firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ci): implement comprehensive GitHub automation workflows

Browse Source 
Implemented full GitHub automation system from claude-code-skills-factory
with project-specific configuration for claude-skills repository.

## New Workflows

- **ci-quality-gate.yml**: Automated linting, testing, and security checks
- **claude-code-review.yml**: Enhanced with kill switch and bypass mechanisms
- **pr-issue-auto-close.yml**: Auto-close linked issues when PRs merge
- **smart-sync.yml**: Bidirectional sync between issues and project board

## Configuration Files

- **WORKFLOW_KILLSWITCH**: Emergency workflow disable capability
- **branch-protection-config.json**: Branch protection settings
- **commit-template.txt**: Standardized commit message template
- **AUTOMATION_SETUP.md**: Complete setup and configuration guide

## Templates

- **pull_request_template.md**: Enhanced with security and quality checklists

## Key Features

 AI-powered code reviews with Claude
 Automatic issue closure on PR merge
 Bidirectional issue ↔ project board sync
 Quality gates (YAML lint, Python syntax, security audit)
 Kill switch for emergency workflow disable
 Rate limit protection with circuit breakers
 10-second debouncing to prevent sync loops

## Project Configuration

- Repository: alirezarezvani/claude-skills
- Project Number: 9
- Status: Ready for PROJECTS_TOKEN configuration

## Testing

Workflows validated with yamllint and ready for deployment.

See .github/AUTOMATION_SETUP.md for complete setup instructions.
This commit is contained in:
Reza Rezvani
2025-11-04 21:03:52 +01:00
parent 3d9a358a40
commit 6fbe6cdb27
9 changed files with 1230 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
.github/workflows/claude-code-review.yml vendored
View File

@@ -1,39 +1,92 @@
---
name: Claude Code Review
on:
'on':
pull_request:
types: [opened, synchronize]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"
# Prevent multiple review runs on rapid PR updates
concurrency:
group: claude-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
# Auto-review ALL pull requests with Claude
# BYPASS: Add [EMERGENCY], [SKIP REVIEW], or [HOTFIX] to PR title
# BYPASS: Or add 'emergency' or 'skip-review' label to PR
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
id-token: write # Required by Claude Code action for OIDC authentication
steps:
- name: Check Workflow Kill Switch
run: |
if [ -f ".github/WORKFLOW_KILLSWITCH" ]; then
STATUS=$(grep "STATUS:" .github/WORKFLOW_KILLSWITCH | awk '{print $2}')
if [ "$STATUS" = "DISABLED" ]; then
echo "🛑 Workflows disabled by kill switch"
exit 0
fi
fi
- name: Check for Review Bypass
id: bypass
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
PR_LABELS="${{ toJSON(github.event.pull_request.labels.*.name) }}"
# Check for bypass markers in PR title
if echo "$PR_TITLE" | grep -qE '\[EMERGENCY\]|\[SKIP REVIEW\]|\[HOTFIX\]'; then
echo "bypass=true" >> $GITHUB_OUTPUT
echo "reason=PR title contains bypass marker" >> $GITHUB_OUTPUT
echo "⏭️ BYPASS: PR title contains bypass marker"
exit 0
fi
# Check for bypass labels
if echo "$PR_LABELS" | grep -qE 'emergency|skip-review|hotfix'; then
echo "bypass=true" >> $GITHUB_OUTPUT
echo "reason=PR has bypass label" >> $GITHUB_OUTPUT
echo "⏭️ BYPASS: PR has bypass label"
exit 0
fi
echo "bypass=false" >> $GITHUB_OUTPUT
echo "✅ No bypass detected - review will proceed"
- name: Post Bypass Notice
if: steps.bypass.outputs.bypass == 'true'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ⏭️ Code Review Bypassed
**Reason**: ${{ steps.bypass.outputs.reason }}
⚠️ **Manual review recommended** - This PR was merged without automated code review.
---
*Bypass triggered by emergency procedures protocol*`
})
- name: Checkout repository
if: steps.bypass.outputs.bypass != 'true'
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Run Claude Code Review
if: steps.bypass.outputs.bypass != 'true'
id: claude-review
uses: anthropics/claude-code-action@v1
continue-on-error: true
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
@@ -46,12 +99,33 @@ jobs:
- Performance considerations
- Security concerns
- Test coverage
- Skill quality (if applicable)
Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
# or https://docs.claude.com/en/docs/claude-code/cli-reference
claude_args: >-
--allowed-tools
"Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),
Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"
- name: Post fallback review note (quota/timeout)
if: steps.claude-review.outcome != 'success'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ⚠️ Automated Review Skipped
The automated Claude review could not complete (likely quota or a transient error).
- You can retry this workflow from the Actions tab
- Proceed with manual review to unblock
`
})