anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 14:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: improve examples and migration guide with GitHub context (#505)

Browse Source 
* feat: improve documentation with solutions guide and GitHub context

- Add comprehensive solutions.md with 9 complete use case examples
- Fix migration guide examples to include required GitHub context
- Update examples missing GitHub context (workflow-dispatch-agent, claude-modes)
- Enhance README with prominent Solutions & Use Cases section
- Document tracking comment behavior change in automation mode
- All PR review examples now include REPO and PR NUMBER context

Fixes issues reported in discussions #490 and #491 where:
- Migration examples were dysfunctional without GitHub context
- Users lost PR review capability after v0.x migration
- Missing explanation of tracking comment removal in agent mode

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: apply prettier formatting to fix CI

Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>

* refactor: streamline examples and remove implementation details

- Remove 5 redundant examples (57% reduction: 12→7 files)
  - Deleted: claude.yml, claude-auto-review.yml, claude-modes.yml,
    claude-args-example.yml, auto-fix-ci-signed/
- Rename examples for clarity
  - pr-review-with-tracking.yml → pr-review-comprehensive.yml
  - claude-pr-path-specific.yml → pr-review-filtered-paths.yml
  - claude-review-from-author.yml → pr-review-filtered-authors.yml
  - workflow-dispatch-agent.yml → manual-code-analysis.yml
  - auto-fix-ci/auto-fix-ci.yml → ci-failure-auto-fix.yml
- Update all examples from @v1-dev to @v1
- Remove implementation details (agent mode references) from docs
- Delete obsolete DIY Progress Tracking section
- Add track_progress documentation and examples

Addresses PR feedback about exposing internal implementation details
and consolidates redundant examples into focused, clear use cases.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: apply prettier formatting to fix CI

Applied prettier formatting to 3 files to resolve CI formatting issues.

Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>
Co-authored-by: Kashyap Murali <13315300+katchu11@users.noreply.github.com>
This commit is contained in:
kashyap murali
2025-08-29 16:55:57 -07:00
committed by GitHub
parent 45408b4058
commit 3ed14485f8
19 changed files with 778 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/custom-automations.md
View File

@@ -2,6 +2,15 @@
These examples show how to configure Claude to act automatically based on GitHub events. When you provide a `prompt` input, the action automatically runs in agent mode without requiring manual @mentions. Without a `prompt`, it runs in interactive mode, responding to @claude mentions.
## Mode Detection & Tracking Comments
The action automatically detects which mode to use based on your configuration:
- **Interactive Mode** (no `prompt` input): Responds to @claude mentions, creates tracking comments with progress indicators
- **Automation Mode** (with `prompt` input): Executes immediately, **does not create tracking comments**
> **Note**: In v1, automation mode intentionally does not create tracking comments by default to reduce noise in automated workflows. If you need progress tracking, use the `track_progress: true` input parameter.
## Supported GitHub Events
This action supports the following GitHub events ([learn more GitHub event triggers](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows)):

