Add Claude Code GitHub Workflow

[unclecode]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• Chores
  • Introduced an AI-powered code review workflow that automatically reviews pull requests and posts feedback.
  • Added a comment-triggered assistant that responds to “@claude” mentions on issues and reviews to streamline collaboration.
  • Configured CI to run on relevant pull request and discussion events with appropriate permissions.
  • Documented optional customization points for prompts and tool access within the workflows.

[coderabbitai]

Walkthrough

Adds two GitHub Actions workflows under .github/workflows: one runs an automated Claude-based code review on pull_request events; the other listens for comments/reviews containing "@claude" across issues and PRs to invoke the Claude Code action. Both check out the repo and run anthropics/claude-code-action@v1 with configured permissions and secrets.

Changes

Cohort / File(s)	Summary of Changes
Automated PR code review workflow .github/workflows/claude-code-review.yml	New workflow "Claude Code Review" triggered on pull_request (opened, synchronize). Runs claude-review job on ubuntu-latest, checks out repo (depth 1), invokes anthropics/claude-code-action@v1 with OAuth token, structured prompt, claude_args, and posts feedback via gh pr comment. Sets read permissions for contents, pull-requests, issues; write id-token.
Comment-triggered Claude workflow .github/workflows/claude.yml	New workflow "Claude Code" triggered by issue_comment, pull_request_review_comment, issues, and pull_request_review events. Job runs when content includes "@claude". Checks out repo (depth 1), runs anthropics/claude-code-action@v1 with CLAUDE_CODE_OAUTH_TOKEN and additional_permissions for actions read. Optional prompt and args documented as comments.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub
  participant WF as Workflow: Claude Code Review
  participant CO as actions/checkout
  participant CC as anthropics/claude-code-action
  participant API as GitHub API

  Dev->>GH: Open/Synchronize Pull Request
  GH-->>WF: Trigger on pull_request
  activate WF
  WF->>CO: Checkout repo (fetch-depth: 1)
  CO-->>WF: Code checked out
  WF->>CC: Run with OAuth token + prompt
  CC->>API: Read PR, diffs, repo info
  API-->>CC: Data
  CC->>API: Post review via gh pr comment
  API-->>CC: Comment created
  deactivate WF

Loading

sequenceDiagram
  autonumber
  actor User as User
  participant GH as GitHub
  participant WF as Workflow: Claude Code
  participant CO as actions/checkout
  participant CC as anthropics/claude-code-action
  participant API as GitHub API

  User->>GH: Add comment/review containing "@claude"
  GH-->>WF: Trigger on comment/review event
  alt Contains "@claude"
    activate WF
    WF->>CO: Checkout repo (fetch-depth: 1)
    CO-->>WF: Code checked out
    WF->>CC: Run with CLAUDE_CODE_OAUTH_TOKEN
    CC->>API: Read issue/PR context (incl. actions results if needed)
    API-->>CC: Data
    CC->>API: Post response comment
    API-->>CC: Comment created
    deactivate WF
  else No mention
    WF-->>GH: Skip job
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I thump my paws on YAML plains,
Summon Claude with gentle refrains—
On PR winds and comment cues,
It hops through diffs with careful views.
Carrots queued, reviews in flight,
CI moonbeams guide the night.
Approved! says the twitching byte. 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description offers helpful background, usage details, and security considerations but does not follow the required repository template because it lacks a Summary section with issue references, a list of files changed with rationale, testing details, and the completed checklist.	Please update the description to match the repository’s template by adding a Summary that references any issues, listing each file changed with an explanation, describing how the changes have been tested, and completing the provided checklist.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title “Add Claude Code GitHub Workflow” accurately and concisely summarizes the primary change of introducing a Claude Code GitHub Actions workflow and aligns with the content of the changeset. It is specific enough for a teammate to understand the main purpose of the pull request at a glance.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-claude-github-actions-1759553116682

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e651e04 and 2e0dd7f.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml (1 hunks)
• .github/workflows/claude.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/claude-code-review.yml

[warning] 57-57: too many blank lines (1 > 0)

(empty-lines)

.github/workflows/claude.yml

[warning] 50-50: too many blank lines (1 > 0)

(empty-lines)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid running on forked PRs without secrets.

