mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-22 22:44:13 +08:00
56179f5fc9
* feat: add review mode for PR code reviews
- Add 'review' as a new execution mode in action.yml
- Use default GitHub Action token (ACTIONS_TOKEN) for review mode
- Create review mode implementation with GitHub MCP tools included by default
- Move review-specific prompt to review mode's generatePrompt method
- Add comprehensive review workflow instructions for inline comments
- Fix type safety with proper mode validation
- Keep agent mode's simple inline prompt handling
* docs: add review mode example workflow
* update sample workflow
* fix: update review mode example to use @beta tag
* fix: enable automatic triggering for review mode on PR events
* fix: export allowed tools environment variables in review mode
The GitHub MCP tools were not being properly allowed because review mode
wasn't exporting the ALLOWED_TOOLS environment variable like agent mode does.
This caused all GitHub MCP tool calls to be blocked with permission errors.
* feat: add review mode workflow for testing
* fix: use INPUT_ prefix for allowed/disallowed tools environment variables
The base action expects INPUT_ALLOWED_TOOLS and INPUT_DISALLOWED_TOOLS
(following GitHub Actions input naming convention) but we were exporting
them without the INPUT_ prefix. This was causing the tools to not be
properly allowed in the base action.
* fix: add explicit review tool names and additional workflow permissions
- Add explicit tool names in case wildcards aren't working properly
- Add statuses and checks write permissions to workflow
- Include both github and github_comment MCP server tools
* refactor: consolidate review workflows and use review mode
- Update claude-review.yml to use review mode instead of direct_prompt
- Use km-anthropic fork action
- Remove duplicate claude-review-mode.yml workflow
- Add synchronize event to review PR updates
- Update permissions for review mode (remove id-token, add pull-requests/issues write)
* feat: enhance review mode to provide detailed tracking comment summary
- Update review mode prompt to explicitly request detailed summaries
- Include issue counts, key findings, and recommendations in tracking comment
- Ensure users can see complete review overview without checking each inline comment
* Revert "refactor: consolidate review workflows and use review mode"
This reverts commit 54ca948599.
* fix: address PR review feedback for review mode
- Make generatePrompt required in Mode interface
- Implement generatePrompt in all modes (tag, agent, review)
- Remove unnecessary git/branch operations from review mode
- Restrict review mode triggers to specific PR actions
- Fix type safety issues by removing any types
- Update tests to support new Mode interface
* test: update mode registry tests to include review mode
* chore: run prettier formatting
* fix: make mode parameter required in generatePrompt function
Remove optional mode parameter since the function throws an error when mode is not provided. This makes the type signature consistent with the actual behavior.
* fix: remove last any type and update README with review mode
- Remove any type cast in review mode by using isPullRequestEvent type guard
- Add review mode documentation to README execution modes section
- Update mode parameter description in README configuration table
* mandatory bun format
* fix: improve review mode GitHub suggestion format instructions
- Add clear guidance on GitHub's suggestion block format
- Emphasize that suggestions must only replace the specific commented lines
- Add examples of correct vs incorrect suggestion formatting
- Clarify when to use multi-line comments with startLine and line parameters
- Guide on handling complex changes that require multiple modifications
This should resolve issues where suggestions aren't directly committable.
* Add missing MCP tools for experimental-review mode based on test requirements
* chore: format code
* docs: add experimental-review mode documentation with clear warnings
* docs: remove emojis from experimental-review mode documentation
* docs: clarify experimental-review mode triggers - depends on workflow configuration
* minor format update
* test: fix registry tests for experimental-review mode name change
* refactor: clean up review mode implementation based on feedback
- Remove unused parameters from generatePrompt in agent and review modes
- Keep Claude comment requirement for review mode (tracking comment)
- Add overridePrompt support to review mode
- Remove non-existent MCP tools from review mode allowed list
- Fix unused import in agent mode
These changes address all review feedback while maintaining clean code
and proper functionality.
* fix: remove redundant update_claude_comment from review mode allowed tools
The github_comment server is always included automatically, so we don't
need to explicitly list mcp__github_comment__update_claude_comment in
the allowed tools.
* feat: review mode now uses review body instead of tracking comment
- Remove tracking comment creation from review mode
- Update prompt to instruct Claude to write comprehensive review in body
- Remove comment ID requirement for review mode
- The review submission body now serves as the main review content
This makes review mode cleaner with one less comment on the PR. The
review body contains all the information that would have been in the
tracking comment.
