Conversation
.github/workflows/claude.yml
Outdated
| # Optional: Add claude_args to customize behavior and configuration | ||
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options | ||
| # claude_args: '--allowed-tools Bash(gh pr:*)' |
There was a problem hiding this comment.
If we want to use claude for changes, we should probably allow
"Bash(go test:*)"
"Bash(go fmt:*)"
"Bash(make lint)"
for a working feedback loop.
There was a problem hiding this comment.
I added some, feel free to add more.
karlb
left a comment
karlb
left a comment
There was a problem hiding this comment.
Not sure if my thoughts are correct here and what you used as a starting point for these workflows. I haven't configured something like this before.
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
What is the expected result of Claude's action? I would expect at least one write here, so that it can either push a commit or add a PR comment.
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 |
There was a problem hiding this comment.
| fetch-depth: 1 | |
| fetch-depth: 10 |
Increasing the number a bit does not cost much but allows us to refer to recent commits and allows Claude to get a bit more context.
| # Add claude_args to customize behavior and configuration | ||
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | ||
| # or https://code.claude.com/docs/en/cli-reference for available options | ||
| claude_args: "--allowed-tools Bash(gh pr:*) Bash(go test:*) Bash(go fmt:*) Bash(make test) Bash(make all) Bash(make geth)" |
There was a problem hiding this comment.
I think this is missing quotes for proper escaping unless we use the allowed_tools key.
| claude_args: "--allowed-tools Bash(gh pr:*) Bash(go test:*) Bash(go fmt:*) Bash(make test) Bash(make all) Bash(make geth)" | |
| allowed_tools: | | |
| Bash(gh pr:*) | |
| Bash(go test:*) | |
| Bash(go fmt:*) | |
| Bash(make test) | |
| Bash(make all) | |
| Bash(make geth) |
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
I don't think Claude can leave a PR comment unless we add write permissions here.
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 |
There was a problem hiding this comment.
I assume we'll get better results if this is large enough to include all PR commits. Reviewing the separate commits including their commit messages is relevant for some PRs. This should be enough for most cases:
| fetch-depth: 1 | |
| fetch-depth: 20 |
I used |
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ad9e6836d4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | ||
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) |
There was a problem hiding this comment.
The job-level if only checks for @claude text and never checks author_association, so any public user who can open an issue or comment can trigger runs that consume secrets.ANTHROPIC_API_KEY. On a public repo this enables untrusted users to spend API budget and drive automated actions; add a trust gate (for example OWNER/MEMBER/COLLABORATOR) alongside the mention checks.
Useful? React with 👍 / 👎.
| id: claude-review | ||
| uses: anthropics/claude-code-action@v1 | ||
| with: | ||
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} |
There was a problem hiding this comment.
This workflow always passes secrets.ANTHROPIC_API_KEY, but pull_request runs from forked repositories do not receive repository secrets, so external contributor PRs will execute this job with an empty key and the Claude step will fail. Add a condition to skip when the secret is missing (or use a fork-safe trigger strategy) to avoid persistent failed checks on fork PRs.
Useful? React with 👍 / 👎.
|
@codex review |
💡 Codex Reviewop-geth/.github/workflows/claude.yml Lines 16 to 19 in ad9e683 Restrict @claude triggers to trusted users
This condition only checks for op-geth/.github/workflows/claude-code-review.yml Lines 4 to 5 in ad9e683 Skip fork PR events when requiring repository secrets
The workflow runs on all ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
4 participants
🤖 Installing Claude Code GitHub App
This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.
What is Claude Code?
Claude Code is an AI coding agent that can help with:
How it works
Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.
Important Notes
Security
There's more information in the Claude Code action repo.
After merging this PR, let's try mentioning @claude in a comment on any PR to get started!