Use shared claude-review reusable workflow

[leighmcculloch]

What

Replace the inlined claude-review.yml workflow with a call to the shared reusable workflow at stellar/actions/.github/workflows/claude-review.yml@main. Keep the existing pull_request trigger (the safer default; fork PRs can't access secrets on this event so they cannot be reviewed) and narrow the trigger types to [ready_for_review, synchronize] so Claude only reviews PRs that are marked ready and re-reviews on new commits.

Why

The same claude-review workflow is maintained across four stellar repos. Moving to stellar/actions lets all repos share one implementation, so the security model and prompt updates live in one place. The reusable workflow also adopts the harder pull_request_target flow with an author-association gate, enabling reviews of fork PRs from org members while still keeping secrets out of attacker-controlled code paths.

Example

Before — fully inlined workflow with pull_request trigger.

After:

name: Claude Review

on:
  pull_request:
    types: [ready_for_review, synchronize]

concurrency:
  group: claude-review-${{ github.event.pull_request.number }}
  cancel-in-progress: true

permissions: {}

jobs:
  review:
    uses: stellar/actions/.github/workflows/claude-review.yml@main
    secrets:
      anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

Note

Requires the corresponding PR in stellar/actions to be merged first so that stellar/actions/.github/workflows/claude-review.yml@main resolves:

• Add claude-review reusable workflow actions#103

[Copilot]

Pull request overview

Replaces the inlined Claude review workflow with a call to the shared reusable workflow in stellar/actions, and narrows trigger types to ready_for_review and synchronize.

Changes:

• Switch .github/workflows/claude-review.yml to use stellar/actions/.github/workflows/claude-review.yml@main.
• Pass ANTHROPIC_API_KEY via secrets: to the reusable workflow.
• Narrow pull_request trigger types from 4 to 2.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4f0975041f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore opened pull_request trigger

Restricting pull_request.types to ready_for_review and synchronize skips the initial review for PRs opened as non-draft, because ready_for_review only fires when a draft is explicitly converted to ready. In this configuration, a normal PR opened in ready state will not run Claude review until a later push triggers synchronize, which is a functional regression from the previous behavior and can leave first-pass changes unreviewed.

Useful? React with 👍 / 👎.