Add Claude Code PR review GitHub Actions CI workflow #79
Conversation
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
Review Summary by QodoAdd Claude Code Review GitHub Actions workflow
WalkthroughsDescription• Adds automated Claude Code Review workflow for GitHub PRs • Implements security checks to prevent prompt injection attacks • Limits fork PR reviews to explicit maintainer review requests • Detects sensitive file changes and skips review for large PRs Diagramflowchart LR
PR["Pull Request Event"]
FORK{Fork PR?}
REVIEW{Review Requested?}
CHECKOUT["Checkout Repository"]
DETECT["Detect Workflow Changes"]
SENSITIVE{Sensitive Files Changed?}
CLAUDE["Run Claude Code Review"]
COMMENT["Post Review Comment"]
PR --> FORK
FORK -->|Non-fork| CHECKOUT
FORK -->|Fork| REVIEW
REVIEW -->|Yes| CHECKOUT
REVIEW -->|No| END1["Skip Review"]
CHECKOUT --> DETECT
DETECT --> SENSITIVE
SENSITIVE -->|No| CLAUDE
SENSITIVE -->|Yes| END2["Skip Review"]
CLAUDE --> COMMENT
File Changes1. .github/workflows/claude-code-review.yml
|
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a GitHub Actions workflow Changes
Sequence Diagram(s)sequenceDiagram
participant GitHub as GitHub Events
participant Runner as Actions Runner
participant Checkout as actions/checkout
participant Script as actions/github-script
participant ClaudeAction as anthropics/claude-code-action
participant GH as gh CLI / GitHub API
GitHub->>Runner: trigger on pull_request / pull_request_target
Runner->>Checkout: checkout repo (explicit ref selection for forks)
Runner->>Script: infer PR number, list changed files, detect workflows/sensitive changes, check diff size
Script-->>Runner: set workflows_changed flag (true/false) and PR determinability
alt workflows_changed == true OR PR undeterminable OR diff too large OR excluded
Runner-->>GitHub: skip Claude review
else
Runner->>ClaudeAction: run Claude review (env + API key)
ClaudeAction->>GH: run `gh pr diff` and `gh pr comment` to post findings
ClaudeAction-->>Runner: completed review
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
PeterDaveHello
changed the title
Code Review SummaryStatus: No Issues Found | Recommendation: Merge OverviewThis PR adds a well-structured GitHub Actions workflow for automated Claude Code reviews on pull requests. The security posture is strong:
Other reviewers have already flagged relevant items (trust boundary for same-repo PRs, model ID validity). No additional issues found from this review. Files Reviewed (1 file)
|
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to run automated Claude-based PR reviews, with a fork-safe pull_request_target path gated by explicit maintainer action and additional checks to prevent running when sensitive workflow/instruction files are modified.
Changes:
- Introduces a new
claude-code-review.ymlworkflow that runs onpull_requestfor non-fork PRs and onpull_request_target(onlyreview_requested) for fork PRs. - Adds a
github-scriptstep to detect changes to sensitive paths/files and fail-closed (including 3000+ file PRs) to avoid bypassing safeguards. - Runs
anthropics/claude-code-actionwith restrictedghtool access to post review comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| persist-credentials: false | ||
|
|
||
| - name: Detect workflow changes | ||
| id: workflow_changes |
There was a problem hiding this comment.
The "Detect workflow changes" step is only used to gate pull_request_target (fork) runs, but it still calls the API on every pull_request run. Consider adding an if: github.event_name == 'pull_request_target' to this step (or moving it behind a job/step condition) to reduce unnecessary API calls and avoid extra failure surface on normal PR events.
