Add Claude Code GitHub Workflow

[tcsenpai]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[coderabbitai]

Warning

Rate limit exceeded

@tcsenpai has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 37 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ab50a1af-7929-4e73-9fb9-c7d31175236b

📥 Commits

Reviewing files that changed from the base of the PR and between 50ab546 and c732a77.

📒 Files selected for processing (1)

• .github/workflows/claude.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-claude-github-actions-1778080456195

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

Review Summary by Qodo

Add Claude Code GitHub Actions workflow for AI assistance

✨ Enhancement

Walkthroughs

Description

• Adds GitHub Actions workflow for Claude Code integration
• Enables @claude mentions in PR/issue comments to trigger AI assistance
• Configures workflow to trigger on comments, reviews, and issues
• Sets up secure OAuth token authentication with proper permissions

Diagram

flowchart LR
  A["@claude mention in PR/Issue"] -->|Triggers| B["GitHub Actions Workflow"]
  B -->|Authenticates with| C["Claude Code Action"]
  C -->|Reads context| D["PR/Issue files and diffs"]
  C -->|Executes| E["AI-assisted code changes"]
  E -->|Creates| F["Comments/commits/branches"]

Loading

File Changes

1. .github/workflows/claude.yml ⚙️ Configuration changes +50/-0

GitHub Actions workflow for Claude Code integration

• Creates new GitHub Actions workflow triggered by @claude mentions in comments, reviews, and issues
• Configures job to run on ubuntu-latest with read permissions for contents, PRs, and issues
• Sets up Claude Code action with OAuth token authentication from GitHub secrets
• Includes optional configuration for custom prompts and allowed tools for Claude execution

.github/workflows/claude.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (4) 📘 Rule violations (0)

1. Untrusted secret-trigger workflow 🐞 Bug ⛨ Security

Description

The workflow is triggered by @claude text in issues/comments/reviews but does not restrict
execution to trusted actors, while passing secrets.CLAUDE_CODE_OAUTH_TOKEN into a third-party
action. This allows any user who can open issues or comment to trigger runs that consume and
potentially expose that secret.

Code

.github/workflows/claude.yml[R3-38]

+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+

Evidence

The workflow triggers on issues/issue_comment/review events and gates only on a text
contains(..., '@claude') check, with no author_association/actor/bot restriction, while
injecting a repository secret into the action.

.github/workflows/claude.yml[3-20]
.github/workflows/claude.yml[33-38]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
This workflow can be triggered by untrusted issue/comment authors while still receiving `secrets.CLAUDE_CODE_OAUTH_TOKEN`.

### Issue Context
The job currently checks only for `@claude` text. Add a trust gate (e.g., `author_association` in `OWNER|MEMBER|COLLABORATOR`) and optionally ignore bot senders to prevent untrusted-triggered secret-bearing runs.

### Fix Focus Areas
- .github/workflows/claude.yml[3-20]
- .github/workflows/claude.yml[15-19]
- .github/workflows/claude.yml[33-38]

### Suggested direction (example)
- Add an additional condition for each event type, e.g.:
 - `github.event.comment.author_association` for `issue_comment` / `pull_request_review_comment`
 - `github.event.review.author_association` for `pull_request_review`
 - `github.event.issue.author_association` for `issues`
- Also consider blocking bot senders (`github.event.sender.type != 'Bot'`) to avoid self-trigger loops if the action ever posts content containing `@claude`.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Unpinned third-party action 🐞 Bug ⛨ Security

Description

The workflow uses anthropics/claude-code-action@v1, which is a mutable reference, while providing
a repository secret to the action. If the upstream tag is moved or compromised, attacker-controlled
code could run with access to CLAUDE_CODE_OAUTH_TOKEN.

Code

.github/workflows/claude.yml[R33-37]

+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Evidence

The action is referenced by a mutable version tag (@v1) and receives the OAuth token secret as an
input.

.github/workflows/claude.yml[33-38]
Best Practice: GitHub Actions security hardening

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
A third-party GitHub Action is referenced via a mutable tag (`@v1`) while receiving a repository secret.

### Issue Context
Pinning actions to an immutable commit SHA reduces supply-chain risk.

### Fix Focus Areas
- .github/workflows/claude.yml[33-37]

### Suggested direction
Replace:
- `uses: anthropics/claude-code-action@v1`

With a commit SHA pin, e.g.:
- `uses: anthropics/claude-code-action@<full_commit_sha>`

Optionally add an inline comment noting the corresponding `v1.x.y` release for maintainability.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Overbroad OIDC permission 🐞 Bug ⛨ Security

Description

The job grants id-token: write, but the workflow itself does not use OIDC directly. This expands
the blast radius if any step/action is compromised because it could mint OIDC tokens for any
configured cloud trust relationship.

