ci: add Claude Code on-demand workflow for PRs#818
Merged
Conversation
…tance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a new GitHub Actions workflow Changes
Sequence Diagram(s)sequenceDiagram
participant Commenter
participant GitHub as "GitHub Events"
participant Actions as "GitHub Actions (claude)"
participant Claude as "Anthropic Claude API"
participant Repo as "Repository"
Commenter->>GitHub: Post comment / review (may mention `@claude`)
GitHub->>Actions: Trigger workflow (issue_comment / pr events)
Actions->>Actions: Evaluate conditions (author association, contains "@claude", PR context, resolve head SHA)
Actions->>Repo: Checkout repo at resolved ref
Actions->>Claude: Invoke anthropics/claude-code-action (with CLAUDE token + claude_args)
Claude-->>Actions: Return analysis / actions
Actions->>Repo: Post comments or run allowed gh/pr commands per response
Actions-->>GitHub: Update workflow status
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the dual-job setup (deprecated security-review action + on-demand) with a single job using claude-code-action@v1, matching the official docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drop unused permissions (issues, id-token) and add author_association guard so only OWNER/MEMBER/COLLABORATOR can trigger Claude. Also filter out standalone issue comments to limit usage to PRs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
evgeniko
changed the title
Downgrade contents permission from write to read and whitelist only review-related tools (Read, Glob, Grep, inline comments, PR comments) so Claude cannot modify code or push changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/workflows/claude.yml:
- Around line 22-23: The checkout step currently uses actions/checkout@v4
without an explicit ref so the workflow reads the default branch; update the
checkout step (actions/checkout@v4) to pass the PR head SHA as ref by resolving
it from the event payload (e.g. set ref: ${{ github.event.pull_request.head.sha
|| github.event.issue.pull_request.head.sha }} or fall back to github.sha) and
include fetch-depth: 0 so the PR commit is fetched; this ensures Claude reads
the actual PR branch instead of the default branch.
🧹 Nitpick comments (1)
.github/workflows/claude.yml (1)
25-29: Pin the third-party action to a full commit SHA instead of a mutable tag.
anthropics/claude-code-action@v1uses a mutable tag that could be moved or force-pushed to point to different code. Since this action receivessecrets.ANTHROPIC_API_KEY, pinning to a specific commit SHA is a security best practice that mitigates supply chain risk. Include the version as a comment for clarity during future upgrades.Example
- - uses: anthropics/claude-code-action@v1 + - uses: anthropics/claude-code-action@<full-commit-sha> # v1.x.x
3 tasks
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/claude.yml (1)
3-13: Trigger scope is broader than the stated PR-only objective.The PR title/description frames this as a "PR workflow," but the
issuestrigger (lines 10–11) means@claudecan also be invoked on standalone issues. If this is intentional, no action needed — just noting the discrepancy with the PR description.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claude.yml around lines 3 - 13, The workflow's trigger scope includes the 'issues' event but the PR says it should be a PR-only workflow; remove or restrict the 'issues' trigger under the top-level on: block (the 'issues:' entry and its types) so only pull_request-related events (e.g., the existing 'pull_request', 'pull_request_review', 'pull_request_review_comment', and 'issue_comment' if intended) remain; update or delete the 'issues' stanza to align triggers with the stated PR-only objective.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/claude.yml:
- Line 1: Run Prettier to fix the formatting violation in the GitHub Actions
workflow that declares "name: Claude Code": run the project's Prettier formatter
(e.g., bun run prettier --write .) to reformat the workflow file, verify the
resulting changes include the corrected formatting for the "name: Claude Code"
entry, and commit the formatted file(s) to unblock CI.
- Around line 43-44: The workflow's --allowedTools entry currently permits broad
shell patterns Bash(gh api:*) and Bash(git:*) which, combined with
pull-requests: write and issues: write, allow destructive write operations;
change the --allowedTools string to restrict these to read-only operations
(e.g., replace Bash(gh api:*) with explicit read-only gh calls or GET-only
patterns like Bash(gh api:GET * ) and replace Bash(git:*) with specific safe git
commands (e.g., Bash(git:status), Bash(git:log) or a whitelist of read-only
subcommands) or remove them and use specific gh pr/gh issue read subcommands
instead so the --allowedTools flag no longer enables arbitrary gh api or git
write actions.