| id: workflow_changes | |
| id: workflow_changes | |
| if: github.event_name == 'pull_request_target' |
Code Review by Qodo
1. Secrets on pull_request
|
![qodo-free-for-open-source-projects[bot]](https://avatars.githubusercontent.com/in/1068000?s=60&v=4){kind=small}
| on: | ||
| pull_request: | ||
| types: [opened, synchronize, reopened, ready_for_review] | ||
| pull_request_target: | ||
| types: [review_requested] | ||
|
|
||
| concurrency: | ||
| # Include event_name to prevent pull_request and pull_request_target from canceling each other | ||
| # This ensures non-fork PRs aren't accidentally canceled by the skipped pull_request_target run | ||
| group: claude-pr-review-${{ github.event_name }}-${{ github.event.pull_request.number }} | ||
| cancel-in-progress: true | ||
|
|
||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| issues: write | ||
|
|
||
| jobs: | ||
| claude_review: | ||
| if: | | ||
| (github.event_name == 'pull_request' && | ||
| github.event.pull_request.head.repo.fork == false) || | ||
| (github.event_name == 'pull_request_target' && | ||
| github.event.pull_request.head.repo.fork == true) | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
1. Secrets on pull_request 🐞 Bug ⛨ Security
• The workflow intentionally runs on pull_request for non-fork PRs and passes ANTHROPIC_API_KEY/GITHUB_TOKEN to the action; any same-repo PR will execute this workflow with those secrets available. • Because pull_request runs use the workflow definition from the PR’s code, a same-repo PR can modify this workflow (e.g., expand allowed tools/steps) and immediately run the modified workflow with secrets, which is a high-impact trust-boundary decision. • The workflow explicitly applies “sensitive file” skipping only for fork PRs; same-repo PRs are allowed to modify .github/workflows/* and still run this job.
Agent Prompt
### Issue description
The workflow runs on `pull_request` for non-fork PRs and injects secrets into a third-party action. On `pull_request` events, workflow definitions can be taken from PR code, which means a same-repo PR can modify this workflow and have the modified version run with secrets.
### Issue Context
This is a trust-boundary decision: it may be acceptable if *all* same-repo PR authors are fully trusted, but it is high impact if that assumption is ever violated (compromised collaborator account, overly broad repo write access, etc.).
### Fix Focus Areas
- .github/workflows/claude-code-review.yml[3-7]
- .github/workflows/claude-code-review.yml[21-27]
- .github/workflows/claude-code-review.yml[96-109]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
PeterDaveHello
force-pushed
the
add-claude-code-review-ci-workflow
branch
from
3470f05 to
8a758c8
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/workflows/claude-code-review.yml:
- Around line 96-127: The workflow step with id "claude-review" sets claude_args
to include an invalid model flag "--model opus"; update that flag to a currently
supported Claude model (for example "--model claude-sonnet-4-20250514" or the
latest supported model ID) so the claude_args value uses a valid model
identifier and the action can run successfully.
| - name: Run Claude Code Review | ||
| # GitHub Actions step outputs are strings; keep the condition below comparing against 'true'. | ||
| # Note: For pull_request events (non-fork PRs from trusted contributors), we run the review | ||
| # even when sensitive files are modified. Only fork PRs (pull_request_target) check workflows_changed. | ||
| if: | | ||
| github.event_name != 'pull_request_target' || | ||
| steps.workflow_changes.outputs.workflows_changed != 'true' | ||
| id: claude-review | ||
| uses: anthropics/claude-code-action@1b8ee3b94104046d71fde52ec3557651ad8c0d71 # v1.0.29 | ||
| env: | ||
| ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }} | ||
| with: | ||
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| prompt: | | ||
| REPO: ${{ github.repository }} | ||
| PR NUMBER: ${{ github.event.pull_request.number }} | ||
|
|
||
| Please review this pull request and provide feedback on: | ||
| - Code quality and best practices | ||
| - Potential bugs or issues | ||
| - Performance considerations | ||
| - Security concerns | ||
| - Test coverage | ||
|
|
||
| Use the repository's AGENTS.md for guidance on style and conventions. Be constructive and helpful in your feedback. | ||
| Use `gh pr diff` to see the PR changes, then use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | ||
|
|
||
| claude_args: > | ||
| --model opus | ||
| --allowed-tools | ||
| "Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
anthropics/claude-code-action v1.0.29 release SHA
💡 Result:
anthropics/claude-code-action v1.0.29 release commit SHA: 1b8ee3b94104046d71fde52ec3557651ad8c0d71. (github.com)
Citations:
🌐 Web query:
anthropics/claude-code-action model parameter supported values opus claude-3
💡 Result:
In anthropics/claude-code-action@v1, there isn’t a dedicated model: input with an enum of supported values—you set the model via the Claude Code CLI flag in claude_args, e.g. claude_args: "--model <MODEL_ID>". The action passes claude_args through to Claude Code, so “supported values” are whatever Claude Code supports for --model. [1]
As of the current Claude Code docs, examples / supported model IDs include: claude-sonnet-4-20250514 (and newer Sonnet/Opus/Haiku variants listed in their “Supported models” section). [2]
For Claude 3 Opus, the Anthropic API model ID was claude-3-opus-20240229, but it has been retired (requests now error) as of January 5, 2026, so it’s no longer a valid value to use. [3]
Sources: [1] [2] [3]
Update model parameter to a currently supported version.
