Fix claude-code-review checkout action version

[justin808]

Summary

• replace actions/checkout@v6 with the latest published major (actions/checkout@v4) in .github/workflows/claude-code-review.yml
• restores workflow compatibility (v6 does not exist)

Testing

• yarn prettier --check .github/workflows/claude-code-review.yml

Closes #967.

---

Note

Low Risk
Low risk: changes only the GitHub Actions workflow to reference an existing actions/checkout major version, with no application/runtime code impact.

Overview
Fixes the Claude Code Review GitHub Actions workflow by switching the checkout step from the non-existent actions/checkout@v6 to actions/checkout@v4, restoring workflow compatibility.

^{Written by Cursor Bugbot for commit c9fb17c. Configure here.}

[coderabbitai]

Warning

Rate limit exceeded

@justin808 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 14 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 502d8d33-62f4-41da-afa3-83d61c88c090

📥 Commits

Reviewing files that changed from the base of the PR and between b259a0e and c9fb17c.

📒 Files selected for processing (1)

• .github/workflows/claude-code-review.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jg-codex/issue-967-checkout-v4

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

Fixes the Claude Code Review workflow by replacing actions/checkout@v6 (which does not exist as a published release) with actions/checkout@v4, the latest published major version. This is a one-line change that restores CI workflow compatibility.

• Corrects the checkout action version in .github/workflows/claude-code-review.yml from v6 to v4
• All 15 actions/checkout references across 8 workflow files in this repository now consistently use v4
• No issues found during review

Confidence Score: 5/5

• This PR is safe to merge — it's a minimal, correct one-line fix to a CI workflow.
• The change is a single-line version pin correction in a CI workflow file. It fixes a clear bug (referencing a non-existent action version) and aligns with every other workflow in the repo. No risk of regression.
• No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/claude-code-review.yml	One-line fix replacing non-existent actions/checkout@v6 with actions/checkout@v4, restoring workflow compatibility. Now consistent with all other workflow files in the repo.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["PR Event: opened / synchronize / ready_for_review / reopened"] --> B{"Is PR from same repo?"}
    B -- Yes --> C["Checkout repository\n(actions/checkout@v4)"]
    C --> D["Run Claude Code Review\n(anthropics/claude-code-action@v1)"]
    D --> E["Post review comments via gh CLI"]
    B -- No --> F["Skip (fork PRs excluded)"]

Loading

_{Last reviewed commit: c9fb17c}

[claude]

Review: Fix claude-code-review checkout action version

This is a straightforward, correct fix. The change from actions/checkout@v6 to actions/checkout@v4 restores workflow functionality since v6 does not exist.

Assessment: LGTM

A few minor observations:

1. Pinning to a major version tag (@v4) is acceptable, though pinning to a specific SHA (e.g., actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683) is more secure against supply chain attacks (tag mutation). For an internal dev tooling workflow like this, @v4 is a reasonable trade-off.

2. fetch-depth: 1 is appropriate for a review-only workflow — no need for full history.

3. The id-token: write permission is present but appears unused by this workflow (the Claude action uses an OAuth token, not OIDC). Worth noting but not a blocker.

Overall this is a minimal, correct fix with no application or runtime impact.