Update usage.md with link to claude cli args (#600 )

chore: bump Claude Code version to 2.0.25
docs: clarify job run link format in system prompt (#627 )
2026-01-23 15:04:13 +08:00 · 2025-10-21 14:38:12 -07:00 · 2025-10-21 21:37:39 +00:00 · 2025-10-20 22:52:05 -07:00 · 2025-10-20 19:12:24 +00:00 · 2025-10-20 17:58:41 +00:00
23 changed files with 77 additions and 62 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ jobs:
  test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: oven-sh/setup-bun@v2
        with:
@@ -24,7 +24,7 @@ jobs:
  prettier:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: oven-sh/setup-bun@v1
        with:
@@ -39,7 +39,7 @@ jobs:
  typecheck:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: oven-sh/setup-bun@v2
        with:
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -13,7 +13,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -25,7 +25,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/.github/workflows/issue-triage.yml
+++ b/.github/workflows/issue-triage.yml
@@ -14,7 +14,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
      next_version: ${{ steps.next_version.outputs.next_version }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
@@ -91,7 +91,7 @@ jobs:
      contents: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
@@ -116,7 +116,7 @@ jobs:
    environment: production
    steps:
      - name: Checkout base-action repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          repository: anthropics/claude-code-base-action
          token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
--- a/action.yml
+++ b/action.yml
@@ -177,7 +177,7 @@ runs:
        # Install Claude Code if no custom executable is provided
        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
          echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.2
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.25
          echo "$HOME/.local/bin" >> "$GITHUB_PATH"
        else
          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
--- a/base-action/README.md
+++ b/base-action/README.md
@@ -336,7 +336,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
--- a/base-action/action.yml
+++ b/base-action/action.yml
@@ -99,7 +99,7 @@ runs:
      run: |
        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
          echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.2
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.25
        else
          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
          # Add the directory containing the custom executable to PATH
--- a/base-action/examples/issue-triage.yml
+++ b/base-action/examples/issue-triage.yml
@@ -32,7 +32,7 @@ jobs:
                  "--rm",
                  "-e",
                  "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
+                  "ghcr.io/github/github-mcp-server:sha-23fa0dd"
                ],
                "env": {
                  "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -127,7 +127,7 @@ For performance, Claude uses shallow clones:
 If you need full history, you can configure this in your workflow before calling Claude in the `actions/checkout` step.
 ```
- uses: actions/checkout@v4
+- uses: actions/checkout@v5
  depth: 0 # will fetch full repo history
 ```
--- a/docs/security.md
+++ b/docs/security.md
@@ -13,13 +13,28 @@
 - **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
 - **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
 ## ⚠️ Prompt Injection Risks
 **Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.
 ## GitHub App Permissions
-The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:
+The [Claude Code GitHub app](https://github.com/apps/claude) requests the following permissions:
- **Pull Requests**: Read and write to create PRs and push changes
+### Currently Used Permissions
- **Issues**: Read and write to respond to issues
+
- **Contents**: Read and write to modify repository files
+- **Contents** (Read & Write): For reading repository files and creating branches
 - **Pull Requests** (Read & Write): For reading PR data and creating/updating pull requests
 - **Issues** (Read & Write): For reading issue data and updating issue comments
 ### Permissions for Future Features
 The following permissions are requested but not yet actively used. These will enable planned features in future releases:
 - **Discussions** (Read & Write): For interaction with GitHub Discussions
 - **Actions** (Read): For accessing workflow run data and logs
 - **Checks** (Read): For reading check run results
 - **Workflows** (Read & Write): For triggering and managing GitHub Actions workflows
 ## Commit Signing
--- a/docs/solutions.md
+++ b/docs/solutions.md
@@ -35,7 +35,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -89,7 +89,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -153,7 +153,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -211,7 +211,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -268,7 +268,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -344,7 +344,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
