mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-04 03:45:08 -07:00
9d95c5b74c
pull_request runs from forks and dependabot don't receive OIDC tokens or repo secrets, so claude-code-action can't authenticate and the check fails on every external contributor PR. Guard the job to same-repo, non-dependabot PRs so it skips (rather than fails) those cases.
49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
name: Claude Code Review
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, ready_for_review, reopened]
|
|
# Optional: Only run on specific file changes
|
|
# paths:
|
|
# - "src/**/*.ts"
|
|
# - "src/**/*.tsx"
|
|
# - "src/**/*.js"
|
|
# - "src/**/*.jsx"
|
|
|
|
jobs:
|
|
claude-review:
|
|
# OIDC tokens and repo secrets are withheld from pull_request runs that
|
|
# originate from forks or dependabot, so the action cannot authenticate
|
|
# there and the check fails for every external PR. Skip those cases (the
|
|
# job simply does not run) instead of failing. Same-repo branch PRs still
|
|
# get reviewed. To review fork PRs too, switch the trigger to
|
|
# pull_request_target (has a security trade-off) rather than loosening this.
|
|
if: >-
|
|
github.event.pull_request.head.repo.full_name == github.repository &&
|
|
github.actor != 'dependabot[bot]'
|
|
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
issues: read
|
|
id-token: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Run Claude Code Review
|
|
id: claude-review
|
|
uses: anthropics/claude-code-action@v1
|
|
with:
|
|
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
|
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
|
|
plugins: 'code-review@claude-code-plugins'
|
|
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
|
|
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
|
|
# or https://code.claude.com/docs/en/cli-reference for available options
|
|
|