firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(ci): implement comprehensive GitHub automation workflows

Browse Source 
Implemented full GitHub automation system from claude-code-skills-factory
with project-specific configuration for claude-skills repository.

## New Workflows

- **ci-quality-gate.yml**: Automated linting, testing, and security checks
- **claude-code-review.yml**: Enhanced with kill switch and bypass mechanisms
- **pr-issue-auto-close.yml**: Auto-close linked issues when PRs merge
- **smart-sync.yml**: Bidirectional sync between issues and project board

## Configuration Files

- **WORKFLOW_KILLSWITCH**: Emergency workflow disable capability
- **branch-protection-config.json**: Branch protection settings
- **commit-template.txt**: Standardized commit message template
- **AUTOMATION_SETUP.md**: Complete setup and configuration guide

## Templates

- **pull_request_template.md**: Enhanced with security and quality checklists

## Key Features

 AI-powered code reviews with Claude
 Automatic issue closure on PR merge
 Bidirectional issue ↔ project board sync
 Quality gates (YAML lint, Python syntax, security audit)
 Kill switch for emergency workflow disable
 Rate limit protection with circuit breakers
 10-second debouncing to prevent sync loops

## Project Configuration

- Repository: alirezarezvani/claude-skills
- Project Number: 9
- Status: Ready for PROJECTS_TOKEN configuration

## Testing

Workflows validated with yamllint and ready for deployment.

See .github/AUTOMATION_SETUP.md for complete setup instructions.
This commit is contained in:
Reza Rezvani
2025-11-04 21:03:52 +01:00
parent 3d9a358a40
commit 6fbe6cdb27
9 changed files with 1230 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
.github/workflows/ci-quality-gate.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
---
name: CI Quality Gate
'on':
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
workflow_dispatch:
inputs:
ref:
description: Branch to run quality gate against
required: false
repository_dispatch:
types: [ci-quality]
concurrency:
group: quality-gate-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true
jobs:
quality:
name: Lint, Tests, Docs, Security
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 25
steps:
- name: Resolve ref
id: ref
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.ref }}" ]]; then
echo "target_ref=${{ github.event.inputs.ref }}" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event_name }}" == "repository_dispatch" && -n "${{ github.event.client_payload.ref }}" ]]; then
echo "target_ref=${{ github.event.client_payload.ref }}" >> "$GITHUB_OUTPUT"
else
echo "target_ref=${{ github.head_ref || github.ref_name }}" >> "$GITHUB_OUTPUT"
fi
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ steps.ref.outputs.target_ref }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install tooling
run: |
python -m pip install --upgrade pip
pip install yamllint==1.35.1 check-jsonschema==0.28.4 safety==3.2.4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: YAML lint (.github/workflows)
run: |
yamllint -d '{extends: default, rules: {line-length: {max: 160}}}' .github/workflows
- name: Validate GitHub workflow schemas
run: |
check-jsonschema --schema github-workflow --base-dir . .github/workflows/*.yml
- name: Python syntax check
run: |
python -m compileall marketing-skill product-team c-level-advisor engineering-team ra-qm-team || true
- name: Safety dependency audit (requirements*.txt)
run: |
set -e
files=$(find . -name "requirements*.txt" 2>/dev/null || true)
if [[ -z "$files" ]]; then
echo "No requirements files found; skipping safety scan."
exit 0
fi
for f in $files; do
echo "Auditing $f"
safety check --full-report --file "$f" || true
done
- name: Markdown link spot-check
run: |
npx --yes markdown-link-check@3.12.2 README.md
- name: Summarize results
if: always()
run: |
echo "Quality gate completed with status: ${{ job.status }}"

