Skip to content

chore: testing workflow #688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

chore: testing workflow #688

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3fc2e92
Release v0.1.0 (#353)
dknopik Jun 3, 2025
9df24f0
add workflows
jking-aus Oct 14, 2025
32fab9a
dummy.md
jking-aus Oct 14, 2025
c52c988
testing
jking-aus Oct 14, 2025
9443f10
Merge branch 'unstable' into testing-workflow
jking-aus Oct 14, 2025
c034e26
increase max tries
jking-aus Oct 14, 2025
68a1953
add tools
jking-aus Oct 14, 2025
3157919
delete the dummy and test if claude will check again
jking-aus Oct 14, 2025
6d15830
less noisy please
jking-aus Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 84 additions & 0 deletions .github/workflows/claude-mentions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Claude Mentions

# Scenario 1: @claude mentions on issues and PR comments
# See: https://github.com/anthropics/claude-code-action/pull/614

on:
issue_comment:
types: [created, edited]
pull_request_review_comment:
types: [created, edited]

permissions:
id-token: write
contents: write
pull-requests: write
issues: write

jobs:
claude-mentions:
if: contains(github.event.comment.body, '@claude')
name: claude-mentions
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: write
pull-requests: write
issues: write
actions: read
steps:
- name: Check if user is org member
id: check
run: |
COMMENT_AUTHOR="${{ github.event.comment.author_association || github.event.review.author_association }}"
# Check if user is org member or owner
if [[ "$COMMENT_AUTHOR" == "MEMBER" || "$COMMENT_AUTHOR" == "OWNER" ]]; then
echo "is_member=true" >> $GITHUB_OUTPUT
else
echo "is_member=false" >> $GITHUB_OUTPUT
echo "⚠️ User is not a member of sigp organization. Skipping."
exit 1
fi

- name: Get PR info for fork support
if: steps.check.outputs.is_member == 'true' && github.event.issue.pull_request
id: pr-info
run: |
PR_DATA=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.issue.number }})
echo "pr_head_owner=$(echo "$PR_DATA" | jq -r '.head.repo.owner.login')" >> $GITHUB_OUTPUT
echo "pr_head_repo=$(echo "$PR_DATA" | jq -r '.head.repo.name')" >> $GITHUB_OUTPUT
echo "pr_head_ref=$(echo "$PR_DATA" | jq -r '.head.ref')" >> $GITHUB_OUTPUT
echo "is_fork=$(echo "$PR_DATA" | jq -r '.head.repo.fork')" >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ github.token }}

- name: Checkout repository
if: steps.check.outputs.is_member == 'true'
uses: actions/checkout@v4
with:
repository: ${{ github.event.issue.pull_request && steps.pr-info.outputs.is_fork == 'true' && format('{0}/{1}', steps.pr-info.outputs.pr_head_owner, steps.pr-info.outputs.pr_head_repo) || github.repository }}
ref: ${{ github.event.issue.pull_request && steps.pr-info.outputs.pr_head_ref || github.ref }}
fetch-depth: 0

- name: Generate GitHub App token
if: steps.check.outputs.is_member == 'true'
id: app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Configure AWS Credentials (OIDC)
if: steps.check.outputs.is_member == 'true'
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: us-west-2

- name: Run Claude Code Action
if: steps.check.outputs.is_member == 'true'
uses: anthropics/claude-code-action@v1
with:
github_token: ${{ steps.app-token.outputs.token }}
use_bedrock: "true"
claude_args: "--model us.anthropic.claude-sonnet-4-5-20250929-v1:0 --max-turns 10"
106 changes: 106 additions & 0 deletions .github/workflows/claude-pr-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
name: Claude PR Review