* add back id-token: write for example
* Add PR number for context + make it mandatory to have a PR associated
* add `mcp__github__add_issue_comment` tool
* rename token
* bun format
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
291 lines
12 KiB
YAML
291 lines
12 KiB
YAML
name: "Claude Code Action Official"
|
|
description: "General-purpose Claude agent for GitHub PRs and issues. Can answer questions and implement code changes."
|
|
branding:
|
|
icon: "at-sign"
|
|
color: "orange"
|
|
|
|
inputs:
|
|
trigger_phrase:
|
|
description: "The trigger phrase to look for in comments or issue body"
|
|
required: false
|
|
default: "@claude"
|
|
assignee_trigger:
|
|
description: "The assignee username that triggers the action (e.g. @claude)"
|
|
required: false
|
|
label_trigger:
|
|
description: "The label that triggers the action (e.g. claude)"
|
|
required: false
|
|
default: "claude"
|
|
base_branch:
|
|
description: "The branch to use as the base/source when creating new branches (defaults to repository default branch)"
|
|
required: false
|
|
branch_prefix:
|
|
description: "The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)"
|
|
required: false
|
|
default: "claude/"
|
|
|
|
# Mode configuration
|
|
mode:
|
|
description: "Execution mode for the action. Valid modes: 'tag' (default - triggered by mentions/assignments), 'agent' (for automation with no trigger checking), 'experimental-review' (experimental mode for code reviews with inline comments and suggestions)"
|
|
required: false
|
|
default: "tag"
|
|
|
|
# Claude Code configuration
|
|
model:
|
|
description: "Model to use (provider-specific format required for Bedrock/Vertex)"
|
|
required: false
|
|
anthropic_model:
|
|
description: "DEPRECATED: Use 'model' instead. Model to use (provider-specific format required for Bedrock/Vertex)"
|
|
required: false
|
|
fallback_model:
|
|
description: "Enable automatic fallback to specified model when primary model is unavailable"
|
|
required: false
|
|
allowed_tools:
|
|
description: "Additional tools for Claude to use (the base GitHub tools will always be included)"
|
|
required: false
|
|
default: ""
|
|
disallowed_tools:
|
|
description: "Tools that Claude should never use"
|
|
required: false
|
|
default: ""
|
|
custom_instructions:
|
|
description: "Additional custom instructions to include in the prompt for Claude"
|
|
required: false
|
|
default: ""
|
|
direct_prompt:
|
|
description: "Direct instruction for Claude (bypasses normal trigger detection)"
|
|
required: false
|
|
default: ""
|
|
override_prompt:
|
|
description: "Complete replacement of Claude's prompt with custom template (supports variable substitution)"
|
|
required: false
|
|
default: ""
|
|
mcp_config:
|
|
description: "Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers"
|
|
additional_permissions:
|
|
description: "Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results"
|
|
required: false
|
|
default: ""
|
|
claude_env:
|
|
description: "Custom environment variables to pass to Claude Code execution (YAML format)"
|
|
required: false
|
|
default: ""
|
|
settings:
|
|
description: "Claude Code settings as JSON string or path to settings JSON file"
|
|
required: false
|
|
default: ""
|
|
|
|
# Auth configuration
|
|
anthropic_api_key:
|
|
description: "Anthropic API key (required for direct API, not needed for Bedrock/Vertex)"
|
|
required: false
|
|
claude_code_oauth_token:
|
|
description: "Claude Code OAuth token (alternative to anthropic_api_key)"
|
|
required: false
|
|
github_token:
|
|
description: "GitHub token with repo and pull request permissions (optional if using GitHub App)"
|
|
required: false
|
|
use_bedrock:
|
|
description: "Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API"
|
|
required: false
|
|
default: "false"
|
|
use_vertex:
|
|
description: "Use Google Vertex AI with OIDC authentication instead of direct Anthropic API"
|
|
required: false
|
|
default: "false"
|
|
|
|
max_turns:
|
|
description: "Maximum number of conversation turns"
|
|
required: false
|
|
default: ""
|
|
timeout_minutes:
|
|
description: "Timeout in minutes for execution"
|
|
required: false
|
|
default: "30"
|
|
use_sticky_comment:
|
|
description: "Use just one comment to deliver issue/PR comments"
|
|
required: false
|
|
default: "false"
|
|
use_commit_signing:
|
|
description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
|
|
required: false
|
|
default: "false"
|
|
experimental_allowed_domains:
|
|
description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected."