106
.github/workflows/claude-code-review.yml vendored
View File

@@ -1,39 +1,92 @@
---
name: Claude Code Review
on:
'on':
pull_request:
types: [opened, synchronize]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"
# Prevent multiple review runs on rapid PR updates
concurrency:
group: claude-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
# Auto-review ALL pull requests with Claude
# BYPASS: Add [EMERGENCY], [SKIP REVIEW], or [HOTFIX] to PR title
# BYPASS: Or add 'emergency' or 'skip-review' label to PR
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
id-token: write # Required by Claude Code action for OIDC authentication
steps:
- name: Check Workflow Kill Switch
run: |
if [ -f ".github/WORKFLOW_KILLSWITCH" ]; then
STATUS=$(grep "STATUS:" .github/WORKFLOW_KILLSWITCH | awk '{print $2}')
if [ "$STATUS" = "DISABLED" ]; then
echo "🛑 Workflows disabled by kill switch"
exit 0
fi
fi
- name: Check for Review Bypass
id: bypass
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
PR_LABELS="${{ toJSON(github.event.pull_request.labels.*.name) }}"
# Check for bypass markers in PR title
if echo "$PR_TITLE" | grep -qE '\[EMERGENCY\]|\[SKIP REVIEW\]|\[HOTFIX\]'; then
echo "bypass=true" >> $GITHUB_OUTPUT
echo "reason=PR title contains bypass marker" >> $GITHUB_OUTPUT
echo "⏭️ BYPASS: PR title contains bypass marker"
exit 0
fi
# Check for bypass labels
if echo "$PR_LABELS" | grep -qE 'emergency|skip-review|hotfix'; then
echo "bypass=true" >> $GITHUB_OUTPUT
echo "reason=PR has bypass label" >> $GITHUB_OUTPUT
echo "⏭️ BYPASS: PR has bypass label"
exit 0
fi
echo "bypass=false" >> $GITHUB_OUTPUT
echo "✅ No bypass detected - review will proceed"
- name: Post Bypass Notice
if: steps.bypass.outputs.bypass == 'true'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ⏭️ Code Review Bypassed
**Reason**: ${{ steps.bypass.outputs.reason }}
⚠️ **Manual review recommended** - This PR was merged without automated code review.
---
*Bypass triggered by emergency procedures protocol*`
})
- name: Checkout repository
if: steps.bypass.outputs.bypass != 'true'
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Run Claude Code Review
if: steps.bypass.outputs.bypass != 'true'
id: claude-review
uses: anthropics/claude-code-action@v1
continue-on-error: true
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
@@ -46,12 +99,33 @@ jobs:
- Performance considerations
- Security concerns
- Test coverage
- Skill quality (if applicable)
Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
# or https://docs.claude.com/en/docs/claude-code/cli-reference
claude_args: >-
--allowed-tools
"Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),
Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"
- name: Post fallback review note (quota/timeout)
if: steps.claude-review.outcome != 'success'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ⚠️ Automated Review Skipped
The automated Claude review could not complete (likely quota or a transient error).
- You can retry this workflow from the Actions tab
- Proceed with manual review to unblock
`
})

