team-operator/.github/workflows/claude.yml at 92a7a3bbe7028af6344f6b14e0bab5fc0c3cd4d4 · posit-dev/team-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Claude PR Assistant

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  issues:
    types: [opened, assigned]
  pull_request_review:
    types: [submitted]

env:
  PTD_AWS_ACCOUNT: ${{ secrets.PTD_AWS_ACCOUNT }}

jobs:
  claude-code-action:
    if: |
      (
        github.event_name == 'issue_comment' &&
        contains(github.event.comment.body, '@claude')
      ) ||
      (
        github.event_name == 'pull_request_review_comment' &&
        contains(github.event.comment.body, '@claude')
      ) ||
      (
        github.event_name == 'issues' &&
        contains(github.event.issue.body, '@claude')
      )
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      issues: write
      id-token: write
    steps:
      - name: Check actor has write permission
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
          if [[ "$PERMISSION" != "admin" && "$PERMISSION" != "write" ]]; then
            echo "::error::Actor ${{ github.actor }} has '$PERMISSION' permission, requires 'write' or 'admin'"
            exit 1
          fi
          echo "Actor ${{ github.actor }} authorized with '$PERMISSION' permission"

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::${{ env.PTD_AWS_ACCOUNT }}:role/claude-code
          role-session-name: gha-claude-code-action
          aws-region: us-east-2

      - name: Run Claude Code Action
        uses: anthropics/claude-code-action@beta
        with:
          model: "us.anthropic.claude-opus-4-6-v1"
          fallback_model: "us.anthropic.claude-3-7-sonnet-20250219-v1:0"
          timeout_minutes: "60"
          use_bedrock: true
          branch_prefix: "claude-"
          additional_permissions: "actions: read"
          allowed_tools: "mcp__github__create_pull_request,mcp__github__create_issue,mcp__github__search_issues,mcp__github__update_issue,mcp__github__create_pending_pull_request_review,mcp__github__add_pull_request_review_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff"
          custom_instructions: |
            You are a helpful AI assistant for code reviews and issue triage.
            Respond to comments and issues that mention you with relevant code suggestions or triage actions.
            If you cannot assist, politely inform the user. In your responses, don't be overly complimentary.
            Stick to the facts and provide actionable advice.