Add Claude Code GitHub Workflow

[williamQyq]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[qodo-code-review]

Review Summary by Qodo

Add Claude Code GitHub Actions workflows for automated reviews

✨ Enhancement

Walkthroughs

Description

• Adds two GitHub Actions workflows for Claude Code integration
• First workflow enables automated code reviews on pull requests
• Second workflow allows Claude to respond to @claude mentions
• Provides flexible configuration options for filtering and permissions

Diagram

flowchart LR
  PR["Pull Request Events"]
  Comments["Issue/PR Comments"]
  PR -- "triggers" --> CodeReview["Claude Code Review Workflow"]
  Comments -- "triggers on @claude" --> Claude["Claude Code Workflow"]
  CodeReview -- "runs" --> Review["Automated Code Review"]
  Claude -- "executes" --> Action["Claude Actions"]
  Review --> Feedback["Review Feedback"]
  Action --> Response["Claude Response"]

Loading

File Changes

1. .github/workflows/claude-code-review.yml ✨ Enhancement +44/-0

Automated code review workflow configuration

• Creates automated code review workflow triggered on PR events
• Configures Claude Code action with code-review plugin
• Includes optional filters for file paths and PR authors
• Sets up required permissions for repository access

.github/workflows/claude-code-review.yml

---

2. .github/workflows/claude.yml ✨ Enhancement +50/-0

Claude interactive assistant workflow setup

• Enables Claude to respond to @claude mentions in comments
• Triggers on issue comments, PR review comments, and issues
• Configures Claude Code action with OAuth token authentication
• Includes optional custom prompts and allowed tools configuration

.github/workflows/claude.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📎 Requirement gaps (0) 🎨 UX Issues (0)

1. Unrestricted @claude triggers 🐞 Bug ⛨ Security

Description

In .github/workflows/claude.yml, the job runs whenever any comment/review/issue text contains
@claude without checking the sender’s repo permission/association, yet it passes
secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party action. This allows any external commenter to
trigger secret-bearing runs (cost/abuse risk and increased secret exposure surface).

Code

.github/workflows/claude.yml[R15-19]

+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))

Evidence

The workflow gates execution only on contains(..., '@claude') (no actor/association checks), and
later provides CLAUDE_CODE_OAUTH_TOKEN to anthropics/claude-code-action, meaning an untrusted
trigger can cause a run that has access to that secret.

.github/workflows/claude.yml[15-19]
.github/workflows/claude.yml[33-38]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`claude` job triggers on any `@claude` text from any commenter, but the job also passes `secrets.CLAUDE_CODE_OAUTH_TOKEN` to a third-party action. Add an authorization gate so only trusted actors (e.g., OWNER/MEMBER/COLLABORATOR, or an explicit allowlist) can trigger the workflow.

### Issue Context
Current job-level `if:` only checks for the substring `@claude` and does not validate `author_association`/permissions.

### Fix Focus Areas
- .github/workflows/claude.yml[15-19]
- .github/workflows/claude.yml[33-38]

### Suggested change
- Extend the job `if:` to also require trusted actors for each event type, e.g. check `github.event.comment.author_association` / `github.event.issue.author_association` / `github.event.review.author_association` is in `{OWNER, MEMBER, COLLABORATOR}` (and optionally exclude bots).
- If you need broader access, use an explicit allowlist of `github.actor` values.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Unpinned action and plugins 🐞 Bug ⛨ Security

Description

Both workflows execute anthropics/claude-code-action pinned only to the mutable v1 tag, and the
review workflow loads plugins from a remote marketplace without an immutable version/commit pin. If
the tag/plugin changes (or is compromised), different code can run in CI with access to
CLAUDE_CODE_OAUTH_TOKEN.

Code

.github/workflows/claude-code-review.yml[R36-40]

+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'

Evidence

The workflows reference a third-party action by a movable tag and also fetch plugin code remotely
without pinning to an immutable identifier, increasing supply-chain risk while passing in a
repository secret.

.github/workflows/claude.yml[34-37]
.github/workflows/claude-code-review.yml[36-40]
Best Practice: GitHub Actions hardening guidance

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The workflows execute third-party code (`anthropics/claude-code-action@v1`) and remote plugins without immutable pinning. This increases supply-chain risk, especially since the job passes `CLAUDE_CODE_OAUTH_TOKEN`.