207
.github/workflows/pr-issue-auto-close.yml vendored Normal file
View File

@@ -0,0 +1,207 @@
---
name: Auto-Close Issues on PR Merge
'on':
pull_request:
types: [closed]
permissions:
issues: write
pull-requests: read
contents: read
jobs:
close-linked-issues:
name: Close Issues Linked in PR
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check Workflow Kill Switch
run: |
if [ -f ".github/WORKFLOW_KILLSWITCH" ]; then
STATUS=$(grep "STATUS:" .github/WORKFLOW_KILLSWITCH | awk '{print $2}')
if [ "$STATUS" = "DISABLED" ]; then
echo "🛑 Workflows disabled by kill switch"
exit 0
fi
fi
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract linked issues from PR body
id: extract_issues
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const prBody = context.payload.pull_request.body || '';
const prNumber = context.payload.pull_request.number;
// Patterns to detect linked issues
// Supports: Fixes #123, Closes #456, Resolves #789, Related to #111, See #222
const patterns = [
/(?:fix|fixes|fixed|close|closes|closed|resolve|resolves|resolved)\s+#(\d+)/gi,
/(?:related\s+to|see|ref|references)\s+#(\d+)/gi
];
const issueNumbers = new Set();
// Extract issue numbers
patterns.forEach(pattern => {
let match;
while ((match = pattern.exec(prBody)) !== null) {
issueNumbers.add(match[1]);
}
});
// Also check PR title
const prTitle = context.payload.pull_request.title || '';
patterns.forEach(pattern => {
let match;
while ((match = pattern.exec(prTitle)) !== null) {
issueNumbers.add(match[1]);
}
});
// Also check commit messages in PR
const commits = await github.rest.pulls.listCommits({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: prNumber
});
commits.data.forEach(commit => {
const message = commit.commit.message;
patterns.forEach(pattern => {
let match;
while ((match = pattern.exec(message)) !== null) {
issueNumbers.add(match[1]);
}
});
});
const issues = Array.from(issueNumbers);
console.log(`Found linked issues: ${issues.join(', ')}`);
return issues;
- name: Close linked issues
if: steps.extract_issues.outputs.result != '[]'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const issueNumbers = ${{ steps.extract_issues.outputs.result }};
const prNumber = context.payload.pull_request.number;
const prTitle = context.payload.pull_request.title;
const prUrl = context.payload.pull_request.html_url;
const merger = context.payload.pull_request.merged_by.login;
console.log(`Processing ${issueNumbers.length} linked issue(s)`);
for (const issueNumber of issueNumbers) {
try {
// Get issue details first
const issue = await github.rest.issues.get({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: parseInt(issueNumber)
});
// Skip if already closed
if (issue.data.state === 'closed') {
console.log(`Issue #${issueNumber} already closed, skipping`);
continue;
}
// Add comment explaining closure
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: parseInt(issueNumber),
body: `## ✅ Completed via PR #${prNumber}
**PR**: ${prTitle}
**URL**: ${prUrl}
**Merged by**: @${merger}
This issue has been resolved and the changes have been merged into main.
🤖 Automatically closed via PR merge automation`
});
// Close the issue
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: parseInt(issueNumber),
state: 'closed',
state_reason: 'completed'
});
console.log(`✅ Closed issue #${issueNumber}`);
} catch (error) {
console.error(`❌ Failed to close issue #${issueNumber}: ${error.message}`);
}
}
- name: Update project board status
if: steps.extract_issues.outputs.result != '[]'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const issueNumbers = ${{ steps.extract_issues.outputs.result }};
for (const issueNumber of issueNumbers) {
try {
// Add status: done label
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: parseInt(issueNumber),
labels: ['status: done']
});
// Remove in-progress and in-review labels
const labelsToRemove = ['status: in-progress', 'status: in-review'];
for (const label of labelsToRemove) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: parseInt(issueNumber),
name: label
});
} catch (e) {
// Label might not exist, ignore error
}
}
console.log(`✅ Updated project status for issue #${issueNumber}`);
} catch (error) {
console.error(`❌ Failed to update status for issue #${issueNumber}: ${error.message}`);
}
}
- name: Summary
if: steps.extract_issues.outputs.result != '[]'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const issueNumbers = ${{ steps.extract_issues.outputs.result }};
const prNumber = context.payload.pull_request.number;
console.log(`
✅ PR #${prNumber} Merge Automation Complete
Closed issues: ${issueNumbers.join(', ')}
Updated project board: status → done
Comments added: Linked to PR #${prNumber}
All linked issues have been automatically closed and marked as done.
`);