This job requests CLAUDE_CODE_OAUTH_TOKEN, which is unavailable on fork-origin PRs. As written, every external PR will fail the workflow. Add a guard so we only run when the PR originates from this repository.

   claude-review:
-    # Optional: Filter by PR author
-    # if: |
-    #   github.event.pull_request.user.login == 'external-contributor' ||
-    #   github.event.pull_request.user.login == 'new-developer' ||
-    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+    if: github.event.pull_request.head.repo.full_name == github.repository
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	pull_request:
	types: [opened, synchronize]
	# Optional: Only run on specific file changes
	# paths:
	# - "src/**/*.ts"
	# - "src/**/*.tsx"
	# - "src/**/*.js"
	# - "src/**/*.jsx"
	jobs:
	claude-review:
	# Optional: Filter by PR author
	# if: |
	# github.event.pull_request.user.login == 'external-contributor' ||
	# github.event.pull_request.user.login == 'new-developer' ||
	# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: Run Claude Code Review
	id: claude-review
	uses: anthropics/claude-code-action@v1
	with:
	claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
	prompt: |
	REPO: ${{ github.repository }}
	PR NUMBER: ${{ github.event.pull_request.number }}
	Please review this pull request and provide feedback on:
	- Code quality and best practices
	- Potential bugs or issues
	- Performance considerations
	- Security concerns
	- Test coverage
	Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
	Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
	# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
	# or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
	claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
	jobs:
	claude-review:
	if: github.event.pull_request.head.repo.full_name == github.repository
	# Optional: Filter by PR author
	# if: |
	# github.event.pull_request.user.login == 'external-contributor' ||
	# github.event.pull_request.user.login == 'new-developer' ||
	# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: Run Claude Code Review
	id: claude-review
	uses: anthropics/claude-code-action@v1
	with:
	claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
	prompt: |
	REPO: ${{ github.repository }}
	PR NUMBER: ${{ github.event.pull_request.number }}
	Please review this pull request and provide feedback on:
	- Code quality and best practices
	- Potential bugs or issues
	- Performance considerations
	- Security concerns
	- Test coverage
	Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
	Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
	# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
	# or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
	claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restrict triggering to trusted collaborators.

Any external issue opener or commenter can currently tag @claude and fire this workflow, consuming the Anthropic secret despite the intent to allow only writers. Gate the trigger on trusted associations before invoking the action.

-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
-      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    if: |
+      (
+        github.event_name == 'issue_comment' &&
+        contains(github.event.comment.body, '@claude') &&
+        (github.event.comment.author_association == 'COLLABORATOR' ||
+         github.event.comment.author_association == 'MEMBER' ||
+         github.event.comment.author_association == 'OWNER')
+      ) ||
+      (
+        github.event_name == 'pull_request_review_comment' &&
+        contains(github.event.comment.body, '@claude') &&
+        (github.event.comment.author_association == 'COLLABORATOR' ||
+         github.event.comment.author_association == 'MEMBER' ||
+         github.event.comment.author_association == 'OWNER')
+      ) ||
+      (
+        github.event_name == 'pull_request_review' &&
+        contains(github.event.review.body, '@claude') &&
+        (github.event.review.author_association == 'COLLABORATOR' ||
+         github.event.review.author_association == 'MEMBER' ||
+         github.event.review.author_association == 'OWNER')
+      ) ||
+      (
+        github.event_name == 'issues' &&
+        (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
+        (github.event.issue.author_association == 'COLLABORATOR' ||
+         github.event.issue.author_association == 'MEMBER' ||
+         github.event.issue.author_association == 'OWNER')
+      )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if: |
	(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
	(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write
	actions: read # Required for Claude to read CI results on PRs
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: Run Claude Code
	id: claude
	uses: anthropics/claude-code-action@v1
	with:
	claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
	# This is an optional setting that allows Claude to read CI results on PRs
	additional_permissions: |
	actions: read
	if: |
	(
	github.event_name == 'issue_comment' &&
	contains(github.event.comment.body, '@claude') &&
	(github.event.comment.author_association == 'COLLABORATOR' ||
	github.event.comment.author_association == 'MEMBER' ||
	github.event.comment.author_association == 'OWNER')
	) ||
	(
	github.event_name == 'pull_request_review_comment' &&
	contains(github.event.comment.body, '@claude') &&
	(github.event.comment.author_association == 'COLLABORATOR' ||
	github.event.comment.author_association == 'MEMBER' ||
	github.event.comment.author_association == 'OWNER')
	) ||
	(
	github.event_name == 'pull_request_review' &&
	contains(github.event.review.body, '@claude') &&
	(github.event.review.author_association == 'COLLABORATOR' ||
	github.event.review.author_association == 'MEMBER' ||
	github.event.review.author_association == 'OWNER')
	) ||
	(
	github.event_name == 'issues' &&
	(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
	(github.event.issue.author_association == 'COLLABORATOR' ||
	github.event.issue.author_association == 'MEMBER' ||
	github.event.issue.author_association == 'OWNER')
	)
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write
	actions: read # Required for Claude to read CI results on PRs