@@ -456,7 +456,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          fetch-depth: 0
@@ -513,7 +513,7 @@ jobs:
      security-events: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -48,12 +48,12 @@ jobs:
 ## Inputs
 | Input                            | Description                                                                                                                                                                            | Required | Default       |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------------- |
+| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------- |
 | `anthropic_api_key`              | Anthropic API key (required for direct API, not needed for Bedrock/Vertex)                                                                                                             | No\*     | -             |
 | `claude_code_oauth_token`        | Claude Code OAuth token (alternative to anthropic_api_key)                                                                                                                             | No\*     | -             |
 | `prompt`                         | Instructions for Claude. Can be a direct prompt or custom template for automation workflows                                                                                            | No       | -             |
 | `track_progress`                 | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context                                                                              | No       | `false`       |
-| `claude_args`                    | Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`)                                                                | No       | ""            |
+| `claude_args`                    | Additional [arguments to pass directly to Claude CLI](https://docs.claude.com/en/docs/claude-code/cli-reference#cli-flags) (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No       | ""            |
 | `base_branch`                    | The base branch to use for creating new branches (e.g., 'main', 'develop')                                                                                                             | No       | -             |
 | `use_sticky_comment`             | Use just one comment to deliver PR comments (only applies for pull_request event workflows)                                                                                            | No       | `false`       |
 | `github_token`                   | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!**                                                                   | No       | -             |
--- a/examples/ci-failure-auto-fix.yml
+++ b/examples/ci-failure-auto-fix.yml
@@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          ref: ${{ github.event.workflow_run.head_branch }}
          fetch-depth: 0
--- a/examples/claude.yml
+++ b/examples/claude.yml
@@ -26,7 +26,7 @@ jobs:
      actions: read # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/issue-deduplication.yml
+++ b/examples/issue-deduplication.yml
@@ -15,7 +15,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/issue-triage.yml
+++ b/examples/issue-triage.yml
@@ -14,7 +14,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
--- a/examples/manual-code-analysis.yml
+++ b/examples/manual-code-analysis.yml
@@ -23,7 +23,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 2 # Need at least 2 commits to analyze the latest
--- a/examples/pr-review-comprehensive.yml
+++ b/examples/pr-review-comprehensive.yml
@@ -16,7 +16,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/pr-review-filtered-authors.yml
+++ b/examples/pr-review-filtered-authors.yml
@@ -18,7 +18,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/pr-review-filtered-paths.yml
+++ b/examples/pr-review-filtered-paths.yml
@@ -19,7 +19,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/src/create-prompt/index.ts
+++ b/src/create-prompt/index.ts
@@ -684,7 +684,7 @@ ${
 - Display the todo list as a checklist in the GitHub comment and mark things off as you go.
 - REPOSITORY SETUP INSTRUCTIONS: The repository's CLAUDE.md file(s) contain critical repo-specific setup instructions, development guidelines, and preferences. Always read and follow these files, particularly the root CLAUDE.md, as they provide essential context for working with the codebase effectively.
 - Use h3 headers (###) for section titles in your comments, not h1 headers (#).
- Your comment must always include the job run link (and branch link if there is one) at the bottom.
+- Your comment must always include the job run link in the format "[View job run](${GITHUB_SERVER_URL}/${context.repository}/actions/runs/${process.env.GITHUB_RUN_ID})" at the bottom of your response (branch link if there is one should also be included there).
 CAPABILITIES AND LIMITATIONS:
 When users ask you to do something, be aware of what you can and cannot do. This section helps you understand how to respond when users request actions outside your scope.
