Use reusable Claude Code workflow from test-infra (#3788)

ZainRizvi · web-flow · commit 01bcdff5f7cc · 2026-03-06T17:39:16.000-05:00
## Summary Replaces the inline Claude Code workflow with the centralized reusable workflow from `pytorch/test-infra`. ### What changes - Drops the hardcoded pilot user allowlist (20 users) in favor of `author_association` checks + API-level write access verification - Removes `pull_request_review_comment` trigger (security fix, per pytorch/pytorch#176652) - Passes lintrunner install via `setup_script` input (preserving the existing setup) ### What stays the same - Same security model (org gate, write access check, bot allowlist) - Same lintrunner setup (`pip install lintrunner==0.12.5 && lintrunner init`) - Same model, settings, and usage metrics upload Depends on pytorch/test-infra#7810 which added the reusable workflow. ## Test plan - [x] Reusable workflow tested end-to-end on pytorch/ciforge - [ ] Verify `@claude` triggers correctly after merge
diff --git a/.github/workflows/claude-code.yml b/.github/workflows/claude-code.yml
@@ -3,86 +3,19 @@ name: Claude Code
 on:
   issue_comment:
     types: [created]
-  pull_request_review_comment:
-    types: [created]
   issues:
     types: [opened]
 
 jobs:
   claude-code:
-    # Early exit conditions:
-    # 1. Must be pytorch org
-    # 2. Must be triggered by pilot user
-    # 3. Must mention @claude
-    if: |
-      github.repository_owner == 'pytorch' &&
-      contains(fromJSON('[
-        "huydhn",
-        "seemethere",
-        "malfet",
-        "ZainRizvi",
-        "jeanschmidt",
-        "atalman",
-        "wdvr",
-        "izaitsevfb",
-        "yangw-dev",
-        "ezyang",
-        "drisspg",
-        "albanD",
-        "eellison",
-        "pytorch-auto-revert[bot]",
-        "janeyx99",
-        "SherlockNoMad",
-        "svekars",
-        "sekyondaMeta",
-        "AlannaBurke",
-        "ngimel"
-      ]'), github.actor) &&
-      (
-        (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-        (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
-        (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
-      )
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    environment: bedrock
+    uses: pytorch/test-infra/.github/workflows/_claude-code.yml@main
     permissions:
       contents: read
       pull-requests: write
       issues: write
       id-token: write
-    steps:
-      # Fork PR support enabled by using izaitsevfb/claude-code-action@forked-pr-fix
-
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install lintrunner
-        run: |
-          pip install lintrunner==0.12.5
-          lintrunner init
-
-      - name: Configure AWS credentials via OIDC
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_claude_code
-          aws-region: us-east-1
-
-      - name: Run Claude Code
-        uses: izaitsevfb/claude-code-action@forked-pr-fix
-        with:
-          # We filter by github.actor at workflow level, there is no point of filtering here as well
-          allowed_bots: "*"
-          claude_args: "--model global.anthropic.claude-opus-4-6-v1"
-          settings: '{"alwaysThinkingEnabled": true}'
-          use_bedrock: "true"
-
-      - name: Upload usage metrics
-        if: always()
-        uses: pytorch/test-infra/.github/actions/upload-claude-usage@main
+    secrets: inherit
+    with:
+      setup_script: |
+        pip install lintrunner==0.12.5
+        lintrunner init