|
|
required: false
|
|
default: ""
|
|
|
|
outputs:
|
|
execution_file:
|
|
description: "Path to the Claude Code execution output file"
|
|
value: ${{ steps.claude-code.outputs.execution_file }}
|
|
branch_name:
|
|
description: "The branch created by Claude Code for this execution"
|
|
value: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Install Bun
|
|
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # https://github.com/oven-sh/setup-bun/releases/tag/v2.0.2
|
|
with:
|
|
bun-version: 1.2.11
|
|
|
|
- name: Install Dependencies
|
|
shell: bash
|
|
run: |
|
|
cd ${GITHUB_ACTION_PATH}
|
|
bun install
|
|
|
|
- name: Prepare action
|
|
id: prepare
|
|
shell: bash
|
|
run: |
|
|
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/prepare.ts
|
|
env:
|
|
MODE: ${{ inputs.mode }}
|
|
TRIGGER_PHRASE: ${{ inputs.trigger_phrase }}
|
|
ASSIGNEE_TRIGGER: ${{ inputs.assignee_trigger }}
|
|
LABEL_TRIGGER: ${{ inputs.label_trigger }}
|
|
BASE_BRANCH: ${{ inputs.base_branch }}
|
|
BRANCH_PREFIX: ${{ inputs.branch_prefix }}
|
|
ALLOWED_TOOLS: ${{ inputs.allowed_tools }}
|
|
DISALLOWED_TOOLS: ${{ inputs.disallowed_tools }}
|
|
CUSTOM_INSTRUCTIONS: ${{ inputs.custom_instructions }}
|
|
DIRECT_PROMPT: ${{ inputs.direct_prompt }}
|
|
OVERRIDE_PROMPT: ${{ inputs.override_prompt }}
|
|
MCP_CONFIG: ${{ inputs.mcp_config }}
|
|
OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
|
|
GITHUB_RUN_ID: ${{ github.run_id }}
|
|
USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
|
|
DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}
|
|
ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
|
|
USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
|
|
|
|
- name: Install Base Action Dependencies
|
|
if: steps.prepare.outputs.contains_trigger == 'true'
|
|
shell: bash
|
|
run: |
|
|
echo "Installing base-action dependencies..."
|
|
cd ${GITHUB_ACTION_PATH}/base-action
|
|
bun install
|
|
echo "Base-action dependencies installed"
|
|
cd -
|
|
# Install Claude Code globally
|
|
bun install -g @anthropic-ai/claude-code@1.0.66
|
|
|
|
- name: Setup Network Restrictions
|
|
if: steps.prepare.outputs.contains_trigger == 'true' && inputs.experimental_allowed_domains != ''
|
|
shell: bash
|
|
run: |
|
|
chmod +x ${GITHUB_ACTION_PATH}/scripts/setup-network-restrictions.sh
|
|
${GITHUB_ACTION_PATH}/scripts/setup-network-restrictions.sh
|
|
env:
|
|
EXPERIMENTAL_ALLOWED_DOMAINS: ${{ inputs.experimental_allowed_domains }}
|
|
|
|
- name: Run Claude Code
|
|
id: claude-code
|
|
if: steps.prepare.outputs.contains_trigger == 'true'
|
|
shell: bash
|
|
run: |
|
|
|
|
# Run the base-action
|
|
bun run ${GITHUB_ACTION_PATH}/base-action/src/index.ts
|
|
env:
|
|
# Base-action inputs
|
|
CLAUDE_CODE_ACTION: "1"
|
|
INPUT_PROMPT_FILE: ${{ runner.temp }}/claude-prompts/claude-prompt.txt
|
|
INPUT_ALLOWED_TOOLS: ${{ env.ALLOWED_TOOLS }}
|
|
INPUT_DISALLOWED_TOOLS: ${{ env.DISALLOWED_TOOLS }}
|
|
INPUT_MAX_TURNS: ${{ inputs.max_turns }}
|
|
INPUT_MCP_CONFIG: ${{ steps.prepare.outputs.mcp_config }}
|
|
INPUT_SETTINGS: ${{ inputs.settings }}
|
|
INPUT_SYSTEM_PROMPT: ""
|
|
INPUT_APPEND_SYSTEM_PROMPT: ""
|
|
INPUT_TIMEOUT_MINUTES: ${{ inputs.timeout_minutes }}
|
|
INPUT_CLAUDE_ENV: ${{ inputs.claude_env }}
|
|
INPUT_FALLBACK_MODEL: ${{ inputs.fallback_model }}
|
|
|
|
# Model configuration
|
|
ANTHROPIC_MODEL: ${{ inputs.model || inputs.anthropic_model }}
|
|
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
|
|
NODE_VERSION: ${{ env.NODE_VERSION }}
|
|
DETAILED_PERMISSION_MESSAGES: "1"
|
|
|
|
# Provider configuration
|
|
ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}
|
|
CLAUDE_CODE_OAUTH_TOKEN: ${{ inputs.claude_code_oauth_token }}
|
|
ANTHROPIC_BASE_URL: ${{ env.ANTHROPIC_BASE_URL }}
