mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-22 22:44:13 +08:00
06b3126baf
* feat: add Squid proxy network restrictions to Claude workflow Implements URL whitelisting for GitHub Actions to prevent unauthorized network access. Only allows connections to: - Claude API (anthropic.com) - GitHub services - Package registries (npm, bun) - Azure blob storage for caching Uses NO_PROXY for package registries to avoid integrity check issues. * test: add network restrictions verification test * test: simplify network restrictions test output * refactor: make network restrictions opt-in and move to examples - Removed network restrictions from .github/workflows/claude.yml - Added network restrictions to examples/claude.yml as opt-in feature - Changed from DISABLE_NETWORK_RESTRICTIONS to ENABLE_NETWORK_RESTRICTIONS - Added support for CUSTOM_ALLOWED_DOMAINS repository variable - Organized whitelist by provider (Anthropic, Bedrock, Vertex AI) - Removed package registries from whitelist (already in NO_PROXY) Users can now enable network restrictions by setting ENABLE_NETWORK_RESTRICTIONS=true and configure additional domains via CUSTOM_ALLOWED_DOMAINS. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Minor bun format * test: simplify network restrictions test - Reduce to one allowed and one blocked domain - Remove slow google.com test - Fix TypeScript errors with AbortController - Match test formatting conventions 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Move network restrictions to actions.yml + show custom domains in the examples folder * Simplify network restrictions -- Move it to actions, remove extended examples in claude.yml and move them to readme * Remove unnecessary network restrictions test and update readme + action.yml with no default domains and respective instructions in the readme * Update README with common domains * Give an example of network restriction in claude.yml * Remove unnecesssary NO_PROXY as packages are installed beforehand * Remove proxy example -- it's intuitive for users to figure it out * Update potential EOF not being treated as a string issue * update claude.yml to test * Update example allowed_domains with tested domains for network restrictions * change to experimental allowed domains and add `.blob.core.windows.net` to use cached bun isntall * Update remaining allowed_domains references to experimental_allowed_domains * Reset claude.yml to match origin/main Remove network restrictions test changes from claude.yml * Format README.md table alignment Run bun format to fix table column alignment --------- Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
name: Claude PR Assistant
|
|
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
pull_request_review_comment:
|
|
types: [created]
|
|
issues:
|
|
types: [opened, assigned]
|
|
pull_request_review:
|
|
types: [submitted]
|
|
|
|
jobs:
|
|
claude-code-action:
|
|
if: |
|
|
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
|
|
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
|
|
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
|
|
(github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
issues: read
|
|
id-token: write
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Run Claude PR Action
|
|
uses: anthropics/claude-code-action@beta
|
|
with:
|
|
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
|
|
# Or use OAuth token instead:
|
|
# claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
|
timeout_minutes: "60"
|
|
# Optional: Restrict network access to specific domains only
|
|
# experimental_allowed_domains: |
|
|
# .anthropic.com
|
|
# .github.com
|
|
# api.github.com
|
|
# .githubusercontent.com
|
|
# bun.sh
|
|
# registry.npmjs.org
|
|
# .blob.core.windows.net
|