Skip to content

Add Claude Code GitHub Workflow #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
koriym merged 5 commits into from
Oct 25, 2025
Merged

Add Claude Code GitHub Workflow #120

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c6bc97c
docs(license): update copyright year(s)
invalid-email-address Jan 4, 2025
aef7872
Merge pull request #4 from koriym/license/copyright-to-2025
koriym Jan 4, 2025
bd7aecc
Merge branch 'ray-di:1.x' into 1.x
koriym Feb 4, 2025
9715b41
"Claude PR Assistant workflow"
koriym Oct 25, 2025
6e0b1e6
"Claude Code Review workflow"
koriym Oct 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions .github/workflows/claude-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Claude Code Review

on:
pull_request:
types: [opened, synchronize]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"

jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'

runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
Copy link

@sourcery-ai sourcery-ai bot Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

Source: opengrep

with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}

Please review this pull request and provide feedback on:
- Code quality and best practices
- Potential bugs or issues
- Performance considerations
- Security concerns
- Test coverage

Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify CLAUDE.md exists in repository.

The prompt references "the repository's CLAUDE.md" for style guidance, but there's no confirmation this file exists. If it doesn't, Claude won't have style guidance and the review may be less consistent with project conventions.

🏁 Script executed:

#!/bin/bash
# Description: Check if CLAUDE.md exists in repository

if [ -f "CLAUDE.md" ]; then
  echo "✓ CLAUDE.md found at repository root"
  head -20 CLAUDE.md
else
  echo "✗ CLAUDE.md not found"
  find . -name "CLAUDE.md" -type f 2>/dev/null || echo "No CLAUDE.md found anywhere"
fi

Length of output: 21


---

🏁 Script executed:

```shell
#!/bin/bash
# Search for any references to CLAUDE.md or guidance documentation in the codebase

echo "=== Searching for CLAUDE.md references ==="
rg -i "claude\.md" --type-list | head -20 || true

echo -e "\n=== Searching for style guide or conventions references ==="
rg -i "(style.*guide|coding.*standard|convention)" -C2 .github/workflows/ || true

echo -e "\n=== Checking for other documentation files ==="
fd -e md | grep -iE "(guide|style|convention|readme)" | head -20 || true

Length of output: 614


---

🏁 Script executed:

```shell
#!/bin/bash
# Search for CLAUDE.md references and documentation structure

echo "=== Searching for CLAUDE.md references ==="
rg "claude\.md" -i || echo "No CLAUDE.md references found"

echo -e "\n=== Listing all markdown files ==="
fd -e md | sort

echo -e "\n=== Checking workflow file content ==="
if [ -f ".github/workflows/claude-code-review.yml" ]; then
  echo "Workflow file found:"
  cat ".github/workflows/claude-code-review.yml"
else
  echo "Workflow file not found at .github/workflows/claude-code-review.yml"
  find . -name "claude-code-review.yml" -type f 2>/dev/null || echo "No workflow file found"
fi

Length of output: 2200

Create CLAUDE.md or remove the reference from the workflow prompt.

The workflow explicitly instructs Claude to use "the repository's CLAUDE.md" for style guidance, but this file does not exist anywhere in the repository. This will cause Claude to lack guidance on style and conventions during code reviews.

Options to fix:

  1. Create CLAUDE.md at the repository root with your project's style guide and coding conventions
  2. Remove the CLAUDE.md reference from the prompt in the workflow and replace with inline guidance, or reference existing documentation (e.g., README.md)
🤖 Prompt for AI Agents 
.github/workflows/claude-code-review.yml around line 50: the workflow references
a non-existent CLAUDE.md for style guidance which will break reviewer prompts;
either add a CLAUDE.md at repo root containing your style and convention
guidance, or remove/replace the reference in the workflow prompt with inline
guidance or an existing doc (e.g., README.md) so the workflow points to an
actual file or includes the needed guidance directly.

Copy link
Member Author

@koriym koriym Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exists now.