### Issue Context
Tags like `v1` can move; remote plugin references can change over time.

### Fix Focus Areas
- .github/workflows/claude.yml[34-37]
- .github/workflows/claude-code-review.yml[36-40]

### Suggested change
- Replace `anthropics/claude-code-action@v1` with a specific commit SHA (and use Dependabot/GitHub tools to keep it updated safely).
- If plugins must be used, pin them to immutable versions/SHAs (if the action supports it) or vendor/lock the plugin source rather than pulling mutable remote code at runtime.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Runs without secret on forks 🐞 Bug ☼ Reliability

Description

.github/workflows/claude-code-review.yml triggers on all pull_request events but unconditionally
calls the action with secrets.CLAUDE_CODE_OAUTH_TOKEN; on fork PRs this secret will not be
available, so the action will be invoked without the required token and the job will fail or produce
no review output. This can create noisy/failed checks for external contributions.

Code

.github/workflows/claude-code-review.yml[R34-41]

+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'

Evidence

The workflow is configured to run on pull_request events and always supplies
secrets.CLAUDE_CODE_OAUTH_TOKEN to the action, with no conditional guard to skip fork PRs where
secrets are unavailable.

.github/workflows/claude-code-review.yml[3-5]
.github/workflows/claude-code-review.yml[34-41]
Best Practice: GitHub Actions security model

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The PR review workflow runs on `pull_request` but requires a repository secret. For fork PRs, that secret will be unavailable, so the Claude step runs without credentials and will likely fail or do nothing.

### Issue Context
You generally should not run secret-dependent jobs on fork PRs without an explicit trust/authorization model.

### Fix Focus Areas
- .github/workflows/claude-code-review.yml[3-5]
- .github/workflows/claude-code-review.yml[21-27]
- .github/workflows/claude-code-review.yml[34-41]

### Suggested change
Add a job-level guard to skip forks, e.g.:
- `if: github.event.pull_request.head.repo.full_name == github.repository`

(Alternative, higher-risk) Switch to `pull_request_target` only if you also add strict actor authorization and safe checkout patterns.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[qodo-code-review]

1. Unrestricted @claude triggers 🐞 Bug ⛨ Security

In .github/workflows/claude.yml, the job runs whenever any comment/review/issue text contains
@claude without checking the sender’s repo permission/association, yet it passes
secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party action. This allows any external commenter to
trigger secret-bearing runs (cost/abuse risk and increased secret exposure surface).

Agent Prompt

### Issue description
`claude` job triggers on any `@claude` text from any commenter, but the job also passes `secrets.CLAUDE_CODE_OAUTH_TOKEN` to a third-party action. Add an authorization gate so only trusted actors (e.g., OWNER/MEMBER/COLLABORATOR, or an explicit allowlist) can trigger the workflow.

### Issue Context
Current job-level `if:` only checks for the substring `@claude` and does not validate `author_association`/permissions.

### Fix Focus Areas
- .github/workflows/claude.yml[15-19]
- .github/workflows/claude.yml[33-38]

### Suggested change
- Extend the job `if:` to also require trusted actors for each event type, e.g. check `github.event.comment.author_association` / `github.event.issue.author_association` / `github.event.review.author_association` is in `{OWNER, MEMBER, COLLABORATOR}` (and optionally exclude bots).
- If you need broader access, use an explicit allowlist of `github.actor` values.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-code-review]

2. Unpinned action and plugins 🐞 Bug ⛨ Security

Both workflows execute anthropics/claude-code-action pinned only to the mutable v1 tag, and the
review workflow loads plugins from a remote marketplace without an immutable version/commit pin. If
the tag/plugin changes (or is compromised), different code can run in CI with access to
CLAUDE_CODE_OAUTH_TOKEN.

Agent Prompt

### Issue description
The workflows execute third-party code (`anthropics/claude-code-action@v1`) and remote plugins without immutable pinning. This increases supply-chain risk, especially since the job passes `CLAUDE_CODE_OAUTH_TOKEN`.

### Issue Context
Tags like `v1` can move; remote plugin references can change over time.

### Fix Focus Areas
- .github/workflows/claude.yml[34-37]
- .github/workflows/claude-code-review.yml[36-40]

### Suggested change
- Replace `anthropics/claude-code-action@v1` with a specific commit SHA (and use Dependabot/GitHub tools to keep it updated safely).
- If plugins must be used, pin them to immutable versions/SHAs (if the action supports it) or vendor/lock the plugin source rather than pulling mutable remote code at runtime.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools