"Claude Code Review workflow"

"Update Claude PR Assistant workflow"
chore: bump Claude Code version to 2.0.24
2026-01-23 15:04:13 +08:00 · 2025-10-20 21:12:14 -07:00 · 2025-10-20 21:12:12 -07:00 · 2025-10-20 19:12:24 +00:00 · 2025-10-20 17:58:41 +00:00 · 2025-10-20 09:14:27 -07:00
22 changed files with 116 additions and 37 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ jobs:
  test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: oven-sh/setup-bun@v2
        with:
@@ -24,7 +24,7 @@ jobs:
  prettier:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: oven-sh/setup-bun@v1
        with:
@@ -39,7 +39,7 @@ jobs:
  typecheck:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: oven-sh/setup-bun@v2
        with:
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -0,0 +1,57 @@
 name: Claude Code Review
 on:
  pull_request:
    types: [opened, synchronize]
    # Optional: Only run on specific file changes
    # paths:
    #   - "src/**/*.ts"
    #   - "src/**/*.tsx"
    #   - "src/**/*.js"
    #   - "src/**/*.jsx"
 jobs:
  claude-review:
    # Optional: Filter by PR author
    # if: |
    #   github.event.pull_request.user.login == 'external-contributor' ||
    #   github.event.pull_request.user.login == 'new-developer' ||
    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
      issues: read
      id-token: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
      - name: Run Claude Code Review
        id: claude-review
        uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: |
            REPO: ${{ github.repository }}
            PR NUMBER: ${{ github.event.pull_request.number }}
            Please review this pull request and provide feedback on:
            - Code quality and best practices
            - Potential bugs or issues
            - Performance considerations
            - Security concerns
            - Test coverage
            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -13,7 +13,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -23,6 +23,7 @@ jobs:
      pull-requests: read
      issues: read
      id-token: write
      actions: read # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -34,6 +35,16 @@ jobs:
        uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: |
+
-            --allowedTools "Bash(bun install),Bash(bun test:*),Bash(bun run format),Bash(bun typecheck)"
+          # This is an optional setting that allows Claude to read CI results on PRs
-            --model "claude-opus-4-1-20250805"
+          additional_permissions: |
            actions: read
          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
          # prompt: 'Update the pull request description to include a summary of changes.'
          # Optional: Add claude_args to customize behavior and configuration
          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
          # claude_args: '--allowed-tools Bash(gh pr:*)'
--- a/.github/workflows/issue-triage.yml
+++ b/.github/workflows/issue-triage.yml
@@ -14,7 +14,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
      next_version: ${{ steps.next_version.outputs.next_version }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
@@ -91,7 +91,7 @@ jobs:
      contents: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
@@ -116,7 +116,7 @@ jobs:
    environment: production
    steps:
      - name: Checkout base-action repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          repository: anthropics/claude-code-base-action
          token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
--- a/action.yml
+++ b/action.yml
@@ -177,7 +177,7 @@ runs:
        # Install Claude Code if no custom executable is provided
        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
          echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.13
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.24
          echo "$HOME/.local/bin" >> "$GITHUB_PATH"
        else
          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
--- a/base-action/README.md
+++ b/base-action/README.md
@@ -336,7 +336,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
--- a/base-action/action.yml
+++ b/base-action/action.yml
@@ -99,7 +99,7 @@ runs:
      run: |
        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
          echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.13
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.24
        else
          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
          # Add the directory containing the custom executable to PATH
--- a/base-action/examples/issue-triage.yml
+++ b/base-action/examples/issue-triage.yml
@@ -32,7 +32,7 @@ jobs:
                  "--rm",
                  "-e",
                  "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
+                  "ghcr.io/github/github-mcp-server:sha-23fa0dd"
                ],
                "env": {
                  "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -127,7 +127,7 @@ For performance, Claude uses shallow clones:
 If you need full history, you can configure this in your workflow before calling Claude in the `actions/checkout` step.
