Skip to content

Commit 8d0d393

Browse files
jking-ausjking-aus
authored
chore: separate claude code action workflows for comments and PR reviews (#686)
1 parent 22e673c commit 8d0d393

File tree

2 files changed

+154
-0
lines changed

2 files changed

+154
-0
lines changed

.github/workflows/claude-mentions.yml

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
name: Claude Mentions
2+
3+
# Scenario 1: @claude mentions on issues and PR comments
4+
# See: https://github.com/anthropics/claude-code-action/pull/614
5+
6+
on:
7+
issue_comment:
8+
types: [created, edited]
9+
pull_request_review_comment:
10+
types: [created, edited]
11+
12+
permissions:
13+
id-token: write
14+
contents: write
15+
pull-requests: write
16+
issues: write
17+
18+
jobs:
19+
claude-mentions:
20+
if: contains(github.event.comment.body, '@claude')
21+
name: claude-mentions
22+
runs-on: ubuntu-22.04
23+
permissions:
24+
id-token: write
25+
contents: write
26+
pull-requests: write
27+
issues: write
28+
actions: read
29+
steps:
30+
- name: Check if user is org member
31+
id: check
32+
run: |
33+
COMMENT_AUTHOR="${{ github.event.comment.author_association || github.event.review.author_association }}"
34+
# Check if user is org member or owner
35+
if [[ "$COMMENT_AUTHOR" == "MEMBER" || "$COMMENT_AUTHOR" == "OWNER" ]]; then
36+
echo "is_member=true" >> $GITHUB_OUTPUT
37+
else
38+
echo "is_member=false" >> $GITHUB_OUTPUT
39+
echo "⚠️ User is not a member of sigp organization. Skipping."
40+
exit 1
41+
fi
42+
43+
- name: Get PR info for fork support
44+
if: steps.check.outputs.is_member == 'true' && github.event.issue.pull_request
45+
id: pr-info
46+
run: |
47+
PR_DATA=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.issue.number }})
48+
echo "pr_head_owner=$(echo "$PR_DATA" | jq -r '.head.repo.owner.login')" >> $GITHUB_OUTPUT
49+
echo "pr_head_repo=$(echo "$PR_DATA" | jq -r '.head.repo.name')" >> $GITHUB_OUTPUT
50+
echo "pr_head_ref=$(echo "$PR_DATA" | jq -r '.head.ref')" >> $GITHUB_OUTPUT
51+
echo "is_fork=$(echo "$PR_DATA" | jq -r '.head.repo.fork')" >> $GITHUB_OUTPUT
52+
env:
53+
GH_TOKEN: ${{ github.token }}
54+
55+
- name: Checkout repository
56+
if: steps.check.outputs.is_member == 'true'
57+
uses: actions/checkout@v4
58+
with:
59+
repository: ${{ github.event.issue.pull_request && steps.pr-info.outputs.is_fork == 'true' && format('{0}/{1}', steps.pr-info.outputs.pr_head_owner, steps.pr-info.outputs.pr_head_repo) || github.repository }}
60+
ref: ${{ github.event.issue.pull_request && steps.pr-info.outputs.pr_head_ref || github.ref }}
61+
fetch-depth: 0
62+
63+
- name: Generate GitHub App token
64+
if: steps.check.outputs.is_member == 'true'
65+
id: app-token
66+
uses: actions/create-github-app-token@v2
67+
with:
68+
app-id: ${{ vars.APP_ID }}
69+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
70+
71+
- name: Configure AWS Credentials (OIDC)
72+
if: steps.check.outputs.is_member == 'true'
73+
uses: aws-actions/configure-aws-credentials@v4
74+
with:
75+
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
76+
aws-region: us-west-2
77+
78+
- name: Run Claude Code Action
79+
if: steps.check.outputs.is_member == 'true'
80+
uses: anthropics/claude-code-action@v1
81+
with:
82+
github_token: ${{ steps.app-token.outputs.token }}
83+
use_bedrock: "true"
84+
claude_args: '--model us.anthropic.claude-sonnet-4-5-20250929-v1:0 --max-turns 10'

.github/workflows/claude-pr-review.yml

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
name: Claude PR Review
2+
3+
# Scenario 2: Automated reviews on PR open/update
4+
# See: https://github.com/anthropics/claude-code-action/pull/614
5+
6+
on:
7+
pull_request_target:
8+
types: [opened, synchronize, ready_for_review, reopened]
9+
10+
permissions:
11+
id-token: write
12+
contents: write
13+
pull-requests: write
14+
issues: write
15+
16+
jobs:
17+
claude-pr-review:
18+
name: claude-pr-review
19+
runs-on: ubuntu-22.04
20+
permissions:
21+
id-token: write
22+
contents: write
23+
pull-requests: write
24+
issues: write
25+
actions: read
26+
steps:
27+
- name: Check if PR author is org member
28+
id: check
29+
run: |
30+
PR_AUTHOR="${{ github.event.pull_request.author_association }}"
31+
# Check if user is org member or owner
32+
if [[ "$PR_AUTHOR" == "MEMBER" || "$PR_AUTHOR" == "OWNER" ]]; then
33+
echo "is_member=true" >> $GITHUB_OUTPUT
34+
else
35+
echo "is_member=false" >> $GITHUB_OUTPUT
36+
echo "⚠️ PR author is not a member of sigp organization. Skipping automated review."
37+
exit 0
38+
fi
39+
40+
- name: Checkout repository
41+
if: steps.check.outputs.is_member == 'true'
42+
uses: actions/checkout@v4
43+
with:
44+
repository: ${{ github.event.pull_request.head.repo.full_name }}
45+
ref: ${{ github.event.pull_request.head.ref }}
46+
fetch-depth: 0
47+
48+
- name: Generate GitHub App token
49+
if: steps.check.outputs.is_member == 'true'
50+
id: app-token
51+
uses: actions/create-github-app-token@v2
52+
with:
53+
app-id: ${{ vars.APP_ID }}
54+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
55+
56+
- name: Configure AWS Credentials (OIDC)
57+
if: steps.check.outputs.is_member == 'true'
58+
uses: aws-actions/configure-aws-credentials@v4
59+
with:
60+
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
61+
aws-region: us-west-2
62+
63+
- name: Run Claude Code Action
64+
if: steps.check.outputs.is_member == 'true'
65+
uses: anthropics/claude-code-action@v1
66+
with:
67+
github_token: ${{ steps.app-token.outputs.token }}
68+
allowed_non_write_users: "*"
69+
use_bedrock: "true"
70+
claude_args: "--model us.anthropic.claude-sonnet-4-5-20250929-v1:0 --max-turns 10"

0 commit comments

Comments
 (0)