Merge pull request #69 from synonymdev/fix/ci-workflows

ovitrif · web-flow · commit c54e85dbbe75 · 2026-03-02T20:30:11.000+01:00
fix: claude code review workflow + disable rustfmt cron
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -24,27 +24,24 @@ jobs:
           fetch-depth: 1
 
       - name: Minimize old Claude comments
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const { data: comments } = await github.rest.issues.listComments({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.payload.pull_request.number,
-              per_page: 100,
-            });
-            const claudeComments = comments.filter(c =>
-              c.user?.login === 'claude[bot]' || c.user?.login === 'github-actions[bot]'
-            );
-            for (const comment of claudeComments) {
-              await github.graphql(`
-                mutation MinimizeComment($id: ID!) {
-                  minimizeComment(input: { subjectId: $id, classifier: OUTDATED }) {
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          REPO="${{ github.repository }}"
+          PR_NUMBER="${{ github.event.pull_request.number }}"
+
+          # Minimize issue comments from claude[bot]
+          gh api "repos/$REPO/issues/$PR_NUMBER/comments" --jq '.[] | select(.user.login == "claude[bot]") | .node_id' | while read -r node_id; do
+            if [ -n "$node_id" ]; then
+              echo "Minimizing comment: $node_id"
+              gh api graphql -f query='
+                mutation($id: ID!) {
+                  minimizeComment(input: {subjectId: $id, classifier: OUTDATED}) {
                     minimizedComment { isMinimized }
                   }
-                }
-              `, { id: comment.node_id });
-            }
+                }' -f id="$node_id" || true
+            fi
+          done
 
       - name: Run Claude Code Review
         id: claude-review
@@ -54,5 +51,5 @@ jobs:
           plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
           plugins: 'code-review@claude-code-plugins'
           prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
-          allowed_bots: 'claude[bot]'
-          claude_args: '--allowed-tools Bash(gh:*) WebFetch'
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
@@ -12,34 +12,43 @@ on:
 
 jobs:
   claude:
+    # Only allow trusted actors (OWNER, MEMBER, COLLABORATOR) to trigger Claude with write permissions
     if: |
       (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude') &&
-        (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'COLLABORATOR')) ||
+       contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association)) ||
       (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude') &&
-        (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'COLLABORATOR')) ||
+       contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association)) ||
       (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude') &&
-        (github.event.review.author_association == 'OWNER' || github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'COLLABORATOR')) ||
-      (github.event_name == 'issues' &&
-        (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
-        (github.event.issue.author_association == 'OWNER' || github.event.issue.author_association == 'MEMBER' || github.event.issue.author_association == 'COLLABORATOR'))
+       contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.review.author_association)) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
+       contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.issue.author_association))
     runs-on: ubuntu-latest
     permissions:
-      contents: write
-      pull-requests: write
-      issues: write
+      contents: write      # Allow creating branches/commits
+      pull-requests: write # Allow pushing to PR branches
+      issues: write        # Allow updating issue comments
       id-token: write
-      actions: read
+      actions: read        # Required for Claude to read CI results on PRs
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          fetch-depth: 0  # Full history for git operations
 
       - name: Run Claude Code
         id: claude
         uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          use_api_for_commits: true
+
+          # This is an optional setting that allows Claude to read CI results on PRs
           additional_permissions: |
             actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
diff --git a/.github/workflows/cron-weekly-rustfmt.yml b/.github/workflows/cron-weekly-rustfmt.yml
@@ -1,16 +1,14 @@
-name: Nightly rustfmt
+name: Rustfmt (manual)
 
 permissions:
   contents: write
   pull-requests: write
 
 on:
-  schedule:
-    - cron: "0 0 * * 0" # runs weekly on Sunday at 00:00
-  workflow_dispatch: # allows manual triggering
+  workflow_dispatch: # manual only — cron schedule removed to avoid automated PRs
 jobs:
   format:
-    name: Nightly rustfmt
+    name: Rustfmt (manual)
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v5
