firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
ed2419b8e176cda724b2c5e0b8620768638924bb
claude-skills-reference/.github/workflows/claude-code-review.yml
Claude ed2419b8e1 fix(ci): handle fork PRs in GitHub Actions workflows 
Fork-based PRs (like PR #498) caused all CI checks to fail due to:
- ci-quality-gate: checkout failed because fork branch names don't exist
  in the base repo. Now uses commit SHA for PR events.
- skill-security-audit: comment posting failed with read-only GITHUB_TOKEN.
  Now continues on error and writes results to job summary as fallback.
- claude-code-review: fallback comment step failed silently. Now continues
  on error and writes status to job summary.

https://claude.ai/code/session_01X1RKFAkEwxgg6gQvJG1KCa
2026-04-08 21:56:45 +00:00

143 lines
5.3 KiB
YAML
Raw Blame History

---
name: Claude Code Review
'on':
pull_request:
types: [opened, synchronize]
# Prevent multiple review runs on rapid PR updates
concurrency:
group: claude-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
claude-review:
# Auto-review ALL pull requests with Claude
# BYPASS: Add [EMERGENCY], [SKIP REVIEW], or [HOTFIX] to PR title
# BYPASS: Or add 'emergency' or 'skip-review' label to PR
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
id-token: write # Required by Claude Code action for OIDC authentication
steps:
- name: Check Workflow Kill Switch
run: |
if [ -f ".github/WORKFLOW_KILLSWITCH" ]; then
STATUS=$(grep "STATUS:" .github/WORKFLOW_KILLSWITCH | awk '{print $2}')
if [ "$STATUS" = "DISABLED" ]; then
echo "🛑 Workflows disabled by kill switch"
exit 0
fi
fi
- name: Check for Review Bypass
id: bypass
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
PR_LABELS="${{ toJSON(github.event.pull_request.labels.*.name) }}"
# Check for bypass markers in PR title
if echo "$PR_TITLE" | grep -qE '\[EMERGENCY\]|\[SKIP REVIEW\]|\[HOTFIX\]'; then
echo "bypass=true" >> $GITHUB_OUTPUT
echo "reason=PR title contains bypass marker" >> $GITHUB_OUTPUT
echo "⏭️ BYPASS: PR title contains bypass marker"
exit 0
fi
# Check for bypass labels
if echo "$PR_LABELS" | grep -qE 'emergency|skip-review|hotfix'; then
echo "bypass=true" >> $GITHUB_OUTPUT
echo "reason=PR has bypass label" >> $GITHUB_OUTPUT
echo "⏭️ BYPASS: PR has bypass label"
exit 0
fi
echo "bypass=false" >> $GITHUB_OUTPUT
echo "✅ No bypass detected - review will proceed"
- name: Post Bypass Notice
if: steps.bypass.outputs.bypass == 'true'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ⏭️ Code Review Bypassed
**Reason**: ${{ steps.bypass.outputs.reason }}
⚠️ **Manual review recommended** - This PR was merged without automated code review.
---
*Bypass triggered by emergency procedures protocol*`
})
- name: Checkout repository
if: steps.bypass.outputs.bypass != 'true'
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Run Claude Code Review
if: steps.bypass.outputs.bypass != 'true'
id: claude-review
uses: anthropics/claude-code-action@v1
continue-on-error: true
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Please review this pull request and provide feedback on:
- Code quality and best practices
- Potential bugs or issues
- Performance considerations
- Security concerns
- Test coverage
- Skill quality (if applicable)
Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://docs.claude.com/en/docs/claude-code/cli-reference
claude_args: >-
--allowed-tools
"Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),
Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"
- name: Post fallback review note (quota/timeout)
if: steps.claude-review.outcome != 'success'
continue-on-error: true # Fork PRs have read-only GITHUB_TOKEN
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ⚠️ Automated Review Skipped
The automated Claude review could not complete (likely quota or a transient error).
- You can retry this workflow from the Actions tab
- Proceed with manual review to unblock
`
})
- name: Write review status to job summary
if: steps.claude-review.outcome != 'success'
run: |
echo "## ⚠️ Automated Review Skipped" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "The Claude review could not complete." >> "$GITHUB_STEP_SUMMARY"
echo "For fork PRs this is expected — OIDC tokens are unavailable." >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "- Retry from the Actions tab, or proceed with manual review." >> "$GITHUB_STEP_SUMMARY"
Reference in New Issue View Git Blame Copy Permalink