Add Claude Code GitHub Workflow

[ANcpLua]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• New Features
  • Automated code review workflow now runs on pull request events (creation, updates, reopen) to provide review feedback.
  • Interactive assistant integration enabled for issue and review comments, and for PR review events, allowing conversational/code-review responses when invoked.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds two GitHub Actions workflows that invoke an external Claude code-review action: one triggers on pull request events for automated PR reviews with plugin configuration; the other triggers on comments/reviews mentioning @claude to run Claude-driven responses.

Changes

Cohort / File(s)	Summary
Claude Code Review (PR) ​.github/workflows/claude-code-review.yml	New workflow triggered on PR events (opened, synchronize, ready_for_review, reopened). Checks out repo and runs anthropics/claude-code-action using an OAuth token, with plugin marketplace/spec and a prompt referencing PR details.
Claude Comment Trigger ​.github/workflows/claude.yml	New workflow triggered on issue comments, PR review comments, issues, and PR reviews when @claude is referenced. Checks out repo and runs anthropics/claude-code-action with CLAUDE_CODE_OAUTH_TOKEN and optional prompt/claude_args commented for customization.

Sequence Diagram(s)

sequenceDiagram
  participant GitHub as GitHub Events
  participant Actions as GitHub Actions Runner
  participant Repo as Repository (checkout)
  participant ClaudeAction as anthropics/claude-code-action
  participant ClaudeAPI as Claude Service

  rect rgba(100,150,240,0.5)
  GitHub->>Actions: PR event or comment triggers workflow
  end

  Actions->>Repo: checkout repository
  Actions->>ClaudeAction: invoke action with OAuth token + config
  ClaudeAction->>ClaudeAPI: send prompt + plugin spec
  ClaudeAPI-->>ClaudeAction: return review/response
  ClaudeAction-->>Actions: output results (comment, review, etc.)
  Actions->>GitHub: post comment or update PR/review

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding GitHub Actions workflows to integrate Claude Code into the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds GitHub Actions workflows to integrate Claude Code into the repository for interactive (“@claude”-triggered) runs and automated PR code reviews.

Changes:

• Introduces an “@claude”-triggered workflow for issues, PR comments, and reviews.
• Adds an automated “Claude Code Review” workflow that runs on PR lifecycle events.
• Configures the Anthropic Claude Code action with repository checkout and minimal permissions.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.

File	Description
.github/workflows/claude.yml	Workflow to run Claude Code when “@claude” is detected in issue/PR comment/review content.
.github/workflows/claude-code-review.yml	Workflow to run a code review plugin automatically on PR open/sync-related events.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

On pull_request events from forks, repository secrets (including CLAUDE_CODE_OAUTH_TOKEN) are not provided, so this job will fail on forked PRs. Add a guard to skip when the secret isn’t available and/or when github.event.pull_request.head.repo.full_name != github.repository to prevent noisy failures.

[Copilot]

This workflow’s token permissions are read-only for pull-requests and issues. If the code-review plugin is expected to leave review comments/status on the PR, it will need corresponding write permissions; otherwise the review results may only be visible in Actions logs. Confirm the intended behavior and adjust permissions accordingly.

Suggested change

	pull-requests: read
	issues: read
	pull-requests: write
	issues: write

[Copilot]

Repository workflows consistently use actions/checkout@v6 (e.g., .github/workflows/version-check.yml:12). To keep checkout pinned consistently across CI, consider updating this workflow to the same major version.

[Copilot]

The job can currently be triggered by anyone who can open an issue or leave a comment containing “@claude”. That means external users could run this workflow and consume the CLAUDE_CODE_OAUTH_TOKEN secret. Add an author/actor trust check (e.g., comment/issue/review author_association in OWNER|MEMBER|COLLABORATOR, or an allowlist) to each branch of the if condition and/or remove the issues trigger if not needed.

Suggested change

	(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
	(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
	(
	github.event_name == 'issue_comment' &&
	contains(github.event.comment.body, '@claude') &&
	(github.event.comment.author_association == 'OWNER' ||
	github.event.comment.author_association == 'MEMBER' ||
	github.event.comment.author_association == 'COLLABORATOR')
	) ||
	(
	github.event_name == 'pull_request_review_comment' &&
	contains(github.event.comment.body, '@claude') &&
	(github.event.comment.author_association == 'OWNER' ||
	github.event.comment.author_association == 'MEMBER' ||
	github.event.comment.author_association == 'COLLABORATOR')
	) ||
	(
	github.event_name == 'pull_request_review' &&
	contains(github.event.review.body, '@claude') &&
	(github.event.review.author_association == 'OWNER' ||
	github.event.review.author_association == 'MEMBER' ||
	github.event.review.author_association == 'COLLABORATOR')
	) ||
	(
	github.event_name == 'issues' &&
	(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
	(github.event.issue.author_association == 'OWNER' ||
	github.event.issue.author_association == 'MEMBER' ||
	github.event.issue.author_association == 'COLLABORATOR')
	)

[Copilot]

PR description says the workflow runs when @claude is mentioned in PR/issue comments, but this workflow also triggers on issues (opened/assigned) and pull_request_review (submitted). Either align the triggers with the described behavior or update the PR description to reflect these additional trigger paths.

[Copilot]

The workflow permissions are read-only for issues and pull-requests, but the PR description claims Claude can “create comments, branches, and commits.” With the current GITHUB_TOKEN permissions, posting comments or pushing commits from this workflow won’t be possible. Either grant the required write permissions (least-privilege) or adjust the description/expectations.

[Copilot]

Repository workflows consistently use actions/checkout@v6 (e.g., .github/workflows/aot-publish.yml:16, nuget-publish.yml:22). To match the repo’s established version pinning, update this workflow to use the same checkout major version.

[Copilot]

This workflow runs on every PR open/sync/reopen event, but the PR description focuses on “mention @claude” to trigger. If always-on reviews are intended, the description should mention it; otherwise consider adding an explicit opt-in (label, comment command, or path filter) to avoid unexpected/expensive runs.