Code

.github/workflows/claude.yml[R21-26]

+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs

Evidence

The permissions block enables id-token: write, and there are no explicit OIDC-consuming steps
shown in this workflow file.

.github/workflows/claude.yml[21-27]
Best Practice: Principle of least privilege

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`id-token: write` is granted but not clearly required by any step in this workflow.

### Issue Context
If the Claude action does not explicitly require OIDC, removing this permission reduces security exposure.

### Fix Focus Areas
- .github/workflows/claude.yml[21-26]

### Suggested direction
- Remove `id-token: write` from the job permissions.
- If the action does require OIDC, document why in a comment and scope other permissions as tightly as possible.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

4. Extra runs on issue assignment 🐞 Bug ➹ Performance

Description

The workflow triggers on issues: types: [opened, assigned], so assigning an issue that already
contains @claude in the title/body will re-run the job even without any new request text. This can
create repeated runs and unnecessary token/CI consumption.

Code

.github/workflows/claude.yml[R8-11]

+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]

Evidence

The issues trigger includes assigned, and the job condition for issues checks only whether the
issue title/body contains @claude, which will still be true on assignment events.

.github/workflows/claude.yml[8-11]
.github/workflows/claude.yml[15-19]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
Including `issues.assigned` can cause re-runs for the same issue content.

### Issue Context
If assignment is not intended to trigger Claude, remove `assigned` to avoid duplicate runs.

### Fix Focus Areas
- .github/workflows/claude.yml[8-11]

### Suggested direction
Change:
- `issues: types: [opened, assigned]`

To:
- `issues: types: [opened]`

(or keep `assigned` only if you explicitly want assignment-driven runs).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[greptile-apps]

Greptile Summary

This PR adds a GitHub Actions workflow (.github/workflows/claude.yml) that enables Claude Code to respond to @claude mentions in PR comments, issue comments, and PR reviews. The workflow structure and trigger conditions are correct, but the permission grants need adjustment before it will work end-to-end.

• The job-level permissions block only grants read access to contents, pull-requests, and issues. Claude Code needs write on all three to post reply comments, create branches, and push commits — the core interactions described in the PR description. Without this, every triggered run will fail when the action tries to respond.
• actions: read is declared twice: once in the job permissions block and again in the additional_permissions input; one of the two should be removed.

Confidence Score: 3/5

Not safe to merge as-is — Claude will authenticate and spin up successfully but fail silently on every response attempt because the GITHUB_TOKEN lacks write access.

The workflow will trigger and reach the Claude API correctly, but the action cannot write back to GitHub (comments, branches, commits) with only read permissions. This makes the integration non-functional in practice even though the workflow itself won't error at startup.

.github/workflows/claude.yml — the permissions block needs contents/pull-requests/issues changed from read to write.

Important Files Changed

Filename	Overview
.github/workflows/claude.yml	New Claude Code GitHub Actions workflow; missing write permissions on contents/pull-requests/issues will prevent Claude from posting comments or pushing commits, and actions: read is declared twice.

Sequence Diagram

sequenceDiagram
    actor User
    participant GH as GitHub
    participant WF as claude.yml Workflow
    participant Action as claude-code-action@v1
    participant Claude as Claude API

    User->>GH: Comment with @claude on issue/PR
    GH->>WF: Trigger (issue_comment / pull_request_review_comment / etc.)
    WF->>WF: Evaluate if condition (@claude mention check)
    WF->>Action: Run with CLAUDE_CODE_OAUTH_TOKEN
    Action->>GH: Checkout repository (fetch-depth: 1)
    Action->>Claude: Send context (PR/issue body, diff, comments)
    Claude-->>Action: Response + actions to take
    Action->>GH: Attempt to post comment / create branch / commit
    Note over Action,GH: Fails with 403 — only read permissions granted

Loading

Comments Outside Diff (2)

1. .github/workflows/claude.yml, line 22-25 (link)

   Missing write permissions — Claude cannot post comments or push commits

   The job grants only read permissions for contents, pull-requests, and issues. According to the PR description, Claude is expected to "create comments, branches, and commits," but all three of those operations require write access on the GITHUB_TOKEN. With read-only permissions, any attempt by the action to post a reply comment or push a branch will receive a 403 from the GitHub API, making the workflow silently fail after every trigger.

2. .github/workflows/claude.yml, line 39-41 (link)

   Duplicate actions: read permission

   actions: read is already declared at the job-level permissions block on line 26. The additional_permissions input on lines 40–41 repeats it, which is redundant and may cause confusion about where the permission actually comes from.

_{Reviews (1): Last reviewed commit: ""Claude PR Assistant workflow"" | Re-trigger Greptile}