442
.github/workflows/smart-sync.yml vendored Normal file
View File

@@ -0,0 +1,442 @@
---
name: Smart Bidirectional Sync
'on':
issues:
types: [labeled, closed, reopened]
projects_v2_item:
types: [edited]
# Prevent sync loops with debouncing
concurrency:
group: smart-sync-${{ github.event.issue.number || github.event.projects_v2_item.node_id }}
cancel-in-progress: true # Cancel pending runs (debouncing effect)
jobs:
determine-direction:
runs-on: ubuntu-latest
timeout-minutes: 3
permissions:
contents: read
issues: read
id-token: write
outputs:
should_sync: ${{ steps.check.outputs.should_sync }}
direction: ${{ steps.check.outputs.direction }}
issue_number: ${{ steps.check.outputs.issue_number }}
steps:
- name: Check Workflow Kill Switch
run: |
if [ -f ".github/WORKFLOW_KILLSWITCH" ]; then
STATUS=$(grep "STATUS:" .github/WORKFLOW_KILLSWITCH | awk '{print $2}')
if [ "$STATUS" = "DISABLED" ]; then
echo "🛑 Workflows disabled by kill switch"
exit 0
fi
fi
- name: Determine Sync Direction
id: check
run: |
# Check which event triggered this workflow
if [ "${{ github.event_name }}" = "issues" ]; then
# Issue event → sync to project board
echo "direction=issue-to-project" >> $GITHUB_OUTPUT
echo "issue_number=${{ github.event.issue.number }}" >> $GITHUB_OUTPUT
# Only sync on status label changes or state changes
if [[ "${{ github.event.action }}" == "labeled" && "${{ github.event.label.name }}" == status:* ]] || \
[ "${{ github.event.action }}" = "closed" ] || \
[ "${{ github.event.action }}" = "reopened" ]; then
echo "should_sync=true" >> $GITHUB_OUTPUT
echo "✅ Will sync: Issue #${{ github.event.issue.number }} → Project Board"
else
echo "should_sync=false" >> $GITHUB_OUTPUT
echo "⏭️ Skipping: Not a status change or state change"
fi
elif [ "${{ github.event_name }}" = "projects_v2_item" ]; then
# Project event → sync to issue
echo "direction=project-to-issue" >> $GITHUB_OUTPUT
echo "should_sync=true" >> $GITHUB_OUTPUT
echo "✅ Will sync: Project Board → Issue"
else
echo "should_sync=false" >> $GITHUB_OUTPUT
echo "⚠️ Unknown event type"
fi
rate-limit-check:
needs: determine-direction
if: needs.determine-direction.outputs.should_sync == 'true'
runs-on: ubuntu-latest
timeout-minutes: 2
permissions:
contents: read
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
can_proceed: ${{ steps.limits.outputs.can_proceed }}
steps:
- name: Check Rate Limits (Circuit Breaker)
id: limits
run: |
echo "🔍 Checking GitHub API rate limits..."
# Get rate limit status
core_remaining=$(gh api rate_limit --jq '.resources.core.remaining')
core_limit=$(gh api rate_limit --jq '.resources.core.limit')
graphql_remaining=$(gh api rate_limit --jq '.resources.graphql.remaining')
graphql_limit=$(gh api rate_limit --jq '.resources.graphql.limit')
echo "📊 Rate Limits:"
echo " REST API: $core_remaining/$core_limit"
echo " GraphQL: $graphql_remaining/$graphql_limit"
# Require at least 50 remaining for sync operations
if [ "$core_remaining" -lt 50 ] || [ "$graphql_remaining" -lt 50 ]; then
echo "can_proceed=false" >> $GITHUB_OUTPUT
echo "⚠️ Rate limits too low. Skipping sync to prevent violations."
exit 0
fi
echo "can_proceed=true" >> $GITHUB_OUTPUT
echo "✅ Rate limits sufficient for sync operation"
# 10-second debounce delay
debounce:
needs: [determine-direction, rate-limit-check]
if: |
needs.determine-direction.outputs.should_sync == 'true' &&
needs.rate-limit-check.outputs.can_proceed == 'true'
runs-on: ubuntu-latest
timeout-minutes: 1
steps:
- name: Debounce Delay
run: |
echo "⏱️ Applying 10-second debounce..."
sleep 10
echo "✅ Debounce complete. Proceeding with sync."
sync-issue-to-project:
