chore(deps): bump lycheeverse/lychee-action from 2.7.0 to 2.8.0 in the actions-minor-patch group #151
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yamllint disable rule:line-length | |
| name: Claude Automated PR Review | |
| on: | |
| # Using pull_request (not pull_request_target) for security: | |
| # - pull_request_target exposes secrets to fork PRs, creating exfiltration risk | |
| # - For fork PRs needing review, maintainers can manually @claude via claude.yml | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| # Cancel any in-progress review for the same PR when new commits are pushed | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| review: | |
| # Skip bots and draft PRs | |
| if: | | |
| github.actor != 'dependabot[bot]' && | |
| github.actor != 'claude[bot]' && | |
| github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write # Required by claude-code-action for PR comments (GitHub API treats PR comments as issue comments) | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - name: Cache npm tools | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| id: claude-pr-review-npm-tools-cache | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-npm-lint-tools-v1 | |
| - name: Install linting tools | |
| if: steps.claude-pr-review-npm-tools-cache.outputs.cache-hit != 'true' | |
| run: npm install -g markdownlint-cli2 prettier | |
| - name: Review PR with Claude | |
| uses: anthropics/claude-code-action@edd85d61533cbba7b57ed0ca4af1750b1fdfd3c4 # v1.0.55 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| track_progress: true | |
| prompt: | | |
| Review this pull request for the plugin-dev Claude Code plugin. | |
| ## Context | |
| - Repository: ${{ github.repository }} | |
| - PR #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }} | |
| - Author: ${{ github.event.pull_request.user.login }} | |
| - Base: ${{ github.event.pull_request.base.ref }} | |
| - Dependencies: markdownlint-cli2 and prettier are pre-installed globally | |
| > **Note**: The `component-validation` workflow runs in parallel and validates plugin component | |
| > structure (frontmatter fields, JSON schema, etc.). Focus your review on content quality, | |
| > best practices, and issues beyond structural validation. | |
| ## Instructions | |
| ### Step 1: Run Quality Checks | |
| Run these checks and note any failures: | |
| - `markdownlint-cli2 <changed-md-files>` - Markdown style issues | |
| - `prettier --check <changed-md-files>` - Formatting issues | |
| - `shellcheck plugins/plugin-dev/skills/*/scripts/*.sh` - Shell script issues (if scripts changed) | |
| ### Step 2: Review the Diff | |
| Run `gh pr diff ${{ github.event.pull_request.number }}` to see all changes. | |
| ### Step 3: Provide Feedback | |
| **For specific line-level issues**, use inline comments. Target: | |
| - Missing or invalid YAML frontmatter fields | |
| - Imperative voice violations in commands ("You should" instead of "Do") | |
| - Missing trigger phrases in skill descriptions | |
| - `<example>` block formatting issues in agents | |
| - Shell script issues (shellcheck findings) | |
| - Security concerns | |
| **For general observations**, post a summary comment. | |
| ## Review Criteria | |
| ### Plugin Components (if changed) | |
| - **Commands** (`commands/*.md`): Verify YAML frontmatter has name, description, allowed-tools. Check for imperative voice ("Do X" not "You should do X"). | |
| - **Skills** (`skills/*/SKILL.md`): Check trigger phrases in description, progressive disclosure pattern (name and description required in frontmatter; version is optional). | |
| - **Agents** (`agents/*.md`): Verify <example> blocks for triggering, appropriate tool restrictions. | |
| - **Hooks** (`hooks/hooks.json`): Validate event types and matcher patterns. | |
| ### Shell Scripts (if changed) | |
| - Run shellcheck on any changed `.sh` files in `plugins/plugin-dev/skills/*/scripts/` | |
| - Flag any shellcheck errors or warnings | |
| ### Markdown Quality | |
| Key markdown rules enforced: | |
| - ATX-style headers (`#` not underlines) | |
| - Dash-style lists (`-` not `*` or `+`) | |
| - 2-space indentation for nested lists | |
| - Fenced code blocks (not indented) | |
| ### Documentation | |
| - README.md updates if user-facing changes | |
| - CLAUDE.md updates if development process changes | |
| ## Output Format | |
| 1. Post inline comments for specific issues found in the diff | |
| 2. Post a summary comment with: | |
| - **Verdict**: ✅ Looks good / ⚠️ Needs changes / 🔍 Has concerns | |
| - **Quality Checks**: Results from markdownlint, prettier, shellcheck (pass/fail with details) | |
| - **What's Good**: Positive aspects of the PR | |
| - **Suggestions**: General improvements (not covered by inline comments) | |
| Be constructive and helpful. Focus on significant issues, not nitpicks. | |
| claude_args: '--model claude-opus-4-6 --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr comment:*),Bash(markdownlint-cli2:*),Bash(prettier:*),Bash(shellcheck:*),Read,Glob,Grep"' |