feat: update claude.yml example to use write permissions

Changed permissions in examples/claude.yml from read to write for: - contents: read → write - pull-requests: read → write - issues: read → write This allows the Claude Code Action to perform write operations on these resources. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
fix: checkout base branch before creating new branches (#311 )
2026-01-23 15:04:13 +08:00 · 2025-07-20 20:57:44 -07:00 · 2025-07-19 08:26:59 -07:00 · 2025-07-19 08:26:23 -07:00 · 2025-07-19 08:18:05 -07:00
4 changed files with 17 additions and 7 deletions
--- a/action.yml
+++ b/action.yml
@@ -193,7 +193,8 @@ runs:
        # Run the base-action
        cd ${GITHUB_ACTION_PATH}/base-action
        bun install
-        bun run src/index.ts
+        cd -
+        bun run ${GITHUB_ACTION_PATH}/base-action/src/index.ts
      env:
        # Base-action inputs
        CLAUDE_CODE_ACTION: "1"
--- a/examples/claude.yml
+++ b/examples/claude.yml
@@ -19,9 +19,9 @@ jobs:
      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
    runs-on: ubuntu-latest
    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
+      contents: write
+      pull-requests: write
+      issues: write
      id-token: write
    steps:
      - name: Checkout repository
--- a/src/create-prompt/index.ts
+++ b/src/create-prompt/index.ts
@@ -694,8 +694,7 @@ What You CANNOT Do:
 - Submit formal GitHub PR reviews
 - Approve pull requests (for security reasons)
 - Post multiple comments (you only update your initial comment)
- Execute commands outside the repository context
- Run arbitrary Bash commands (unless explicitly allowed via allowed_tools configuration)
+- Execute commands outside the repository context${useCommitSigning ? "\n- Run arbitrary Bash commands (unless explicitly allowed via allowed_tools configuration)" : ""}
 - Perform branch operations (cannot merge branches, rebase, or perform other git operations beyond pushing commits)
 - Modify files in the .github/workflows directory (GitHub App permissions do not allow workflow modifications)
 - View CI/CD results or workflow run outputs (cannot access GitHub Actions logs or test results)
--- a/src/github/operations/branch.ts
+++ b/src/github/operations/branch.ts
@@ -116,6 +116,11 @@ export async function setupBranch(
        `Branch name generated: ${newBranch} (will be created by file ops server on first commit)`,
      );

+      // Ensure we're on the source branch
+      console.log(`Fetching and checking out source branch: ${sourceBranch}`);
+      await $`git fetch origin ${sourceBranch} --depth=1`;
+      await $`git checkout ${sourceBranch}`;
+
      // Set outputs for GitHub Actions
      core.setOutput("CLAUDE_BRANCH", newBranch);
      core.setOutput("BASE_BRANCH", sourceBranch);
@@ -131,7 +136,12 @@ export async function setupBranch(
      `Creating local branch ${newBranch} for ${entityType} #${entityNumber} from source branch: ${sourceBranch}...`,
    );

-    // Create and checkout the new branch locally
+    // Fetch and checkout the source branch first to ensure we branch from the correct base
+    console.log(`Fetching and checking out source branch: ${sourceBranch}`);
+    await $`git fetch origin ${sourceBranch} --depth=1`;
+    await $`git checkout ${sourceBranch}`;
+
+    // Create and checkout the new branch from the source branch
    await $`git checkout -b ${newBranch}`;

    console.log(
Author	SHA1	Message	Date
Ashwin Bhat	786d0a4c1c	feat: update claude.yml example to use write permissions Changed permissions in examples/claude.yml from read to write for: - contents: read → write - pull-requests: read → write - issues: read → write This allows the Claude Code Action to perform write operations on these resources. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-20 20:57:44 -07:00
Ashwin Bhat	93df09fd88	fix: checkout base branch before creating new branches (#311 ) - Fix bug where base_branch parameter was not being respected - Add git fetch and checkout of source branch before creating new branch - Ensures new branches are created from specified base_branch instead of current HEAD - Fixes issue #268 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com>	2025-07-19 08:26:59 -07:00
Ashwin Bhat	d290268f83	fix: run Claude from workflow directory instead of base-action directory (#312 ) Changed the action to cd back to the original directory after installing dependencies, ensuring Claude runs in the context of the user's workflow rather than the base-action subdirectory. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com>	2025-07-19 08:26:23 -07:00
Ashwin Bhat	d69f61e377	fix: conditionally show Bash limitation based on commit signing setting (#310 ) - Remove 'Run arbitrary Bash commands' from limitations when commit signing is disabled - This avoids confusion since git commands ARE allowed via Bash when not using commit signing - The prompt now accurately reflects what Claude can do based on the useCommitSigning parameter	2025-07-19 08:18:05 -07:00