diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 8afac796..94631ce7 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -1,75 +1,11 @@ name: Claude Code Review on: - workflow_run: - workflows: ["Prepare Claude Review"] - types: [completed] issue_comment: types: [created] jobs: - # PATH A: Auto-trigger via workflow_run (trusted authors, or label-approved fork PRs) - claude-review-auto: - if: | - github.event_name == 'workflow_run' && - github.event.workflow_run.conclusion == 'success' - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - issues: write - actions: read - - steps: - - name: Download PR metadata - uses: actions/download-artifact@v4 - with: - name: pr-metadata - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Validate PR metadata - id: pr - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WORKFLOW_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} - REPO: ${{ github.repository }} - run: | - PR_NUMBER=$(cat pr_number.txt) - - # Validate PR number is a positive integer (defense against artifact tampering) - if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then - echo "::error::Invalid PR number in artifact: not an integer" - exit 1 - fi - - # Cross-reference: verify the PR's head SHA matches the workflow_run's head SHA - ACTUAL_SHA=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json headRefOid -q '.headRefOid') - if [ "$ACTUAL_SHA" != "$WORKFLOW_HEAD_SHA" ]; then - echo "::error::SHA mismatch -- artifact PR ($ACTUAL_SHA) != workflow trigger ($WORKFLOW_HEAD_SHA)" - echo "::error::This may indicate artifact tampering. Aborting." - exit 1 - fi - - echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" - echo "Validated PR #$PR_NUMBER (SHA: $WORKFLOW_HEAD_SHA)" - - - name: Checkout base branch - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code Review - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - plugin_marketplaces: "https://github.com/anthropics/claude-code.git" - plugins: "code-review@claude-code-plugins" - prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ steps.pr.outputs.number }}" - - # PATH B: Manual trigger via /claude-review comment on a PR - claude-review-manual: + claude-review: if: | github.event_name == 'issue_comment' && github.event.issue.pull_request && @@ -96,6 +32,7 @@ jobs: with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} + trigger_phrase: "/claude-review" plugin_marketplaces: "https://github.com/anthropics/claude-code.git" plugins: "code-review@claude-code-plugins" prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.issue.number }}" diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 19adc6c4..8ecdcd36 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -1,5 +1,6 @@ name: Claude Code +# Claude Code interactive agent - responds to @claude mentions on: issue_comment: types: [created] diff --git a/.github/workflows/prepare-claude-review.yml b/.github/workflows/prepare-claude-review.yml deleted file mode 100644 index 0569b638..00000000 --- a/.github/workflows/prepare-claude-review.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Prepare Claude Review - -on: - pull_request: - types: [opened, synchronize, ready_for_review, reopened, labeled] - -permissions: - contents: read - -jobs: - prepare: - if: | - ( - github.event.action != 'labeled' && - ( - github.event.pull_request.author_association == 'MEMBER' || - github.event.pull_request.author_association == 'COLLABORATOR' || - github.event.pull_request.author_association == 'OWNER' || - contains(github.event.pull_request.labels.*.name, 'claude-review-approved') - ) - ) || ( - github.event.action == 'labeled' && - github.event.label.name == 'claude-review-approved' - ) - runs-on: ubuntu-latest - steps: - - name: Save PR metadata - env: - PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - echo "$PR_NUMBER" > pr_number.txt - - - name: Upload PR metadata - uses: actions/upload-artifact@v4 - with: - name: pr-metadata - path: pr_number.txt - retention-days: 1