Switch from pull_request to pull_request_target event to enable OIDC token access for external contributor PRs. This allows the Claude Code action to authenticate properly when reviewing PRs from forks. Also added explicit PR head SHA ref to checkout to ensure we review the correct code. Fixes workflow failure: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL
45 lines
1.5 KiB
YAML
45 lines
1.5 KiB
YAML
name: Claude Code Review
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize, ready_for_review, reopened]
|
|
# Optional: Only run on specific file changes
|
|
# paths:
|
|
# - "src/**/*.ts"
|
|
# - "src/**/*.tsx"
|
|
# - "src/**/*.js"
|
|
# - "src/**/*.jsx"
|
|
|
|
jobs:
|
|
claude-review:
|
|
# Optional: Filter by PR author
|
|
# if: |
|
|
# github.event.pull_request.user.login == 'external-contributor' ||
|
|
# github.event.pull_request.user.login == 'new-developer' ||
|
|
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
|
|
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
issues: read
|
|
id-token: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
fetch-depth: 1
|
|
|
|
- name: Run Claude Code Review
|
|
id: claude-review
|
|
uses: anthropics/claude-code-action@v1
|
|
with:
|
|
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
|
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
|
|
plugins: 'code-review@claude-code-plugins'
|
|
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
|
|
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
|
|
# or https://code.claude.com/docs/en/cli-reference for available options
|
|
|