75
docs/migration-guide.md
View File

@@ -74,13 +74,75 @@ The following inputs have been deprecated and replaced:
```yaml
- uses: anthropics/claude-code-action@v1
with:
prompt: "Review this PR for security issues"
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Review this PR for security issues
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--model claude-4-0-sonnet-20250805
--allowedTools Edit,Read,Write
```
> **⚠️ Important**: For PR reviews, always include the repository and PR context in your prompt. This ensures Claude knows which PR to review.
### Automation with Progress Tracking (New in v1.0)
**Missing the tracking comments from v0.x agent mode?** The new `track_progress` input brings them back!
In v1.0, automation mode (with `prompt` input) doesn't create tracking comments by default to reduce noise. However, if you need progress visibility, you can use the `track_progress` feature:
**Before (v0.x with tracking):**
```yaml
- uses: anthropics/claude-code-action@beta
with:
mode: "agent"
direct_prompt: "Review this PR for security issues"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
**After (v1.0 with tracking):**
```yaml
- uses: anthropics/claude-code-action@v1
with:
track_progress: true # Forces tag mode with tracking comments
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Review this PR for security issues
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
#### Benefits of `track_progress`
1. **Preserves GitHub Context**: Automatically includes all PR/issue details, comments, and attachments
2. **Brings Back Tracking Comments**: Creates progress indicators just like v0.x agent mode
3. **Works with Custom Prompts**: Your `prompt` is injected as custom instructions while maintaining context
#### Supported Events for `track_progress`
The `track_progress` input only works with these GitHub events:
**Pull Request Events:**
- `opened` - New PR created
- `synchronize` - PR updated with new commits
- `ready_for_review` - Draft PR marked as ready
- `reopened` - Previously closed PR reopened
**Issue Events:**
- `opened` - New issue created
- `edited` - Issue title or body modified
- `labeled` - Label added to issue
- `assigned` - Issue assigned to user
> **Note**: Using `track_progress: true` with unsupported events will cause an error.
### Custom Template with Variables
**Before (v0.x):**
@@ -100,10 +162,16 @@ The following inputs have been deprecated and replaced:
- uses: anthropics/claude-code-action@v1
with:
prompt: |
Analyze PR #${{ github.event.pull_request.number }} in ${{ github.repository }}
Focus on security vulnerabilities in the changed files
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Analyze this pull request focusing on security vulnerabilities in the changed files.
Note: The PR branch is already checked out in the current working directory.
```
> **💡 Tip**: While you can access GitHub context variables in your prompt, it's recommended to use the standard `REPO:` and `PR NUMBER:` format for consistency.
### Environment Variables
**Before (v0.x):**
@@ -244,6 +312,7 @@ You can also pass MCP configuration from a file:
- [ ] Convert `disallowed_tools` to `claude_args` with `--disallowedTools`
- [ ] Move `claude_env` to `settings` JSON format
- [ ] Move `mcp_config` to `claude_args` with `--mcp-config`
- [ ] **Optional**: Add `track_progress: true` if you need tracking comments in automation mode
- [ ] Test workflow in a non-production environment
## Getting Help

591
docs/solutions.md Normal file
View File

@@ -0,0 +1,591 @@
# Solutions & Use Cases
This guide provides complete, ready-to-use solutions for common automation scenarios with Claude Code Action. Each solution includes working examples, configuration details, and expected outcomes.
## 📋 Table of Contents
- [Automatic PR Code Review](#automatic-pr-code-review)
- [Review Only Specific File Paths](#review-only-specific-file-paths)
- [Review PRs from External Contributors](#review-prs-from-external-contributors)
- [Custom PR Review Checklist](#custom-pr-review-checklist)
- [Scheduled Repository Maintenance](#scheduled-repository-maintenance)
- [Issue Auto-Triage and Labeling](#issue-auto-triage-and-labeling)
- [Documentation Sync on API Changes](#documentation-sync-on-api-changes)
- [Security-Focused PR Reviews](#security-focused-pr-reviews)
---
## Automatic PR Code Review
**When to use:** Automatically review every PR opened or updated in your repository.
### Basic Example (No Tracking)
```yaml
name: Claude Auto Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Please review this pull request with a focus on:
- Code quality and best practices
- Potential bugs or issues
- Security implications
- Performance considerations
Note: The PR branch is already checked out in the current working directory.
Use `gh pr comment` for top-level feedback.
Use `mcp__github_inline_comment__create_inline_comment` to highlight specific code issues.
Only post GitHub comments - don't submit review text as messages.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
```
**Key Configuration:**
- Triggers on `opened` and `synchronize` (new commits)
- Always include `REPO` and `PR NUMBER` for context
- Specify tools for commenting and reviewing
- PR branch is pre-checked out