---
Nitpick comments:
In @.github/workflows/claude.yml:
- Around line 3-13: The workflow's trigger scope includes the 'issues' event but
the PR says it should be a PR-only workflow; remove or restrict the 'issues'
trigger under the top-level on: block (the 'issues:' entry and its types) so
only pull_request-related events (e.g., the existing 'pull_request',
'pull_request_review', 'pull_request_review_comment', and 'issue_comment' if
intended) remain; update or delete the 'issues' stanza to align triggers with
the stated PR-only objective.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
nvsriram
previously approved these changes
Feb 24, 2026
- Restrict --allowedTools to read-only git subcommands and remove broad gh api:* - Add author_association check to limit triggers to OWNER/MEMBER/COLLABORATOR - Fix issue_comment checkout to use PR head SHA instead of default branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (1)
.github/workflows/claude.yml (1)
46-48: ModernizeBash()allowedTools patterns to use space separator instead of deprecated colon syntax.The colon syntax (e.g.,
Bash(gh pr comment:*)) is deprecated but still functional and equivalent to the space-based format (e.g.,Bash(gh pr comment *)). Update to the current recommended syntax for consistency with Claude Code documentation:Proposed modernization
- --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(git diff:*),Bash(git log:*),Bash(git blame:*),Bash(git show:*),Bash(git status:*),Read,Glob,Grep,WebFetch,WebSearch" + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *),Bash(git diff *),Bash(git log *),Bash(git blame *),Bash(git show *),Bash(git status *),Read,Glob,Grep,WebFetch,WebSearch"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claude.yml around lines 46 - 48, Update the allowedTools string in the claude_args block to use the modern space-separated Bash(...) pattern instead of the deprecated colon syntax: in the allowedTools value inside claude_args replace occurrences like Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*), Bash(git diff:*), Bash(git log:*), Bash(git blame:*), Bash(git show:*), Bash(git status:*) with Bash(gh pr comment *), Bash(gh pr diff *), Bash(gh pr view *), Bash(git diff *), Bash(git log *), Bash(git blame *), Bash(git show *), Bash(git status *) respectively, keeping the rest of the allowedTools entries (Read,Glob,Grep,WebFetch,WebSearch) unchanged so claude_args and allowedTools formatting and semantics remain identical but use the current recommended syntax.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/claude.yml:
- Around line 13-16: The issue_comment branch in the workflow if-condition
currently triggers for any issue comment; update the issue_comment clause to
require the event is a PR by adding a PR-only guard that checks for
github.event.issue.pull_request (e.g., require the pull_request field exists) so
the group handling issue_comment (the first OR clause in the if expression) only
proceeds for comments on pull requests and will not run for standalone issues.
- Around line 12-17: The claude job lacks a timeout setting which can allow
runaway workflows to consume runner minutes; add a timeout-minutes property to
the claude job definition (the job named "claude") with a reasonable value
(e.g., 10 or 30) to cap execution time and prevent long-running or stuck
LLM-driven reviews from running indefinitely; update the job block to include
timeout-minutes: <minutes> so the workflow respects the new limit.
- Around line 18-23: Remove the unnecessary "issues: write" permission from the
workflow permissions block and keep "pull-requests: write" (and other existing
needed entries like "contents: read", "id-token: write", "actions: read") so the
workflow retains least privilege while still allowing gh pr comment and inline
review operations; update the permissions mapping by deleting the "issues:
write" line and leave the rest unchanged.
- Around line 25-37: The workflow only resolves the PR head SHA for
issue_comment events (step id pr-sha) so checkout uses github.sha (the merge
ref) for pull_request_review_comment and pull_request_review events; update the
workflow so the PR head SHA is used for those events by either expanding the
pr-sha step to run for pull_request_review and pull_request_review_comment (and
fetch the head SHA from github.event.pull_request.head.sha) or change the
checkout ref expression to prefer: steps.pr-sha.outputs.sha ||
github.event.pull_request.head.sha || github.sha, ensuring the Checkout
repository step (uses: actions/checkout@v4) receives the actual PR head commit
when available.
---
Nitpick comments:
In @.github/workflows/claude.yml:
- Around line 46-48: Update the allowedTools string in the claude_args block to
use the modern space-separated Bash(...) pattern instead of the deprecated colon
syntax: in the allowedTools value inside claude_args replace occurrences like
Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*), Bash(git diff:*),
Bash(git log:*), Bash(git blame:*), Bash(git show:*), Bash(git status:*) with
Bash(gh pr comment *), Bash(gh pr diff *), Bash(gh pr view *), Bash(git diff *),
Bash(git log *), Bash(git blame *), Bash(git show *), Bash(git status *)
respectively, keeping the rest of the allowedTools entries
(Read,Glob,Grep,WebFetch,WebSearch) unchanged so claude_args and allowedTools
formatting and semantics remain identical but use the current recommended
syntax.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove id-token: write to verify it's not needed with API key auth - Add pull_request trigger temporarily for testing
Contributor
Author
|
@claude please review |
evgeniko
commented
Mar 10, 2026
evgeniko
commented
Mar 10, 2026
Contributor
Author
evgeniko
left a comment
evgeniko
left a comment
There was a problem hiding this comment.
retesting Claude workflow after trigger relaxation
evgeniko
commented
Mar 10, 2026
3 tasks
Adopt the canonical workflow from wormhole-foundation/wormhole#4686: - Replace author_association check with API-based collaborator permission check - Add PR_NUMBER env var and scope gh pr commands to it - Add github_token to avoid OIDC dependency - Add prompt injection guard to system prompt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
nvsriram
approved these changes
Mar 18, 2026
Contributor
nvsriram
left a comment
nvsriram
left a comment
There was a problem hiding this comment.
LGTM — verified diff against monorepo version!
johnsaigle
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@claudeis mentioned in PR comments, review comments, or review submissionsCONTRIBUTING.mdfor style guidanceANTHROPIC_API_KEYsecret to be configured in repo settingsAuthentication
Uses an Anthropic API key (
ANTHROPIC_API_KEYsecret) for authentication.Permissions
contents: readpull-requests: writeissues: writeAccess Control
Uses the collaborator permission endpoint (
repos/{repo}/collaborators/{actor}/permission) to gate Claude triggers onwriteoradminaccess. Verified working in the wormhole CI run.Test plan
ANTHROPIC_API_KEYsecret to repo settings@claudein a PR comment to trigger a review