Copy link
Contributor

@coderabbitai coderabbitai bot Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if CLAUDE.md now exists in the repository

echo "=== Checking for CLAUDE.md in repository ==="
if [ -f "CLAUDE.md" ]; then
  echo "✓ CLAUDE.md found at repository root"
  echo ""
  echo "=== File size and basic info ==="
  ls -lh CLAUDE.md
  echo ""
  echo "=== First 30 lines of CLAUDE.md ==="
  head -30 CLAUDE.md
else
  echo "✗ CLAUDE.md not found at repository root"
  echo ""
  echo "=== Searching for CLAUDE.md anywhere in the repository ==="
  find . -name "CLAUDE.md" -type f 2>/dev/null || echo "No CLAUDE.md found anywhere in repository"
fi

Length of output: 145

🏁 Script executed:

#!/bin/bash
# Check recent commits and git status to see if CLAUDE.md was added

echo "=== Checking recent commits in current branch ==="
git log --oneline -10

echo ""
echo "=== Checking for any CLAUDE.md in recent commits ==="
git log --all --oneline --name-only | grep -i "CLAUDE.md" || echo "No CLAUDE.md found in commit history"

echo ""
echo "=== Current branch ==="
git branch --show-current

echo ""
echo "=== All files in repository root ==="
ls -la | head -20

Length of output: 1908

🏁 Script executed:

#!/bin/bash
# Check which branch has CLAUDE.md and get its content

echo "=== Finding which branch(es) contain CLAUDE.md ==="
git branch -a --contains $(git log --all --format=%H --name-only | grep -B1 "^CLAUDE.md$" | head -1) 2>/dev/null || echo "Could not determine branch"

echo ""
echo "=== Checking commits that added CLAUDE.md ==="
git log --all --oneline --diff-filter=A -- CLAUDE.md

echo ""
echo "=== Getting CLAUDE.md content from the commit ==="
COMMIT_WITH_CLAUDE=$(git log --all --oneline --diff-filter=A -- CLAUDE.md | head -1 | cut -d' ' -f1)
if [ -n "$COMMIT_WITH_CLAUDE" ]; then
  echo "Found CLAUDE.md in commit: $COMMIT_WITH_CLAUDE"
  echo ""
  echo "=== Content of CLAUDE.md ==="
  git show $COMMIT_WITH_CLAUDE:CLAUDE.md | head -50
else
  echo "Could not find commit with CLAUDE.md"
fi

echo ""
echo "=== Checking if it exists in origin/add-claude-github-actions-1761412869230 ==="
git ls-tree -r origin/add-claude-github-actions-1761412869230 --name-only | grep -i CLAUDE || echo "Not found in source branch"

Length of output: 3142

🏁 Script executed:

#!/bin/bash
# Check if CLAUDE.md exists in the target branch (1.x)

echo "=== Checking for CLAUDE.md in origin/1.x (target branch) ==="
git ls-tree -r origin/1.x --name-only | grep -i CLAUDE

echo ""
echo "=== Getting CLAUDE.md from origin/1.x ==="
git show origin/1.x:CLAUDE.md 2>/dev/null && echo "" && echo "✓ CLAUDE.md exists in target branch 1.x" || echo "✗ CLAUDE.md not found in 1.x"

echo ""
echo "=== Commit history for CLAUDE.md ==="
git log origin/1.x --oneline -- CLAUDE.md | head -5

Length of output: 6383

@koriym Perfect! I can confirm that CLAUDE.md exists in the target branch (1.x) and contains comprehensive guidance for Claude Code. The file includes:

  • Project overview and architecture details
  • Core compilation flow and runtime execution
  • Development commands and testing instructions
  • Key concepts like dependency indexing, injection points, and scope handling
  • PHP version requirements and best practices

Since this PR is targeting the 1.x branch where CLAUDE.md already exists, the workflow will have access to the style guidance when it runs. The reference in line 50 of the workflow is valid and will work correctly! ✅

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!


Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.

# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

50 changes: 50 additions & 0 deletions .github/workflows/claude.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Claude Code

on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]

jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
Copy link

@sourcery-ai sourcery-ai bot Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

Source: opengrep

with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
actions: read

# Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
# prompt: 'Update the pull request description to include a summary of changes.'

# Optional: Add claude_args to customize behavior and configuration
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
# claude_args: '--allowed-tools Bash(gh pr:*)'

2 changes: 1 addition & 1 deletion LICENSE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
The MIT License (MIT)

Copyright (c) 2012-2024 Akihito Koriyama
Copyright (c) 2012-2025 Akihito Koriyama

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
Loading