|
|
CLAUDE_CODE_USE_BEDROCK: ${{ inputs.use_bedrock == 'true' && '1' || '' }}
|
|
CLAUDE_CODE_USE_VERTEX: ${{ inputs.use_vertex == 'true' && '1' || '' }}
|
|
|
|
# AWS configuration
|
|
AWS_REGION: ${{ env.AWS_REGION }}
|
|
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
|
|
AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
|
|
ANTHROPIC_BEDROCK_BASE_URL: ${{ env.ANTHROPIC_BEDROCK_BASE_URL || (env.AWS_REGION && format('https://bedrock-runtime.{0}.amazonaws.com', env.AWS_REGION)) }}
|
|
|
|
# GCP configuration
|
|
ANTHROPIC_VERTEX_PROJECT_ID: ${{ env.ANTHROPIC_VERTEX_PROJECT_ID }}
|
|
CLOUD_ML_REGION: ${{ env.CLOUD_ML_REGION }}
|
|
GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GOOGLE_APPLICATION_CREDENTIALS }}
|
|
ANTHROPIC_VERTEX_BASE_URL: ${{ env.ANTHROPIC_VERTEX_BASE_URL }}
|
|
|
|
# Model-specific regions for Vertex
|
|
VERTEX_REGION_CLAUDE_3_5_HAIKU: ${{ env.VERTEX_REGION_CLAUDE_3_5_HAIKU }}
|
|
VERTEX_REGION_CLAUDE_3_5_SONNET: ${{ env.VERTEX_REGION_CLAUDE_3_5_SONNET }}
|
|
VERTEX_REGION_CLAUDE_3_7_SONNET: ${{ env.VERTEX_REGION_CLAUDE_3_7_SONNET }}
|
|
|
|
- name: Update comment with job link
|
|
if: steps.prepare.outputs.contains_trigger == 'true' && steps.prepare.outputs.claude_comment_id && always()
|
|
shell: bash
|
|
run: |
|
|
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/update-comment-link.ts
|
|
env:
|
|
REPOSITORY: ${{ github.repository }}
|
|
PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
|
|
CLAUDE_COMMENT_ID: ${{ steps.prepare.outputs.claude_comment_id }}
|
|
GITHUB_RUN_ID: ${{ github.run_id }}
|
|
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
|
|
GITHUB_EVENT_NAME: ${{ github.event_name }}
|
|
TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
|
|
CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
|
|
IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_review_comment' }}
|
|
BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }}
|
|
CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }}
|
|
OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }}
|
|
TRIGGER_USERNAME: ${{ github.event.comment.user.login || github.event.issue.user.login || github.event.pull_request.user.login || github.event.sender.login || github.triggering_actor || github.actor || '' }}
|
|
PREPARE_SUCCESS: ${{ steps.prepare.outcome == 'success' }}
|
|
PREPARE_ERROR: ${{ steps.prepare.outputs.prepare_error || '' }}
|
|
USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
|
|
USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
|
|
|
|
- name: Display Claude Code Report
|
|
if: steps.prepare.outputs.contains_trigger == 'true' && steps.claude-code.outputs.execution_file != ''
|
|
shell: bash
|
|
run: |
|
|
# Try to format the turns, but if it fails, dump the raw JSON
|
|
if bun run ${{ github.action_path }}/src/entrypoints/format-turns.ts "${{ steps.claude-code.outputs.execution_file }}" >> $GITHUB_STEP_SUMMARY 2>/dev/null; then
|
|
echo "Successfully formatted Claude Code report"
|
|
else
|
|
echo "## Claude Code Report (Raw Output)" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "Failed to format output (please report). Here's the raw JSON:" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo '```json' >> $GITHUB_STEP_SUMMARY
|
|
cat "${{ steps.claude-code.outputs.execution_file }}" >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
|
|
- name: Revoke app token
|
|
if: always() && inputs.github_token == ''
|
|
shell: bash
|
|
run: |
|
|
curl -L \
|
|
-X DELETE \
|
|
-H "Accept: application/vnd.github+json" \
|
|
-H "Authorization: Bearer ${{ steps.prepare.outputs.GITHUB_TOKEN }}" \
|
|
-H "X-GitHub-Api-Version: 2022-11-28" \
|
|
${GITHUB_API_URL:-https://api.github.com}/installation/token
|