Add Claude Code GitHub Workflow

[ANcpLua]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Added GitHub Actions workflows to automate code review and pull request processing.

Walkthrough

This PR introduces two GitHub Actions workflows that enable Claude-based code review automation. The first workflow (claude-code-review.yml) automatically reviews pull requests on open, synchronize, ready_for_review, and reopened events. The second workflow (claude.yml) provides on-demand code review triggered by @claude mentions in PR comments and reviews.

Changes

Claude Code Review Automation

Layer / File(s)	Summary
PR-triggered automatic code review .github/workflows/claude-code-review.yml	Workflow configured to run on PR lifecycle events (opened, synchronize, ready_for_review, reopened). Sets minimal required permissions, checks out the repository, and invokes anthropics/claude-code-action@v1 with CLAUDE_CODE_OAUTH_TOKEN, marketplace plugins, and a prompt targeting the current PR number.
On-demand code review via @claude mention .github/workflows/claude.yml	Workflow triggered by @claude in PR comments, reviews, or issue comments. Checks out the repository with restricted permissions including id-token write and actions read for CI access, and runs the Claude code-action with OAuth token and optional configuration for additional permissions and custom prompts.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• ANcpLua/ANcpLua.Agents#3: Adds the same .github/workflows/claude-code-review.yml and .github/workflows/claude.yml workflows invoking anthropics/claude-code-action@v1 with identical OAuth token and trigger configuration.
• ANcpLua/ancplua-claude-plugins#6: Adds the same two Claude Code GitHub Actions workflows with anthropics/claude-code-action@v1, OAuth token, and PR/@claude event triggers across multiple repositories.
• ANcpLua/ancplua-research#3: Implements the same claude-code-review.yml workflow with identical id-token write permissions, OAuth token configuration, and PR-number-based prompt construction.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add Claude Code GitHub Workflow' directly and clearly describes the main change—adding GitHub Actions workflows for Claude Code integration.
Description check	✅ Passed	The description is directly related to the changeset, providing context about Claude Code integration, how it works, security considerations, and setup instructions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-claude-github-actions-1779086434446

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch add-claude-github-actions-1779086434446

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2305ae90e0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Skip fork-origin PR events when OAuth secret is required

This job is triggered by pull_request and unconditionally passes secrets.CLAUDE_CODE_OAUTH_TOKEN, but GitHub does not expose repository secrets to workflows triggered from fork-origin PR events. In that scenario (including many external contributor and Dependabot PRs), the token is empty and the Claude step fails instead of producing a review. Add a fork guard (or a safe split workflow) so fork PRs do not hard-fail.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Guard @claude workflow against forked PR event contexts

This workflow listens to PR-related comment/review events and always relies on secrets.CLAUDE_CODE_OAUTH_TOKEN. For fork-origin PR contexts, those events are delivered to the base repo but repository secrets are withheld, so @claude invocations on such PRs will fail at runtime with no usable auth token. Add conditions to skip fork-origin PR contexts or route them through a trusted pattern.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Grant pull-request write permission for code-review output

This workflow runs Claude’s code-review plugin, which posts findings back to the PR, but the job grants only pull-requests: read. With read-only PR scope, the action cannot reliably create or update review output on the pull request, so reviews can run without publishing actionable feedback. Change this permission to pull-requests: write for the review job.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Grant write scopes required for @claude responses

The @claude workflow is configured with read-only contents, pull-requests, and issues permissions, but this action’s default behavior is to respond by creating/updating GitHub comments and potentially pushing branch updates. In this state, valid @claude requests can fail with permission errors instead of replying. Set the job permissions to write for these scopes.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Exclude claude[bot] comments from retriggering the workflow

The trigger condition matches any new comment containing @claude but does not exclude github.actor == 'claude[bot]'. Claude’s own status or error comments can include that text and then re-trigger the same job, creating duplicate or cascading runs and unnecessary spend until someone intervenes. Add an actor guard in the job-level if condition to ignore bot-authored events.

Useful? React with 👍 / 👎.