.

Release note: None
Epic: None
@ajstorm
Copy link
Collaborator Author

ajstorm commented Oct 6, 2025

bors r=rickystewart

@craig
Copy link
Contributor

craig bot commented Oct 6, 2025

Build succeeded:

@craig craig bot merged commit 1f663ab into cockroachdb:master Oct 6, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rickystewart rickystewart rickystewart approved these changes

Assignees
No one assigned
Labels
target-release-26.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ajstorm @cockroach-teamcity @rickystewart