refactor: secure sensitive strings #968
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code Review | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| # Optional: Only run on specific file changes | |
| # paths: | |
| # - "src/**/*.ts" | |
| # - "src/**/*.tsx" | |
| # - "src/**/*.js" | |
| # - "src/**/*.jsx" | |
| jobs: | |
| claude-review: | |
| # Optional: Filter by PR author | |
| # if: | | |
| # github.event.pull_request.user.login == 'external-contributor' || | |
| # github.event.pull_request.user.login == 'new-developer' || | |
| # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Minimize old Claude comments | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| REPO="${{ github.repository }}" | |
| PR_NUMBER="${{ github.event.pull_request.number }}" | |
| # Minimize issue comments from claude[bot] | |
| gh api "repos/$REPO/issues/$PR_NUMBER/comments" --jq '.[] | select(.user.login == "claude[bot]") | .node_id' | while read -r node_id; do | |
| if [ -n "$node_id" ]; then | |
| echo "Minimizing comment: $node_id" | |
| gh api graphql -f query=' | |
| mutation($id: ID!) { | |
| minimizeComment(input: {subjectId: $id, classifier: OUTDATED}) { | |
| minimizedComment { isMinimized } | |
| } | |
| }' -f id="$node_id" || true | |
| fi | |
| done | |
| - name: Run Claude Code Review | |
| id: claude-review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # use_sticky_comment: "true" # doesn't work | |
| plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' | |
| plugins: 'code-review@claude-code-plugins' | |
| prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' | |
| # Allow Claude bot to trigger this workflow | |
| allowed_bots: 'claude[bot]' | |
| # Allow Claude to use GH CLI for reading external PR details and fetch web content | |
| claude_args: '--allowed-tools Bash(gh:*) WebFetch' |