The action SHA correctly pins to v1.0.29, and the --allowed-tools restriction appropriately limits Claude's execution scope. However, the --model opus parameter is invalid: "opus" is not a valid model identifier, and the Anthropic Opus model (claude-3-opus-20240229) was retired as of January 5, 2026. This will cause the workflow to fail at runtime.
Update the model to a currently supported variant. For example, use --model claude-sonnet-4-20250514 or the latest supported model ID according to Claude Code's current documentation.
🤖 Prompt for AI Agents
In @.github/workflows/claude-code-review.yml around lines 96 - 127, The workflow
step with id "claude-review" sets claude_args to include an invalid model flag
"--model opus"; update that flag to a currently supported Claude model (for
example "--model claude-sonnet-4-20250514" or the latest supported model ID) so
the claude_args value uses a valid model identifier and the action can run
successfully.
8a758c8 to
c35b076
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/workflows/claude-code-review.yml:
- Around line 96-129: The claude-review step uses an incorrect flag and format
for tool restriction: update the claude_args in the step with id "claude-review"
to use the documented kebab-case flag "--allowed-tools" and pass the tools as a
single comma-separated argument (e.g., --allowed-tools "Bash(gh pr comment
*),Bash(gh pr diff *),Bash(gh pr view *)"); ensure the flag and value remain on
the same line/argument so the action parses the allowed tools correctly.
| - name: Run Claude Code Review | ||
| # GitHub Actions step outputs are strings; keep the condition below comparing against 'true'. | ||
| # Note: For pull_request events (non-fork PRs from trusted contributors), we run the review | ||
| # even when sensitive files are modified. Only fork PRs (pull_request_target) check workflows_changed. | ||
| if: | | ||
| github.event_name != 'pull_request_target' || | ||
| steps.workflow_changes.outputs.workflows_changed != 'true' | ||
| id: claude-review | ||
| uses: anthropics/claude-code-action@1b8ee3b94104046d71fde52ec3557651ad8c0d71 # v1.0.29 | ||
| env: | ||
| ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }} | ||
| with: | ||
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| prompt: | | ||
| REPO: ${{ github.repository }} | ||
| PR NUMBER: ${{ github.event.pull_request.number }} | ||
|
|
||
| Please review this pull request and provide feedback on: | ||
| - Code quality and best practices | ||
| - Potential bugs or issues | ||
| - Performance considerations | ||
| - Security concerns | ||
| - Test coverage | ||
|
|
||
| Use the repository's AGENTS.md for guidance on style and conventions. Be constructive and helpful in your feedback. | ||
| Use `gh pr diff` to see the PR changes, then use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | ||
|
|
||
| claude_args: > | ||
| --model claude-opus-4-6 | ||
| --allowedTools | ||
| "Bash(gh pr comment *)" | ||
| "Bash(gh pr diff *)" | ||
| "Bash(gh pr view *)" |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Anthropic Claude Code GitHub Actions --allowed-tools flag documentation
💡 Result:
In Claude Code GitHub Actions (anthropics/claude-code-action@v1), you pass tool-allowlisting via the claude_args input (which forwards Claude Code CLI flags). The docs list:
--allowed-tools: “Comma-separated list of allowed tools” (docs.anthropic.com)
Example:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: "/review"
claude_args: "--allowed-tools Read,Grep,Bash(git diff)"If you’re upgrading from the old beta action inputs, the migration table notes allowed_tools moved to claude_args: --allowedTools (camelCase) (docs.anthropic.com).
For the CLI/SDK flag form (outside Actions), Anthropic’s Claude Code SDK docs show --allowedTools usage (docs.anthropic.com).
Citations:
- 1: https://docs.anthropic.com/en/docs/claude-code/github-actions
- 2: https://docs.anthropic.com/en/docs/claude-code/github-actions
- 3: https://docs.anthropic.com/s/claude-code-sdk?utm_source=openai
Use the documented --allowed-tools flag with comma-separated list format.