--- a/src/mcp/install-mcp-server.ts
+++ b/src/mcp/install-mcp-server.ts
@@ -209,7 +209,7 @@ export async function prepareMcpConfig(
          "GITHUB_PERSONAL_ACCESS_TOKEN",
          "-e",
          "GITHUB_HOST",
-          "ghcr.io/github/github-mcp-server:sha-efef8ae", // https://github.com/github/github-mcp-server/releases/tag/v0.9.0
+          "ghcr.io/github/github-mcp-server:sha-23fa0dd", // https://github.com/github/github-mcp-server/releases/tag/v0.17.1
        ],
        env: {
          GITHUB_PERSONAL_ACCESS_TOKEN: githubToken,
Author	SHA1	Message	Date
btoo	f30f5eecfc	Update usage.md with link to claude cli args (#600 )	2025-10-21 14:38:12 -07:00
GitHub Actions	fc4013af38	chore: bump Claude Code version to 2.0.25	2025-10-21 21:37:39 +00:00
BangDori	96524b7ffe	docs: clarify job run link format in system prompt (#627 )	2025-10-20 22:52:05 -07:00
GitHub Actions	fd20c95358	chore: bump Claude Code version to 2.0.24	2025-10-20 19:12:24 +00:00
GitHub Actions	d808160c26	chore: bump Claude Code version to 2.0.23	2025-10-20 17:58:41 +00:00
Okumura Takahiro	3eacedbeb7	Update github-mcp-server to v0.17.1 (#613 )	2025-10-20 09:14:27 -07:00
Dale Seo	f52f12eba5	chore: upgrade actions/checkout from v4 to v5 (#632 )	2025-10-20 09:11:13 -07:00
GitHub Actions	4a85933f25	chore: bump Claude Code version to 2.0.22	2025-10-17 22:29:52 +00:00
GitHub Actions	ba6edd55ef	chore: bump Claude Code version to 2.0.21	2025-10-17 00:48:29 +00:00
GitHub Actions	06461dddff	chore: bump Claude Code version to 2.0.20	2025-10-16 16:51:26 +00:00
GitHub Actions	c2a94eead0	chore: bump Claude Code version to 2.0.19	2025-10-15 22:29:38 +00:00
Ashwin Bhat	1c0c3eaced	docs: document GitHub App permissions in security guide (#607 ) Clarifies which permissions are currently used (Contents, Pull Requests, Issues) versus those requested for planned future features (Discussions, Actions, Checks, Workflows). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>	2025-10-15 10:12:11 -07:00
GitHub Actions	23d2d6c6b4	chore: bump Claude Code version to 2.0.17	2025-10-15 16:58:01 +00:00
GitHub Actions	e8bad57227	chore: bump Claude Code version to 2.0.15	2025-10-14 17:50:14 +00:00
GitHub Actions	0a6d62601b	chore: bump Claude Code version to 2.0.14	2025-10-10 21:25:16 +00:00
GitHub Actions	777ffcbfc9	chore: bump Claude Code version to 2.0.13	2025-10-09 17:53:02 +00:00
GitHub Actions	dc58efed33	chore: bump Claude Code version to 2.0.12	2025-10-09 16:41:48 +00:00
GitHub Actions	e5437bfbc5	chore: bump Claude Code version to 2.0.11	2025-10-08 20:36:56 +00:00
GitHub Actions	b2dd1006a0	chore: bump Claude Code version to 2.0.10	2025-10-07 21:14:39 +00:00
GitHub Actions	ac1a3207f3	chore: bump Claude Code version to 2.0.9	2025-10-06 21:57:24 +00:00
Ashwin Bhat	521d069da7	docs: add prompt injection security note (#604 ) * docs: add prompt injection security note Add warning about potential hidden markdown in untrusted content from external contributors. Documents existing sanitization measures while acknowledging new bypass techniques may emerge. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update docs/security.md Co-authored-by: David Dworken <dworken@anthropic.com> * format --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: David Dworken <dworken@anthropic.com>	2025-10-06 09:51:50 -07:00
GitHub Actions	7e4b782d5f	chore: bump Claude Code version to 2.0.8	2025-10-04 23:17:33 +00:00
GitHub Actions	4fb0ef3be0	chore: bump Claude Code version to 2.0.5	2025-10-02 19:29:43 +00:00
GitHub Actions	14ac8aa20e	chore: bump Claude Code version to 2.0.1	2025-10-01 02:30:10 +00:00