**Expected Output:** Claude posts review comments directly to the PR with inline annotations where appropriate.
### Enhanced Example (With Progress Tracking)
Want visual progress tracking for PR reviews? Use `track_progress: true` to get tracking comments like in v0.x:
```yaml
name: Claude Auto Review with Tracking
on:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
track_progress: true # ✨ Enables tracking comments
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Please review this pull request with a focus on:
- Code quality and best practices
- Potential bugs or issues
- Security implications
- Performance considerations
Provide detailed feedback using inline comments for specific issues.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
```
**Benefits of Progress Tracking:**
- **Visual Progress Indicators**: Shows "In progress" status with checkboxes
- **Preserves Full Context**: Automatically includes all PR details, comments, and attachments
- **Migration-Friendly**: Perfect for teams moving from v0.x who miss tracking comments
- **Works with Custom Prompts**: Your prompt becomes custom instructions while maintaining GitHub context
**Expected Output:**
1. Claude creates a tracking comment: "Claude Code is reviewing this pull request..."
2. Updates the comment with progress checkboxes as it works
3. Posts detailed review feedback with inline annotations
4. Updates tracking comment to "Completed" when done
---
## Review Only Specific File Paths
**When to use:** Review PRs only when specific critical files change.
**Complete Example:**
```yaml
name: Review Critical Files
on:
pull_request:
types: [opened, synchronize]
paths:
- "src/auth/**"
- "src/api/**"
- "config/security.yml"
jobs:
security-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
This PR modifies critical authentication or API files.
Please provide a security-focused review with emphasis on:
- Authentication and authorization flows
- Input validation and sanitization
- SQL injection or XSS vulnerabilities
- API security best practices
Note: The PR branch is already checked out.
Post detailed security findings as PR comments.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*)"
```
**Key Configuration:**
- `paths:` filter triggers only for specific file changes
- Custom prompt emphasizes security for sensitive areas
- Useful for compliance or security reviews
**Expected Output:** Security-focused review when critical files are modified.
---
## Review PRs from External Contributors
**When to use:** Apply stricter review criteria for external or new contributors.
**Complete Example:**
```yaml
name: External Contributor Review
on:
pull_request:
types: [opened, synchronize]
jobs:
external-review:
if: github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
CONTRIBUTOR: ${{ github.event.pull_request.user.login }}
This is a first-time contribution from @${{ github.event.pull_request.user.login }}.
Please provide a comprehensive review focusing on:
- Compliance with project coding standards
- Proper test coverage (unit and integration)
- Documentation for new features
- Potential breaking changes
- License header requirements
Be welcoming but thorough in your review. Use inline comments for code-specific feedback.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr view:*)"
```
**Key Configuration:**
- `if:` condition targets specific contributor types
- Includes contributor username in context
- Emphasis on onboarding and standards
**Expected Output:** Detailed review helping new contributors understand project standards.
---
## Custom PR Review Checklist
**When to use:** Enforce specific review criteria for your team's workflow.
**Complete Example:**
```yaml
name: PR Review Checklist
on:
pull_request:
types: [opened, synchronize]
jobs:
checklist-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Review this PR against our team checklist:
## Code Quality
- [ ] Code follows our style guide
- [ ] No commented-out code
- [ ] Meaningful variable names
- [ ] DRY principle followed
## Testing
- [ ] Unit tests for new functions
- [ ] Integration tests for new endpoints
- [ ] Edge cases covered
- [ ] Test coverage > 80%
## Documentation
- [ ] README updated if needed
- [ ] API docs updated
- [ ] Inline comments for complex logic
- [ ] CHANGELOG.md updated
## Security
- [ ] No hardcoded credentials
- [ ] Input validation implemented
- [ ] Proper error handling
- [ ] No sensitive data in logs
For each item, check if it's satisfied and comment on any that need attention.
Post a summary comment with checklist results.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*)"
```
**Key Configuration:**
- Structured checklist in prompt
- Systematic review approach
- Team-specific criteria
**Expected Output:** Systematic review with checklist results and specific feedback.
---
## Scheduled Repository Maintenance
**When to use:** Regular automated maintenance tasks.
**Complete Example:**
```yaml
name: Weekly Maintenance
on:
schedule:
- cron: "0 0 * * 0" # Every Sunday at midnight
workflow_dispatch: # Manual trigger option
jobs:
maintenance:
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
Perform weekly repository maintenance:
1. Check for outdated dependencies in package.json
2. Scan for security vulnerabilities using `npm audit`