needs: [determine-direction, rate-limit-check, debounce]
if: |
needs.determine-direction.outputs.direction == 'issue-to-project' &&
needs.rate-limit-check.outputs.can_proceed == 'true'
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
issues: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Sync Issue to Project Board
uses: anthropics/claude-code-action@v1
env:
GH_TOKEN: ${{ secrets.PROJECTS_TOKEN }}
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
# Issue → Project Board Sync
**Issue**: #${{ github.event.issue.number }} "${{ github.event.issue.title }}"
**State**: ${{ github.event.issue.state }}
**Action**: ${{ github.event.action }}
## Task: Sync issue status to project board
### Step 1: Check if in Project
```bash
PROJECT_ITEM=$(gh api graphql -f query='
query {
repository(owner: "alirezarezvani", name: "claude-skills") {
issue(number: ${{ github.event.issue.number }}) {
projectItems(first: 10) {
nodes {
id
project { number }
}
}
}
}
}
' --jq '.data.repository.issue.projectItems.nodes[] | select(.project.number == 9) | .id')
if [ -z "$PROJECT_ITEM" ]; then
echo "Adding to project..."
gh project item-add 9 --owner alirezarezvani --url ${{ github.event.issue.html_url }}
sleep 2
PROJECT_ITEM=$(gh api graphql -f query='
query {
repository(owner: "alirezarezvani", name: "claude-skills") {
issue(number: ${{ github.event.issue.number }}) {
projectItems(first: 10) {
nodes {
id
project { number }
}
}
}
}
}
' --jq '.data.repository.issue.projectItems.nodes[] | select(.project.number == 9) | .id')
fi
echo "Project Item ID: $PROJECT_ITEM"
```
### Step 2: Determine Target Status
```bash
LABELS=$(gh issue view ${{ github.event.issue.number }} --json labels --jq '[.labels[].name] | join(",")')
ISSUE_STATE="${{ github.event.issue.state }}"
# Priority order: closed state > status labels > default
if [ "$ISSUE_STATE" = "closed" ]; then
TARGET_STATUS="Done"
elif echo "$LABELS" | grep -q "status: done"; then
TARGET_STATUS="Done"
elif echo "$LABELS" | grep -q "status: in-review"; then
TARGET_STATUS="In Review"
elif echo "$LABELS" | grep -q "status: in-progress"; then
TARGET_STATUS="In Progress"
elif echo "$LABELS" | grep -q "status: ready"; then
TARGET_STATUS="Ready"
elif echo "$LABELS" | grep -q "status: backlog"; then
TARGET_STATUS="Backlog"
elif echo "$LABELS" | grep -q "status: triage"; then
TARGET_STATUS="To triage"
else
TARGET_STATUS=$([ "$ISSUE_STATE" = "open" ] && echo "To triage" || echo "Done")
fi
echo "Target Status: $TARGET_STATUS"
```
### Step 3: Get Project IDs
```bash
PROJECT_DATA=$(gh api graphql -f query='
query {
user(login: "alirezarezvani") {
projectV2(number: 9) {
id
fields(first: 20) {
nodes {
... on ProjectV2SingleSelectField {
id
name
options {
id
name
}
}
}
}
}
}
}
')
PROJECT_ID=$(echo "$PROJECT_DATA" | jq -r '.data.user.projectV2.id')
STATUS_FIELD_ID=$(echo "$PROJECT_DATA" | \
jq -r '.data.user.projectV2.fields.nodes[] | select(.name == "Status") | .id')
STATUS_OPTION_ID=$(echo "$PROJECT_DATA" | jq -r --arg status "$TARGET_STATUS" \
'.data.user.projectV2.fields.nodes[] | select(.name == "Status") | .options[] | select(.name == $status) | .id')
```
### Step 4: Update Project Board
```bash
if [ -n "$PROJECT_ITEM" ] && [ -n "$STATUS_OPTION_ID" ]; then
gh api graphql -f query='
mutation {
updateProjectV2ItemFieldValue(
input: {
projectId: "'"$PROJECT_ID"'"
itemId: "'"$PROJECT_ITEM"'"
fieldId: "'"$STATUS_FIELD_ID"'"
value: { singleSelectOptionId: "'"$STATUS_OPTION_ID"'" }
}
) {
projectV2Item { id }
}
}
'
echo "✅ Project board updated to: $TARGET_STATUS"
else
echo "⚠️ Could not update (missing IDs)"
fi
```
## Rules
- DO NOT comment on issue (prevents notification spam)
