Skip to content

Comments

Add Claude Code GitHub Workflow#1

Open
manupastorr wants to merge 2 commits intomainfrom
add-claude-github-actions-1752610745679
Open

Add Claude Code GitHub Workflow#1
manupastorr wants to merge 2 commits intomainfrom
add-claude-github-actions-1752610745679

Conversation

@manupastorr
Copy link
Owner

@manupastorr manupastorr commented Jul 15, 2025

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

  • Bug fixes and improvements
  • Documentation updates
  • Implementing new features
  • Code reviews and suggestions
  • Writing tests
  • And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

  • This workflow won't take effect until this PR is merged
  • @claude mentions won't work until after the merge is complete
  • The workflow runs automatically whenever Claude is mentioned in PR or issue comments
  • Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

  • Our Anthropic API key is securely stored as a GitHub Actions secret
  • Only users with write access to the repository can trigger the workflow
  • All Claude runs are stored in the GitHub Actions run history
  • Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
  • We can add more allowed tools by adding them to the workflow file like:
allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

@vercel
Copy link

vercel bot commented Jul 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
maradoca ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 15, 2025 8:24pm

@claude
Copy link

claude bot commented Jul 15, 2025
edited
Loading

Claude finished @manupastorr's task —— View job

Code Review Complete ✅

Review Checklist:

  • Read and analyze both workflow files
  • Evaluate workflow structure and triggers
  • Check security best practices
  • Assess performance considerations
  • Look for potential bugs or issues
  • Provide recommendations and feedback

Overall Assessment

Both workflow files are well-structured and follow GitHub Actions best practices. The code quality is good with comprehensive configuration options and proper security measures.

Detailed Findings

Code Quality & Best Practices

  • Good structure: Both workflows follow consistent YAML formatting and GitHub Actions conventions
  • Comprehensive configuration: Excellent use of commented examples for customization
  • Action versions: Using latest stable versions (actions/checkout@v4, anthropics/claude-code-action@beta)
  • Clear naming: Descriptive job names and step names

Security

  • Proper token handling: CLAUDE_CODE_OAUTH_TOKEN correctly stored in GitHub secrets
  • Minimal permissions: Both workflows use principle of least privilege with specific permissions:
    • contents: read
    • pull-requests: read
    • issues: read
    • id-token: write
    • actions: read (only in claude.yml)
  • No hardcoded secrets: All sensitive data properly externalized

Performance Considerations

  • Efficient checkout: fetch-depth: 1 reduces clone time and network usage
  • Conditional execution: claude.yml has proper if conditions to prevent unnecessary runs
  • Targeted triggers: Workflows only run when needed (PR events, @claude mentions)

⚠️ Minor Issues & Recommendations

  1. Workflow Trigger Overlap (.github/workflows/claude-code-review.yml:4-5)

    • The review workflow runs on all PRs, but the main claude workflow also handles PR review comments
    • Consider adding exclusion logic or making the review workflow more targeted

  2. Beta Version Usage (both files)

    • Both workflows use anthropics/claude-code-action@beta
    • Consider pinning to specific version tags for better stability once available

  3. Missing Error Handling

    • No explicit error handling or failure notifications
    • Consider adding steps to handle API failures gracefully

  4. Documentation Gap

    • No inline documentation about the id-token: write permission requirement
    • Consider adding comments explaining why each permission is needed

📋 Suggestions for Enhancement

  1. Add workflow status badges to README
  2. Consider adding timeout settings for long-running reviews
  3. Add workflow concurrency controls to prevent overlapping runs: 
    concurrency:
  group: claude-${{ github.ref }}
  cancel-in-progress: true

🧪 Test Coverage

  • No test coverage for the workflows themselves (expected for GitHub Actions)
  • Good: The workflows don't modify critical code paths
  • Suggestion: Consider adding integration tests for the Claude Code action in a separate repository

Final Verdict

Approved - These workflows are production-ready with solid security practices and good structure. The minor issues are suggestions for improvement rather than blocking concerns.

Files Reviewed

  • .github/workflows/claude-code-review.yml (78 lines)
  • .github/workflows/claude.yml (64 lines)

cursor[bot]
cursor bot reviewed Jul 15, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Claude Workflow Permissions Mismatch

The anthropics/claude-code-action in both .github/workflows/claude.yml and .github/workflows/claude-code-review.yml requires write permissions for pull requests and issues to post feedback. However, the workflows explicitly set pull-requests: read and issues: read. This read-only configuration, which overrides default GITHUB_TOKEN scopes, prevents Claude from creating PR reviews or issue/PR comments, resulting in "Resource not accessible by integration" (HTTP 403) errors.

.github/workflows/claude-code-review.yml#L21-L26

maradoca/.github/workflows/claude-code-review.yml

Lines 21 to 26 in 045d109

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write

.github/workflows/claude.yml#L20-L26

maradoca/.github/workflows/claude.yml

Lines 20 to 26 in 045d109

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
actions: read # Required for Claude to read CI results on PRs

Fix in CursorFix in Web

BugBot free trial expires on July 22, 2025
Learn more in the Cursor dashboard.

Was this report helpful? Give feedback by reacting with 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@manupastorr