3. Review open issues older than 90 days
4. Check for TODO comments in recent commits
5. Verify README.md examples still work
Create a single issue summarizing any findings.
If critical security issues are found, also comment on open PRs.
claude_args: |
--allowedTools "Read,Bash(npm:*),Bash(gh issue:*),Bash(git:*)"
```
**Key Configuration:**
- `schedule:` for automated runs
- `workflow_dispatch:` for manual triggering
- Comprehensive tool permissions for analysis
**Expected Output:** Weekly maintenance report as GitHub issue.
---
## Issue Auto-Triage and Labeling
**When to use:** Automatically categorize and prioritize new issues.
**Complete Example:**
```yaml
name: Issue Triage
on:
issues:
types: [opened]
jobs:
triage:
runs-on: ubuntu-latest
permissions:
issues: write
id-token: write
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
ISSUE NUMBER: ${{ github.event.issue.number }}
TITLE: ${{ github.event.issue.title }}
BODY: ${{ github.event.issue.body }}
AUTHOR: ${{ github.event.issue.user.login }}
Analyze this new issue and:
1. Determine if it's a bug report, feature request, or question
2. Assess priority (critical, high, medium, low)
3. Suggest appropriate labels
4. Check if it duplicates existing issues
Based on your analysis, add the appropriate labels using:
`gh issue edit [number] --add-label "label1,label2"`
If it appears to be a duplicate, post a comment mentioning the original issue.
claude_args: |
--allowedTools "Bash(gh issue:*),Bash(gh search:*)"
```
**Key Configuration:**
- Triggered on new issues
- Issue context in prompt
- Label management capabilities
**Expected Output:** Automatically labeled and categorized issues.
---
## Documentation Sync on API Changes
**When to use:** Keep docs up-to-date when API code changes.
**Complete Example:**
```yaml
name: Sync API Documentation
on:
pull_request:
types: [opened, synchronize]
paths:
- "src/api/**/*.ts"
- "src/routes/**/*.ts"
jobs:
doc-sync:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
This PR modifies API endpoints. Please:
1. Review the API changes in src/api and src/routes
2. Update API.md to document any new or changed endpoints
3. Ensure OpenAPI spec is updated if needed
4. Update example requests/responses
Use standard REST API documentation format.
Commit any documentation updates to this PR branch.
claude_args: |
--allowedTools "Read,Write,Edit,Bash(git:*)"
```
**Key Configuration:**
- Path-specific trigger
- Write permissions for doc updates
- Git tools for committing
**Expected Output:** API documentation automatically updated with code changes.
---
## Security-Focused PR Reviews
**When to use:** Deep security analysis for sensitive repositories.
**Complete Example:**
```yaml
name: Security Review
on:
pull_request:
types: [opened, synchronize]
jobs:
security:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
security-events: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Optional: Add track_progress: true for visual progress tracking during security reviews
# track_progress: true
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Perform a comprehensive security review:
## OWASP Top 10 Analysis
- SQL Injection vulnerabilities
- Cross-Site Scripting (XSS)
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
## Additional Security Checks
- Hardcoded secrets or credentials
- Insecure cryptographic practices
- Unsafe deserialization
- Server-Side Request Forgery (SSRF)
- Race conditions or TOCTOU issues
Rate severity as: CRITICAL, HIGH, MEDIUM, LOW, or NONE.
Post detailed findings with recommendations.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*)"
```
**Key Configuration:**
- Security-focused prompt structure
- OWASP alignment
- Severity rating system
**Expected Output:** Detailed security analysis with prioritized findings.
---
## Tips for All Solutions
### Always Include GitHub Context
```yaml
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
[Your specific instructions]
```
### Common Tool Permissions
- **PR Comments**: `Bash(gh pr comment:*)`
- **Inline Comments**: `mcp__github_inline_comment__create_inline_comment`
- **File Operations**: `Read,Write,Edit`
- **Git Operations**: `Bash(git:*)`
### Best Practices
- Be specific in your prompts
- Include expected output format
- Set clear success criteria
- Provide context about the repository
- Use inline comments for code-specific feedback

7
docs/usage.md
View File

@@ -52,6 +52,7 @@ jobs:
| `anthropic_api_key` | Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\* | - |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - |
| `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
| `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` |
| `claude_args` | Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
| `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
| `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` |
@@ -139,7 +140,11 @@ For a comprehensive guide on migrating from v0.x to v1.0, including step-by-step
```yaml
- uses: anthropics/claude-code-action@v1
with:
prompt: "Update the API documentation"
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
Update the API documentation to reflect changes in this PR
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--model claude-4-0-sonnet-20250805