In Claude Code GitHub Actions, the flag is --allowed-tools (kebab-case, not --allowedTools), and tools must be comma-separated in a single argument. The current multi-line format with incorrect flag name will be ignored or error, compromising tool restriction.
🛠️ Proposed fix
claude_args: >
--model claude-opus-4-6
- --allowedTools
- "Bash(gh pr comment *)"
- "Bash(gh pr diff *)"
- "Bash(gh pr view *)"
+ --allowed-tools "Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *)"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Run Claude Code Review | |
| # GitHub Actions step outputs are strings; keep the condition below comparing against 'true'. | |
| # Note: For pull_request events (non-fork PRs from trusted contributors), we run the review | |
| # even when sensitive files are modified. Only fork PRs (pull_request_target) check workflows_changed. | |
| if: | | |
| github.event_name != 'pull_request_target' || | |
| steps.workflow_changes.outputs.workflows_changed != 'true' | |
| id: claude-review | |
| uses: anthropics/claude-code-action@1b8ee3b94104046d71fde52ec3557651ad8c0d71 # v1.0.29 | |
| env: | |
| ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }} | |
| with: | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ github.event.pull_request.number }} | |
| Please review this pull request and provide feedback on: | |
| - Code quality and best practices | |
| - Potential bugs or issues | |
| - Performance considerations | |
| - Security concerns | |
| - Test coverage | |
| Use the repository's AGENTS.md for guidance on style and conventions. Be constructive and helpful in your feedback. | |
| Use `gh pr diff` to see the PR changes, then use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | |
| claude_args: > | |
| --model claude-opus-4-6 | |
| --allowedTools | |
| "Bash(gh pr comment *)" | |
| "Bash(gh pr diff *)" | |
| "Bash(gh pr view *)" | |
| - name: Run Claude Code Review | |
| # GitHub Actions step outputs are strings; keep the condition below comparing against 'true'. | |
| # Note: For pull_request events (non-fork PRs from trusted contributors), we run the review | |
| # even when sensitive files are modified. Only fork PRs (pull_request_target) check workflows_changed. | |
| if: | | |
| github.event_name != 'pull_request_target' || | |
| steps.workflow_changes.outputs.workflows_changed != 'true' | |
| id: claude-review | |
| uses: anthropics/claude-code-action@1b8ee3b94104046d71fde52ec3557651ad8c0d71 # v1.0.29 | |
| env: | |
| ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }} | |
| with: | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ github.event.pull_request.number }} | |
| Please review this pull request and provide feedback on: | |
| - Code quality and best practices | |
| - Potential bugs or issues | |
| - Performance considerations | |
| - Security concerns | |
| - Test coverage | |
| Use the repository's AGENTS.md for guidance on style and conventions. Be constructive and helpful in your feedback. | |
| Use `gh pr diff` to see the PR changes, then use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | |
| claude_args: > | |
| --model claude-opus-4-6 | |
| --allowed-tools "Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *)" |
🤖 Prompt for AI Agents
In @.github/workflows/claude-code-review.yml around lines 96 - 129, The
claude-review step uses an incorrect flag and format for tool restriction:
update the claude_args in the step with id "claude-review" to use the documented
kebab-case flag "--allowed-tools" and pass the tools as a single comma-separated
argument (e.g., --allowed-tools "Bash(gh pr comment *),Bash(gh pr diff
*),Bash(gh pr view *)"); ensure the flag and value remain on the same
line/argument so the action parses the allowed tools correctly.
abaa0fb to
c9ca210
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
PeterDaveHello
force-pushed
the
add-claude-code-review-ci-workflow
branch
3 times, most recently
from
bfa45b6 to
c3426dc
Compare
Enable Claude Code online review in GitHub Actions and limit fork-triggered pull_request_target runs to review_requested so maintainers explicitly gate those review runs.
PeterDaveHello
force-pushed
the
add-claude-code-review-ci-workflow
branch
from
c3426dc to
094a83b
Compare
1 participant
Enable Claude Code online review in GitHub Actions and limit fork-triggered
pull_request_targetruns toreview_requestedso maintainers explicitly gate those review runs.GitHub Copilot pull request summary:
Summary by CodeRabbit