Skip to content

Make Claude PR code review workflow manual #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BenGWeeks wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Make Claude PR code review workflow manual #9

BenGWeeks wants to merge 2 commits into from

Conversation

@BenGWeeks
Copy link
Contributor

@BenGWeeks BenGWeeks commented Jan 4, 2026

  • Remove automatic trigger on pull_request events
  • Add workflow_dispatch for manual UI trigger with PR number input
  • Add issue_comment trigger for /claude-review command on PRs
  • Add step to dynamically determine PR number from trigger source

@claude
Make Claude PR code review workflow manual
2dc612d 
- Remove automatic trigger on pull_request events
- Add workflow_dispatch for manual UI trigger with PR number input
- Add issue_comment trigger for /claude-review command on PRs
- Add step to dynamically determine PR number from trigger source
@BenGWeeks BenGWeeks requested a review from Copilot January 4, 2026 05:31
Copilot AI reviewed Jan 4, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR converts the Claude Code Review workflow from automatic triggering on pull requests to manual triggering. The workflow can now be triggered either through the GitHub Actions UI with a PR number input, or via a /claude-review command in PR comments.

Key changes:

  • Replaced automatic pull_request trigger with manual workflow_dispatch and issue_comment triggers
  • Added conditional job execution to filter for PR comments with the trigger phrase
  • Implemented dynamic PR number extraction based on the trigger source

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/claude-code-review.yml Outdated
Comment on lines 17 to 20
# Only run on PR comments (not issue comments) with trigger phrase, or on manual dispatch
if: |
github.event_name == 'workflow_dispatch' ||
(github.event.issue.pull_request && contains(github.event.comment.body, '/claude-review'))
Copy link

Copilot AI Jan 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue_comment trigger allows any user to trigger this workflow by commenting on a PR. This could be a security concern if you want to restrict who can trigger code reviews. Consider adding a permission check in the if condition to verify that the commenter has appropriate permissions (e.g., checking github.actor against an allowed list, or verifying github.event.comment.author_association is OWNER, MEMBER, or COLLABORATOR).

Suggested change
# Only run on PR comments (not issue comments) with trigger phrase, or on manual dispatch
if: |
github.event_name == 'workflow_dispatch' ||
(github.event.issue.pull_request && contains(github.event.comment.body, '/claude-review'))
# Only run on PR comments (not issue comments) with trigger phrase from authorized users, or on manual dispatch
if: |
github.event_name == 'workflow_dispatch' ||
(
github.event.issue.pull_request &&
contains(github.event.comment.body, '/claude-review') &&
(
github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'COLLABORATOR'
)
)

Copilot uses AI. Check for mistakes.
@claude
Add authorization check for /claude-review trigger
dfaccf5 
Address GitHub Copilot security feedback by restricting the issue_comment
trigger to authorized users only (OWNER, MEMBER, COLLABORATOR). This
prevents unauthorized users from consuming workflow resources.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BenGWeeks @claude