- DO NOT modify issue labels (prevents sync loop)
- Only update project board status
claude_args: '--allowed-tools "Bash(gh issue:*),Bash(gh api:*),Bash(gh project:*),Bash(echo:*),Bash(sleep:*)"'
sync-project-to-issue:
needs: [determine-direction, rate-limit-check, debounce]
if: |
needs.determine-direction.outputs.direction == 'project-to-issue' &&
needs.rate-limit-check.outputs.can_proceed == 'true'
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
issues: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Sync Project Board to Issue
uses: anthropics/claude-code-action@v1
env:
GH_TOKEN: ${{ secrets.PROJECTS_TOKEN }}
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
# Project Board → Issue Sync
**Project Item**: ${{ github.event.projects_v2_item.node_id }}
**Content**: ${{ github.event.projects_v2_item.content_node_id }}
**Changed By**: @${{ github.event.sender.login }}
## Task: Sync project board status to issue
### Step 1: Get Issue Number
```bash
CONTENT_ID="${{ github.event.projects_v2_item.content_node_id }}"
ISSUE_DATA=$(gh api graphql -f query='
query {
node(id: "${{ github.event.projects_v2_item.node_id }}") {
... on ProjectV2Item {
content {
... on Issue {
number
url
state
title
}
}
}
}
}
')
ISSUE_NUMBER=$(echo "$ISSUE_DATA" | jq -r '.data.node.content.number')
if [ -z "$ISSUE_NUMBER" ] || [ "$ISSUE_NUMBER" = "null" ]; then
echo "⏭️ Not an issue (might be PR or other content)"
exit 0
fi
echo "Issue Number: $ISSUE_NUMBER"
```
### Step 2: Get Project Status
```bash
STATUS=$(gh api graphql -f query='
query {
node(id: "${{ github.event.projects_v2_item.node_id }}") {
... on ProjectV2Item {
fieldValues(first: 20) {
nodes {
... on ProjectV2ItemFieldSingleSelectValue {
name
field {
... on ProjectV2SingleSelectField {
name
}
}
}
}
}
}
}
}
' --jq '.data.node.fieldValues.nodes[] | select(.field.name == "Status") | .name')
if [ -z "$STATUS" ]; then
echo "⏭️ No status field found"
exit 0
fi
echo "Project Status: $STATUS"
```
### Step 3: Map Status to Label
```bash
case "$STATUS" in
"To triage") NEW_LABEL="status: triage" ;;
"Backlog") NEW_LABEL="status: backlog" ;;
"Ready") NEW_LABEL="status: ready" ;;
"In Progress") NEW_LABEL="status: in-progress" ;;
"In Review") NEW_LABEL="status: in-review" ;;
"Done") NEW_LABEL="status: done" ;;
*)
echo "⏭️ Unknown status: $STATUS"
exit 0
;;
esac
echo "Target Label: $NEW_LABEL"
```
### Step 4: Update Issue Labels
```bash
CURRENT_LABELS=$(gh issue view $ISSUE_NUMBER --json labels --jq '[.labels[].name] | join(",")')
# Remove all status: labels
for label in "status: triage" "status: backlog" "status: ready" "status: in-progress" "status: in-review" "status: done"; do
if echo "$CURRENT_LABELS" | grep -q "$label"; then
gh issue edit $ISSUE_NUMBER --remove-label "$label" 2>/dev/null || true
fi
done
# Add new status label
gh issue edit $ISSUE_NUMBER --add-label "$NEW_LABEL"
echo "✅ Label updated to: $NEW_LABEL"
```
### Step 5: Handle Issue State
```bash
CURRENT_STATE=$(gh issue view $ISSUE_NUMBER --json state --jq '.state')
if [ "$STATUS" = "Done" ] && [ "$CURRENT_STATE" = "OPEN" ]; then
gh issue close $ISSUE_NUMBER --reason completed
echo "✅ Issue closed (moved to Done)"
elif [ "$STATUS" != "Done" ] && [ "$CURRENT_STATE" = "CLOSED" ]; then
gh issue reopen $ISSUE_NUMBER
echo "✅ Issue reopened (moved from Done)"
fi
```
### Step 6: Silent Completion
```bash
echo "✅ Sync complete: Issue #$ISSUE_NUMBER updated to $STATUS"
```
## Rules
- DO NOT comment on issue (prevents notification spam)
- DO NOT modify project board (prevents sync loop)
- Only update issue labels and state
claude_args: '--allowed-tools "Bash(gh issue:*),Bash(gh api:*),Bash(echo:*)"'