From 1b4ce2d2090234d805193b955d1b57209c6a3b1a Mon Sep 17 00:00:00 2001 From: Aditya Bisht Date: Sun, 15 Mar 2026 18:46:27 +0530 Subject: [PATCH 1/4] added comment to claude workflow for testing --- .github/workflows/claude.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 19adc6c4..8ecdcd36 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -1,5 +1,6 @@ name: Claude Code +# Claude Code interactive agent - responds to @claude mentions on: issue_comment: types: [created] From 6e8f130b640406fdf6eaa88c49cf9f93e6a8b2cc Mon Sep 17 00:00:00 2001 From: Aditya Bisht Date: Sun, 15 Mar 2026 18:53:47 +0530 Subject: [PATCH 2/4] fix: use direct pull_request trigger for auto code review The two-stage workflow_run pattern loses PR context, causing the action to run Claude but fail to post review comments (empty PR_NUMBER). Switching to direct pull_request trigger fixes this. --- .github/workflows/claude-code-review.yml | 52 +++++---------------- .github/workflows/prepare-claude-review.yml | 38 --------------- 2 files changed, 11 insertions(+), 79 deletions(-) delete mode 100644 .github/workflows/prepare-claude-review.yml diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 8afac796..9e4220e2 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -1,18 +1,21 @@ name: Claude Code Review on: - workflow_run: - workflows: ["Prepare Claude Review"] - types: [completed] + pull_request: + types: [opened, synchronize, ready_for_review, reopened] issue_comment: types: [created] jobs: - # PATH A: Auto-trigger via workflow_run (trusted authors, or label-approved fork PRs) + # PATH A: Auto-trigger on PR open/update (trusted authors only) claude-review-auto: if: | - github.event_name == 'workflow_run' && - github.event.workflow_run.conclusion == 'success' + github.event_name == 'pull_request' && + ( + github.event.pull_request.author_association == 'MEMBER' || + github.event.pull_request.author_association == 'COLLABORATOR' || + github.event.pull_request.author_association == 'OWNER' + ) runs-on: ubuntu-latest permissions: contents: read @@ -21,40 +24,7 @@ jobs: actions: read steps: - - name: Download PR metadata - uses: actions/download-artifact@v4 - with: - name: pr-metadata - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Validate PR metadata - id: pr - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WORKFLOW_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} - REPO: ${{ github.repository }} - run: | - PR_NUMBER=$(cat pr_number.txt) - - # Validate PR number is a positive integer (defense against artifact tampering) - if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then - echo "::error::Invalid PR number in artifact: not an integer" - exit 1 - fi - - # Cross-reference: verify the PR's head SHA matches the workflow_run's head SHA - ACTUAL_SHA=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json headRefOid -q '.headRefOid') - if [ "$ACTUAL_SHA" != "$WORKFLOW_HEAD_SHA" ]; then - echo "::error::SHA mismatch -- artifact PR ($ACTUAL_SHA) != workflow trigger ($WORKFLOW_HEAD_SHA)" - echo "::error::This may indicate artifact tampering. Aborting." - exit 1 - fi - - echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" - echo "Validated PR #$PR_NUMBER (SHA: $WORKFLOW_HEAD_SHA)" - - - name: Checkout base branch + - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 1 @@ -66,7 +36,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} plugin_marketplaces: "https://github.com/anthropics/claude-code.git" plugins: "code-review@claude-code-plugins" - prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ steps.pr.outputs.number }}" + prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}" # PATH B: Manual trigger via /claude-review comment on a PR claude-review-manual: diff --git a/.github/workflows/prepare-claude-review.yml b/.github/workflows/prepare-claude-review.yml deleted file mode 100644 index 0569b638..00000000 --- a/.github/workflows/prepare-claude-review.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Prepare Claude Review - -on: - pull_request: - types: [opened, synchronize, ready_for_review, reopened, labeled] - -permissions: - contents: read - -jobs: - prepare: - if: | - ( - github.event.action != 'labeled' && - ( - github.event.pull_request.author_association == 'MEMBER' || - github.event.pull_request.author_association == 'COLLABORATOR' || - github.event.pull_request.author_association == 'OWNER' || - contains(github.event.pull_request.labels.*.name, 'claude-review-approved') - ) - ) || ( - github.event.action == 'labeled' && - github.event.label.name == 'claude-review-approved' - ) - runs-on: ubuntu-latest - steps: - - name: Save PR metadata - env: - PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - echo "$PR_NUMBER" > pr_number.txt - - - name: Upload PR metadata - uses: actions/upload-artifact@v4 - with: - name: pr-metadata - path: pr_number.txt - retention-days: 1 From 03564ca5967caa51d12a6397ef879b8f7702e6c3 Mon Sep 17 00:00:00 2001 From: Aditya Bisht Date: Sun, 15 Mar 2026 18:58:15 +0530 Subject: [PATCH 3/4] remove auto code review, keep manual /claude-review only Auto-review on every push is expensive. Manual trigger via /claude-review comment gives full control over when reviews run. --- .github/workflows/claude-code-review.yml | 36 +----------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 9e4220e2..dc9d2ee2 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -1,45 +1,11 @@ name: Claude Code Review on: - pull_request: - types: [opened, synchronize, ready_for_review, reopened] issue_comment: types: [created] jobs: - # PATH A: Auto-trigger on PR open/update (trusted authors only) - claude-review-auto: - if: | - github.event_name == 'pull_request' && - ( - github.event.pull_request.author_association == 'MEMBER' || - github.event.pull_request.author_association == 'COLLABORATOR' || - github.event.pull_request.author_association == 'OWNER' - ) - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - issues: write - actions: read - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code Review - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - plugin_marketplaces: "https://github.com/anthropics/claude-code.git" - plugins: "code-review@claude-code-plugins" - prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}" - - # PATH B: Manual trigger via /claude-review comment on a PR - claude-review-manual: + claude-review: if: | github.event_name == 'issue_comment' && github.event.issue.pull_request && From 1a8c429bc59c96219bff81b7c1f5e634f8d24f47 Mon Sep 17 00:00:00 2001 From: Aditya Bisht Date: Sun, 15 Mar 2026 19:07:02 +0530 Subject: [PATCH 4/4] fix: set trigger_phrase to /claude-review so action posts results Without this, the action defaults trigger_phrase to @claude and runs in agent mode, which doesn't post the review comment back. --- .github/workflows/claude-code-review.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index dc9d2ee2..94631ce7 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -32,6 +32,7 @@ jobs: with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} + trigger_phrase: "/claude-review" plugin_marketplaces: "https://github.com/anthropics/claude-code.git" plugins: "code-review@claude-code-plugins" prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.issue.number }}"