Fix Claude Code Review workflow comment tooling#431
Conversation
WalkthroughThe workflow configuration is expanded to trigger on additional PR events (ready_for_review, reopened) and replaces the external reusable workflow invocation with a self-contained inlined job that directly invokes the Claude Code Review action with detailed review parameters. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR converts the Claude Code Review workflow from a reusable workflow reference to an inline workflow definition, enabling Claude to post feedback directly as GitHub comments via Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[PR Event Triggered] --> B{Event Type}
B -->|opened/synchronize/<br/>ready_for_review/<br/>reopened| C[Checkout Repository]
C --> D[Run Claude Code Review]
D --> E[Claude Analyzes PR]
E --> F{Feedback Type}
F -->|Top-level feedback| G[gh pr comment]
F -->|Inline code issues| H[mcp__github_inline_comment__<br/>create_inline_comment]
G --> I[GitHub PR Comments Posted]
H --> I
Last reviewed commit: 3f7b748 |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
.github/workflows/claude-code-review.yml (3)
7-14: Add a concurrency group to prevent redundant parallel review runs.Without a
concurrency:block, everysynchronizeevent on a PR (e.g. rapid force-pushes) spawns a new Claude run alongside any in-flight one, wasting both runner minutes and API credits.♻️ Proposed fix: add concurrency group
jobs: claude-review: + concurrency: + group: claude-review-${{ github.event.pull_request.number }} + cancel-in-progress: true runs-on: ubuntu-latest🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claude-code-review.yml around lines 7 - 14, Add a concurrency block to the claude-review job to prevent parallel runs for the same PR: inside the job definition for claude-review add a concurrency: key with a group that uniquely ties to the PR/workflow (for example use expressions like github.workflow + github.event.pull_request.number or github.ref) and set cancel-in-progress: true so newer runs cancel in-flight ones; update the job definition around the claude-review job to include this concurrency configuration.
43-44: Set--max-turnsto cap unbounded Claude execution and control costs.Configure appropriate
--max-turnsinclaude_argsto prevent excessive iterations. Without this guard, a complex PR can exhaust API quota and stall the runner.♻️ Suggested addition
claude_args: | + --max-turns 10 --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claude-code-review.yml around lines 43 - 44, Add a max-turns cap to the claude_args to prevent unbounded Claude execution and runaway costs: update the claude_args string (the line containing --allowedTools) to include a reasonable --max-turns value (e.g. --max-turns 10 or an env-driven variable like --max-turns ${{ env.CLAUDE_MAX_TURNS }}), so the runner will stop after the configured number of iterations; keep the existing --allowedTools intact (mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)) while appending the new --max-turns flag.
4-5: Consider guarding against draft PRs to avoid unnecessary runs.
openedandsynchronizeevents fire for draft PRs too, so every push to a draft will trigger a Claude review. Adding aready_for_reviewcheck in a job condition (or a top-levelif:) prevents wasted runs while theready_for_reviewtrigger already handles the draft → ready transition.♻️ Optional fix: skip drafts on opened/synchronize
claude-review: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claude-code-review.yml around lines 4 - 5, The workflow currently triggers Claude reviews for pull_request events including opened and synchronize which also fire for draft PRs; update the workflow to skip draft PRs by adding a condition that checks the PR draft flag (e.g., use if: github.event.pull_request == null || !github.event.pull_request.draft at the job level or as a top-level if) or adjust the pull_request triggers to rely on ready_for_review; ensure you reference the existing pull_request types array (opened, synchronize, ready_for_review, reopened) and add the draft guard so jobs like the Claude review only run when the PR is not a draft.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/claude-code-review.yml:
- Around line 22-26: The workflow step using anthropics/claude-code-action@v1
currently supplies claude_code_oauth_token (and may use anthropic_api_key) but
omits the GitHub auth input; add the github_token input to the same step
(github_token: ${{ secrets.GITHUB_TOKEN }}) so the action can use the GitHub
token for repo operations when OAuth token auth is used; update the Run Claude
Code Review step to include github_token alongside claude_code_oauth_token to
avoid auth failures.
---
Nitpick comments:
In @.github/workflows/claude-code-review.yml:
- Around line 7-14: Add a concurrency block to the claude-review job to prevent
parallel runs for the same PR: inside the job definition for claude-review add a
concurrency: key with a group that uniquely ties to the PR/workflow (for example
use expressions like github.workflow + github.event.pull_request.number or
github.ref) and set cancel-in-progress: true so newer runs cancel in-flight
ones; update the job definition around the claude-review job to include this
concurrency configuration.
- Around line 43-44: Add a max-turns cap to the claude_args to prevent unbounded
Claude execution and runaway costs: update the claude_args string (the line
containing --allowedTools) to include a reasonable --max-turns value (e.g.
--max-turns 10 or an env-driven variable like --max-turns ${{
env.CLAUDE_MAX_TURNS }}), so the runner will stop after the configured number of
iterations; keep the existing --allowedTools intact
(mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh
pr diff:*),Bash(gh pr view:*)) while appending the new --max-turns flag.
- Around line 4-5: The workflow currently triggers Claude reviews for
pull_request events including opened and synchronize which also fire for draft
PRs; update the workflow to skip draft PRs by adding a condition that checks the
PR draft flag (e.g., use if: github.event.pull_request == null ||
!github.event.pull_request.draft at the job level or as a top-level if) or
adjust the pull_request triggers to rely on ready_for_review; ensure you
reference the existing pull_request types array (opened, synchronize,
ready_for_review, reopened) and add the draft guard so jobs like the Claude
review only run when the PR is not a draft.
| - name: Run Claude Code Review | ||
| id: claude-review | ||
| uses: anthropics/claude-code-action@v1 | ||
| with: | ||
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} |
There was a problem hiding this comment.
Missing github_token when using OAuth token authentication may cause auth failures.
claude_code_oauth_token and anthropic_api_key are for the Claude API, not GitHub. The auth priority for GitHub operations is: github_token input (user-provided) > GitHub App OIDC token (default).
When using OAuth token authentication, the workflow must also provide github_token: ${{ secrets.GITHUB_TOKEN }}; omitting it causes authentication failures for users following the standard OAuth setup flow.
🔒 Proposed fix: add `github_token`
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+ github_token: ${{ secrets.GITHUB_TOKEN }}
prompt: |📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Run Claude Code Review | |
| id: claude-review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| - name: Run Claude Code Review | |
| id: claude-review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/claude-code-review.yml around lines 22 - 26, The workflow
step using anthropics/claude-code-action@v1 currently supplies
claude_code_oauth_token (and may use anthropic_api_key) but omits the GitHub
auth input; add the github_token input to the same step (github_token: ${{
secrets.GITHUB_TOKEN }}) so the action can use the GitHub token for repo
operations when OAuth token auth is used; update the Run Claude Code Review step
to include github_token alongside claude_code_oauth_token to avoid auth
failures.
1 participant
This ports the Claude Code review workflow fix from shakacode/hichee-data#367:
claude_args --allowedToolsThis makes Claude review output appear as top-level and inline PR comments.
Summary by CodeRabbit