# Scenario 2: Automated reviews on PR open/update
# See: https://github.com/anthropics/claude-code-action/pull/614

on:
pull_request_target:
types: [opened, synchronize, ready_for_review, reopened]

permissions:
id-token: write
contents: write
pull-requests: write
issues: write

jobs:
claude-pr-review:
name: claude-pr-review
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: write
pull-requests: write
issues: write
actions: read
steps:
- name: Check if PR author is org member
id: check
run: |
PR_AUTHOR="${{ github.event.pull_request.author_association }}"
# Check if user is org member or owner
if [[ "$PR_AUTHOR" == "MEMBER" || "$PR_AUTHOR" == "OWNER" ]]; then
echo "is_member=true" >> $GITHUB_OUTPUT
else
echo "is_member=false" >> $GITHUB_OUTPUT
echo "⚠️ PR author is not a member of sigp organization. Skipping automated review."
exit 0
fi

- name: Checkout repository
if: steps.check.outputs.is_member == 'true'
uses: actions/checkout@v4
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0

- name: Generate GitHub App token
if: steps.check.outputs.is_member == 'true'
id: app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Configure AWS Credentials (OIDC)
if: steps.check.outputs.is_member == 'true'
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: us-west-2

- name: Run Claude Code Action
if: steps.check.outputs.is_member == 'true'
uses: anthropics/claude-code-action@v1
with:
github_token: ${{ steps.app-token.outputs.token }}
use_bedrock: "true"
track_progress: true
Copy link

@claude-code-actions-sigp claude-code-actions-sigp bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security: Consider Adding Rate Limiting Context

The prompt doesn't include any context about rate limiting or cost controls. For automated reviews that run on every PR update, consider adding safeguards:

  1. Add a check to skip reviews for draft PRs (optional, based on ready_for_review trigger)
  2. Add a label to opt-out (e.g., skip-claude-review)
  3. Monitor AWS costs from the Bedrock usage

Consider documenting these controls in the PR description or repository docs.

prompt: |
Copy link

@claude-code-actions-sigp claude-code-actions-sigp bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoded model version: Consider using a variable for easier updates:

claude_args: "--model ${{ vars.CLAUDE_MODEL || 'us.anthropic.claude-sonnet-4-5-20250929-v1:0' }} --max-turns 10"

REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}

Perform a comprehensive code review with the following focus areas:

1. **Code Quality**
- Clean code principles and best practices
- Proper error handling and edge cases
- Code readability and maintainability

2. **Security**
- Check for potential security vulnerabilities
- Validate input sanitization
- Review authentication/authorization logic

3. **Performance**
- Identify potential performance bottlenecks
- Review for efficiency issues
- Check for memory leaks or resource issues

4. **Testing**
- Verify adequate test coverage
- Review test quality and edge cases
- Check for missing test scenarios

5. **Documentation**
- Ensure code is properly documented
- Verify README updates for new features
- Check for clear comments on complex logic

Provide detailed feedback using inline comments for specific issues.
Use top-level comments for general observations or praise.
claude_args: |
--model us.anthropic.claude-sonnet-4-5-20250929-v1:0
Copy link

@claude-code-actions-sigp claude-code-actions-sigp bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoded model version: Consider using a repository variable for the model version to make updates easier:

--model ${{ vars.CLAUDE_MODEL || 'us.anthropic.claude-sonnet-4-5-20250929-v1:0' }}

Copy link
Member Author

@jking-aus jking-aus Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah that's actually valid

--max-turns 30
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
Copy link

@claude-code-actions-sigp claude-code-actions-sigp bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Configuration: Restrictive Tool Allowlist

The allowedTools parameter only permits specific tools, which is good for security but may limit Claude's ability to perform comprehensive reviews.

Consider if these limitations align with your review goals:

  • No Read tool: Can't read file contents deeply
  • No Grep/Glob: Can't search across codebase for patterns
  • No Task: Can't use specialized sub-agents (code-reviewer, tester, etc.)

If these limitations are intentional for cost/security, this is fine. Otherwise, consider expanding to:

Suggested change
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Read,Grep,Glob"

This would enable more thorough code analysis while maintaining security boundaries.