 ```
- uses: actions/checkout@v4
+- uses: actions/checkout@v5
  depth: 0 # will fetch full repo history
 ```
--- a/docs/security.md
+++ b/docs/security.md
@@ -19,11 +19,22 @@
 ## GitHub App Permissions
-The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:
+The [Claude Code GitHub app](https://github.com/apps/claude) requests the following permissions:
- **Pull Requests**: Read and write to create PRs and push changes
+### Currently Used Permissions
- **Issues**: Read and write to respond to issues
+
- **Contents**: Read and write to modify repository files
+- **Contents** (Read & Write): For reading repository files and creating branches
 - **Pull Requests** (Read & Write): For reading PR data and creating/updating pull requests
 - **Issues** (Read & Write): For reading issue data and updating issue comments
 ### Permissions for Future Features
 The following permissions are requested but not yet actively used. These will enable planned features in future releases:
 - **Discussions** (Read & Write): For interaction with GitHub Discussions
 - **Actions** (Read): For accessing workflow run data and logs
 - **Checks** (Read): For reading check run results
 - **Workflows** (Read & Write): For triggering and managing GitHub Actions workflows
 ## Commit Signing
--- a/docs/solutions.md
+++ b/docs/solutions.md
@@ -35,7 +35,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -89,7 +89,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -153,7 +153,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -211,7 +211,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -268,7 +268,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
@@ -344,7 +344,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
@@ -456,7 +456,7 @@ jobs:
      pull-requests: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          fetch-depth: 0
@@ -513,7 +513,7 @@ jobs:
      security-events: write
      id-token: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/ci-failure-auto-fix.yml
+++ b/examples/ci-failure-auto-fix.yml
@@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          ref: ${{ github.event.workflow_run.head_branch }}
          fetch-depth: 0
--- a/examples/claude.yml
+++ b/examples/claude.yml
@@ -26,7 +26,7 @@ jobs:
      actions: read # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/issue-deduplication.yml
+++ b/examples/issue-deduplication.yml
@@ -15,7 +15,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/issue-triage.yml
+++ b/examples/issue-triage.yml
@@ -14,7 +14,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
--- a/examples/manual-code-analysis.yml
+++ b/examples/manual-code-analysis.yml
@@ -23,7 +23,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 2 # Need at least 2 commits to analyze the latest
--- a/examples/pr-review-comprehensive.yml
+++ b/examples/pr-review-comprehensive.yml
@@ -16,7 +16,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/pr-review-filtered-authors.yml
+++ b/examples/pr-review-filtered-authors.yml
@@ -18,7 +18,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/examples/pr-review-filtered-paths.yml
+++ b/examples/pr-review-filtered-paths.yml
@@ -19,7 +19,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
--- a/src/mcp/install-mcp-server.ts
+++ b/src/mcp/install-mcp-server.ts
@@ -209,7 +209,7 @@ export async function prepareMcpConfig(
          "GITHUB_PERSONAL_ACCESS_TOKEN",
          "-e",
          "GITHUB_HOST",
-          "ghcr.io/github/github-mcp-server:sha-efef8ae", // https://github.com/github/github-mcp-server/releases/tag/v0.9.0
+          "ghcr.io/github/github-mcp-server:sha-23fa0dd", // https://github.com/github/github-mcp-server/releases/tag/v0.17.1
        ],
        env: {
          GITHUB_PERSONAL_ACCESS_TOKEN: githubToken,
Author	SHA1	Message	Date
Wanghong Yuan	721b4c6d2f	"Claude Code Review workflow"	2025-10-20 21:12:14 -07:00
Wanghong Yuan	67caede2ad	"Update Claude PR Assistant workflow"	2025-10-20 21:12:12 -07:00
GitHub Actions	fd20c95358	chore: bump Claude Code version to 2.0.24	2025-10-20 19:12:24 +00:00
GitHub Actions	d808160c26	chore: bump Claude Code version to 2.0.23	2025-10-20 17:58:41 +00:00
Okumura Takahiro	3eacedbeb7	Update github-mcp-server to v0.17.1 (#613 )	2025-10-20 09:14:27 -07:00
Dale Seo	f52f12eba5	chore: upgrade actions/checkout from v4 to v5 (#632 )	2025-10-20 09:11:13 -07:00
GitHub Actions	4a85933f25	chore: bump Claude Code version to 2.0.22	2025-10-17 22:29:52 +00:00
GitHub Actions	ba6edd55ef	chore: bump Claude Code version to 2.0.21	2025-10-17 00:48:29 +00:00
GitHub Actions	06461dddff	chore: bump Claude Code version to 2.0.20	2025-10-16 16:51:26 +00:00
GitHub Actions	c2a94eead0	chore: bump Claude Code version to 2.0.19	2025-10-15 22:29:38 +00:00
Ashwin Bhat	1c0c3eaced	docs: document GitHub App permissions in security guide (#607 ) Clarifies which permissions are currently used (Contents, Pull Requests, Issues) versus those requested for planned future features (Discussions, Actions, Checks, Workflows). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>	2025-10-15 10:12:11 -07:00
GitHub Actions	23d2d6c6b4	chore: bump Claude Code version to 2.0.17	2025-10-15 16:58:01 +00:00
GitHub Actions	e8bad57227	chore: bump Claude Code version to 2.0.15	2025-10-14 17:50:14 +00:00
GitHub Actions	0a6d62601b	chore: bump Claude Code version to 2.0.14	2025-10-10 21:25:16 +00:00