Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/claude-code-review.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Claude Code Review

on:
pull_request_target:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
Comment on lines 3 to 5

Copilot AI Mar 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switching this workflow from pull_request_target to pull_request improves safety, but note that pull_request workflows do not receive repository secrets for PRs from forks. As written, this can cause failing checks on forked PRs due to missing CLAUDE_CODE_OAUTH_TOKEN. Consider adding a guard to skip when github.event.pull_request.head.repo.fork == true (or otherwise handle missing secrets gracefully).

Copilot uses AI. Check for mistakes.
# Optional: Only run on specific file changes
# paths:
Expand All @@ -21,24 +21,24 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
issues: write
pull-requests: read
issues: read
Comment on lines +24 to +25

Copilot AI Mar 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pull-requests/issues permissions were reduced to read, but a "Code Review" workflow generally needs to write a PR review/comment back to the pull request. With read-only permissions, the action is likely unable to publish the review results. Consider restoring the minimum required write permissions (at least pull-requests: write and/or issues: write, depending on how the action posts feedback).

Suggested change
pull-requests: read
issues: read
pull-requests: write
issues: write

Copilot uses AI. Check for mistakes.
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 1

- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
plugins: 'code-review@claude-code-plugins'
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options

7 changes: 4 additions & 3 deletions .github/workflows/claude.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
issues: write
pull-requests: read
issues: read
Comment on lines +23 to +24

Copilot AI Mar 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pull-requests/issues permissions were reduced to read, but this workflow is triggered by @claude mentions and the Claude action typically needs to create PR/issue comments (and possibly PR reviews) to respond. With read-only permissions, the action will be unable to post results back to GitHub. Consider restoring the minimum required write permissions (e.g., issues: write for comments + pull-requests: write for PR review/comments) while keeping contents: read.

Suggested change
pull-requests: read
issues: read
pull-requests: write
issues: write

Copilot uses AI. Check for mistakes.
Comment on lines 22 to +24

Copilot AI Mar 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description states "Only users with write access to the repository can trigger the workflow", but the workflow does not enforce this and will run for any @claude mention in issue/PR comments. This can allow untrusted users to trigger runs (token spend) and potentially prompt the agent to act on sensitive repo context. Add an explicit actor/author_association guard in the job if: (e.g., restrict to OWNER, MEMBER, COLLABORATOR) or otherwise validate the commenter before running.

Copilot uses AI. Check for mistakes.
id-token: write
actions: read # Required for Claude to read CI results on PRs
steps:
Expand All @@ -34,7 +34,7 @@ jobs:
id: claude
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Copilot AI Mar 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR description says the Anthropic API key is stored as ANTHROPIC_API_KEY, but the workflow now uses CLAUDE_CODE_OAUTH_TOKEN via claude_code_oauth_token. Please align the PR description and repository secret setup with the authentication method expected by this workflow to avoid post-merge failures.

Copilot uses AI. Check for mistakes.

# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
Expand All @@ -47,3 +47,4 @@ jobs:
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# claude_args: '--allowed-tools Bash(gh pr:*)'

Loading