Mirrors/super-productivity
1
0
Fork 0
mirror of https://github.com/johannesjo/super-productivity.git synced 2026-01-23 02:36:05 +00:00
Code Issues Projects Releases Wiki Activity
super-productivity/.github/workflows/claude-code-review.yml
Corey Newton ababd99b57
docs(ci): Exclude docs/wiki/** from some actions 
There is no reason to run certain checks on simple documentation
updates. These Actions showed up during the initial v0.1 PR and added
noise to the PR process.
2026-01-21 20:04:16 -08:00

59 lines
2.2 KiB
YAML
Raw Permalink Blame History

name: Claude Code Review
# Using pull_request_target to grant write permissions for fork PRs.
# This is safe because:
# 1. We use a trusted action from Anthropic
# 2. The action only reads PR content and posts comments
# 3. No code from the PR is executed
on:
pull_request_target:
types: [opened, synchronize, ready_for_review, reopened]
paths-ignore:
- 'docs/wiki/**'
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"
jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
# Skip draft PRs to reduce API usage
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
issues: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
with:
fetch-depth: 1
- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@a017b830c03e23789b11fb69ed571ea61c12e45c # v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
# Allow all PR authors regardless of repository permissions
# This is safe because pull_request_target runs in the base repo context
allowed_non_write_users: '*'
# Allow common dependency management bots to trigger reviews
allowed_bots: 'dependabot[bot],renovate[bot]'
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
plugins: 'code-review@claude-code-plugins'
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
Reference in a new issue View git blame Copy permalink