Add Claude Code GitHub Workflow

[mithun50]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

---

Summary by cubic

Adds GitHub Actions to integrate Claude Code. Supports @claude commands in issues/PRs and runs automatic code reviews on PR updates.

• New Features

  • claude.yml: Triggers on comments or reviews containing @claude; runs anthropics/claude-code-action@v1 with minimal read permissions and actions: read to read CI.
  • claude-code-review.yml: Runs on PR open/sync/ready/reopen; invokes the code review plugin with a prompt targeting the current PR.

• Migration

  • Add the CLAUDE_CODE_OAUTH_TOKEN secret in repository settings.

^{Written for commit b16db53. Summary will update on new commits.}

Summary by CodeRabbit

• New Features
  • Automated code reviews now run automatically when pull requests are opened, updated, or reopened.
  • Claude assistant can be invoked in pull requests and issues through mentions to provide code analysis and feedback on demand.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 473ae7d2-0efd-410a-b4d0-e54aed97430e

📥 Commits

Reviewing files that changed from the base of the PR and between 877a138 and b16db53.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml
• .github/workflows/claude.yml

---

📝 Walkthrough

Walkthrough

Two new GitHub Actions workflows are added to integrate Claude code review automation. The first workflow automatically triggers on pull request lifecycle events, while the second runs on comment mentions and review submissions when @claude is referenced.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/claude-code-review.yml, .github/workflows/claude.yml	Two new workflows added for Claude code review integration. claude-code-review.yml automatically runs on PR events (opened, synchronize, ready_for_review, reopened). claude.yml triggers on comment/review events containing @claude mentions, with explicit read permissions for CI results.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit bounces with glee,
Claude now reviews our code with care,
On every push and pull request spree,
AI wisdom fills the air!
No bugs shall hide from bunny's friend, ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-claude-github-actions-1774197798206

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

2 issues found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/claude.yml">

<violation number="1" location=".github/workflows/claude.yml:9">
P2: Including `issues.assigned` causes repeated, non-mention-triggered Claude runs whenever assignees change on issues that already contain `@claude`.</violation>

<violation number="2" location=".github/workflows/claude.yml:16">
P1: The workflow can be triggered by `@claude` mentions without validating collaborator/write-level author association, allowing untrusted users to consume automation and secrets-backed API usage.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: The workflow can be triggered by @claude mentions without validating collaborator/write-level author association, allowing untrusted users to consume automation and secrets-backed API usage.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/claude.yml, line 16:

<comment>The workflow can be triggered by `@claude` mentions without validating collaborator/write-level author association, allowing untrusted users to consume automation and secrets-backed API usage.</comment>

<file context>
@@ -0,0 +1,50 @@
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
</file context>

Suggested change

	(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
	(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
	(github.event_name == 'issue_comment' && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association) && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review_comment' && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association) && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review' && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.review.author_association) && contains(github.event.review.body, '@claude')) ||
	(github.event_name == 'issues' && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association) && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))

[cubic-dev-ai]

P2: Including issues.assigned causes repeated, non-mention-triggered Claude runs whenever assignees change on issues that already contain @claude.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/claude.yml, line 9:

<comment>Including `issues.assigned` causes repeated, non-mention-triggered Claude runs whenever assignees change on issues that already contain `@claude`.</comment>

<file context>
@@ -0,0 +1,50 @@
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
</file context>

Suggested change

	types: [opened, assigned]
	types: [opened]