From 0c8656f3edb9d038328d59148cc710210635d1bd Mon Sep 17 00:00:00 2001 From: Rodrigo Leal Date: Tue, 21 Apr 2026 06:32:59 +0100 Subject: [PATCH 1/3] claude workflow --- .github/workflows/claude.yml | 58 ++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/claude.yml diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml new file mode 100644 index 0000000..f51069a --- /dev/null +++ b/.github/workflows/claude.yml @@ -0,0 +1,58 @@ +name: Claude Code + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request_review: + types: [submitted] + +jobs: + claude: + if: | + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + issues: write + id-token: write + actions: read # Required for Claude to read CI results on PRs + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + fetch-depth: 1 + + - name: Run Claude Code + id: claude + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + + # Optional: Customize the trigger phrase (default: @claude) + # trigger_phrase: "/claude" + + # Optional: Trigger when specific user is assigned to an issue + # assignee_trigger: "claude-bot" + + # Optional: Configure Claude's behavior with CLI arguments + # claude_args: | + # --model claude-opus-4-1-20250805 + # --max-turns 10 + # --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)" + # --system-prompt "Follow our coding standards. Ensure all new code has tests. Use TypeScript for new files." + + # Optional: Advanced settings configuration + # settings: | + # { + # "env": { + # "NODE_ENV": "test" + # } + # } From 4efe025cb5c5c55665be4d557c816865c6ac9076 Mon Sep 17 00:00:00 2001 From: Rodrigo Leal Date: Tue, 21 Apr 2026 06:50:00 +0100 Subject: [PATCH 2/3] Add Claude Code GitHub Action workflow Configures claude-code-action to respond to @claude mentions on PR review comments and reviews, restricted to repo members/collaborators. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/claude.yml | 48 ++++++++++++++---------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index f51069a..3f7185d 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -1,27 +1,32 @@ name: Claude Code on: - issue_comment: - types: [created] pull_request_review_comment: types: [created] - issues: - types: [opened, assigned] pull_request_review: types: [submitted] jobs: claude: + # Restrict to repo members/collaborators only — critical for public repos to prevent + # arbitrary users from triggering Claude and consuming API credits or injecting prompts. if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude') && + (github.event.comment.author_association == 'OWNER' || + github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'COLLABORATOR')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude') && + (github.event.review.author_association == 'OWNER' || + github.event.review.author_association == 'MEMBER' || + github.event.review.author_association == 'COLLABORATOR')) runs-on: ubuntu-latest + timeout-minutes: 10 + concurrency: + group: claude-${{ github.event.pull_request.number || github.run_id }} + cancel-in-progress: false permissions: contents: write pull-requests: write - issues: write id-token: write actions: read # Required for Claude to read CI results on PRs steps: @@ -35,24 +40,7 @@ jobs: uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - - # Optional: Customize the trigger phrase (default: @claude) - # trigger_phrase: "/claude" - - # Optional: Trigger when specific user is assigned to an issue - # assignee_trigger: "claude-bot" - - # Optional: Configure Claude's behavior with CLI arguments - # claude_args: | - # --model claude-opus-4-1-20250805 - # --max-turns 10 - # --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)" - # --system-prompt "Follow our coding standards. Ensure all new code has tests. Use TypeScript for new files." - - # Optional: Advanced settings configuration - # settings: | - # { - # "env": { - # "NODE_ENV": "test" - # } - # } + claude_args: | + --model claude-sonnet-4-6 + --max-turns 10 + --system-prompt "This is the Usercentrics React Native SDK. Follow existing patterns. Do not modify package.json without explicit instruction." From 73a6a21c571f16ab3677cc7917fb065624237fc6 Mon Sep 17 00:00:00 2001 From: Rodrigo Leal Date: Tue, 21 Apr 2026 06:52:42 +0100 Subject: [PATCH 3/3] Re-add issue_comment trigger scoped to PR comments only Filters issue_comment to only fire on PR conversation threads (github.event.issue.pull_request != null), not on issue comments. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/claude.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 3f7185d..c363152 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -1,6 +1,8 @@ name: Claude Code on: + issue_comment: + types: [created] pull_request_review_comment: types: [created] pull_request_review: @@ -11,6 +13,11 @@ jobs: # Restrict to repo members/collaborators only — critical for public repos to prevent # arbitrary users from triggering Claude and consuming API credits or injecting prompts. if: | + (github.event_name == 'issue_comment' && github.event.issue.pull_request != null && + contains(github.event.comment.body, '@claude') && + (github.event.comment.author_association == 'OWNER' || + github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'COLLABORATOR')) || (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude') && (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER' || @@ -22,7 +29,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 concurrency: - group: claude-${{ github.event.pull_request.number || github.run_id }} + group: claude-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }} cancel-in-progress: false permissions: contents: write