Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds GitHub Actions workflows to integrate Claude Code, an AI coding assistant, into the repository. The integration allows users to interact with Claude by mentioning @claude in comments, and also provides automated code review capabilities on pull requests.
Changes:
- Added
.github/workflows/claude.ymlfor on-demand Claude interactions via @claude mentions in issues and PR comments - Added
.github/workflows/claude-code-review.ymlfor automatic Claude code reviews on all pull requests
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/claude.yml |
Workflow that triggers Claude when @claude is mentioned in PR comments, issue comments, reviews, or new issues |
.github/workflows/claude-code-review.yml |
Workflow that automatically runs Claude code reviews on all pull requests when opened, synchronized, or reopened |
.github/workflows/claude.yml
Outdated
| contents: read | ||
| pull-requests: read | ||
| issues: read |
There was a problem hiding this comment.
The permissions for this workflow are insufficient for Claude to perform its intended functions. According to the PR description, Claude should be able to "create comments, branches, and commits", but the current permissions only allow read access.
The workflow needs write permissions added:
contents: write- to create branches and commitspull-requests: write- to create/update PR commentsissues: write- to create/update issue comments
Without these permissions, Claude will fail when attempting to write any changes or responses back to the repository.
| contents: read | |
| pull-requests: read | |
| issues: read | |
| contents: write | |
| pull-requests: write | |
| issues: write |
| pull-requests: read | ||
| issues: read |
There was a problem hiding this comment.
The permissions for this automated code review workflow are insufficient. The workflow only has read permissions, but needs write permissions to post review comments and feedback.
Add write permissions:
pull-requests: write- to post review commentsissues: write- to create comments on the PR
Without these permissions, Claude will be unable to post its code review feedback.
| pull-requests: read | |
| issues: read | |
| pull-requests: write | |
| issues: write |
There was a problem hiding this comment.
Agree with co pilot here, seems like these permissions are too strict?
| claude-review: | ||
| # Optional: Filter by PR author | ||
| # if: | | ||
| # github.event.pull_request.user.login == 'external-contributor' || | ||
| # github.event.pull_request.user.login == 'new-developer' || | ||
| # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' |
There was a problem hiding this comment.
This workflow will run automatically on every pull request (opened, synchronize, ready_for_review, reopened) without any filtering. This could result in:
- Unnecessary Claude API costs for every PR
- Potential noise from automated reviews on all PRs, including trivial ones
- Slower PR workflows due to waiting for automated reviews
Consider uncommenting and configuring the author filter (lines 15-19) to limit automatic reviews to specific users or first-time contributors, or add path filtering (lines 6-11) to only review relevant code changes. Alternatively, you could remove this workflow entirely and only use the @claude mention workflow for on-demand reviews.
Changes: - claude-code-review.yml: Auto-trigger only for PRs from repo writers, manual trigger via @claude-review - claude.yml: Restrict @claude mentions to repo writers only - Both workflows now check author_association (OWNER, MEMBER, COLLABORATOR)
yonromai
left a comment
There was a problem hiding this comment.
Awesome! I actually started hacking on this this weekend, you beat me to it!
![]()
| pull-requests: read | ||
| issues: read |
There was a problem hiding this comment.
Agree with co pilot here, seems like these permissions are too strict?
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||
| plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' | ||
| plugins: 'code-review@claude-code-plugins' | ||
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ steps.pr-number.outputs.number }}' |
There was a problem hiding this comment.
nit: Why not follow the /review convention in the CLI and the GH action doc
There was a problem hiding this comment.
Sounds good to me, we can change it.
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 |
There was a problem hiding this comment.
nit: I wonder if we should > 100 (or 0 + potentially a file filter). I end up using claude to look into the git history a bunch.
There was a problem hiding this comment.
These were the defaults from Claude. I'm not against tweaking it, but I don't know if it has consequences for the actions? Maybe let's start with this and see if we run into issues?
.github/workflows/claude.yml
Outdated
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 |
- Change permissions from read to write for contents, pull-requests, issues (required for Claude to comment and push changes to PR branches) - Change review trigger from @claude-review to /review - Increase fetch-depth from 1 to 10 for recent git history access
|
Adjusted permissions and set the fetch limit to 10 to see how that goes.. |
This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.