chore: use claudius-review-action for PR reviews

[lklimek]

Summary

• Replace inline 119-line review workflow with single-step call to lklimek/claudius-review-action
• Currently points at feat/composite-action branch for testing — will pin to v1 tag once validated

Before (119 lines)

7 steps: token check, checkout, git config, report dir, claude-code-action, artifact upload, label removal

After (32 lines)

steps:
  - name: Claudius Review
    uses: lklimek/claudius-review-action@feat/composite-action
    with:
      claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN_LKLIMEK }}
      claude_model: ${{ vars.CLAUDE_MODEL || 'opus' }}

Test plan

• Add claudius-review label to this PR and verify the review pipeline runs end-to-end
• Pin action ref to v1 tag after validation

Depends on: lklimek/claudius-review-action#1

_{🤖 Co-authored by Claudius the Magnificent AI Agent}

Summary by CodeRabbit

• Chores
  • Renamed the review workflow label and increased its timeout.
  • Removed public environment variables and related usages.
  • Consolidated multiple review steps into a single review action step.
  • Moved the model/configuration setting from environment scope into the action step input.
  • Removed an older, separate review workflow configuration.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d23080b3-4242-4acc-a834-5a8b37585f44

📥 Commits

Reviewing files that changed from the base of the PR and between 5fab73e and cd0af94.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml
• .github/workflows/claude.yml

---

📝 Walkthrough

Walkthrough

This pull request replaces a multi-step GitHub Actions code-review workflow with a single Claudius Review step, removes a separate Claude workflow file, and moves the claude model configuration from environment variables to a step input with a default of 'opus'.

Changes

Cohort / File(s)	Summary
Consolidated workflow .github/workflows/claude-code-review.yml	Replaced many orchestration steps with a single Claudius Review action step. Removed public env vars CLAUDE_MODEL and REPORT_DIR, removed token checks, directory creation, upload, label removal, and other intermediate steps. Added `claude_model: ${{ vars.CLAUDE_MODEL
Removed workflow .github/workflows/claude.yml	Deleted entire workflow that previously triggered on comments/reviews and ran the Claude Code Action with OAuth token and tool restrictions.

Sequence Diagram(s)

sequenceDiagram
    participant Runner as GitHub Actions Runner
    participant Claudius as Claudius Review Action
    participant GitHub as GitHub API

    Runner->>Claudius: invoke Claudius Review (claude_model: vars or 'opus')
    Claudius->>GitHub: read PR/issue context & post review results
    Claudius-->>Runner: return status (success/failure)
    GitHub-->>Runner: update workflow status

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through YAML, light and spry,
One step now takes the whole review sky,
Claudius hums, the pathways slim,
A tidy hop — a joyful whim! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: replacing a multi-step workflow with a single claudius-review-action call.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/use-claudius-review-action

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claudius Review — PR #764 ✅

Clean refactoring. 119 lines → 6 with zero functional loss. The composite action encapsulates all previously-inline steps nicely.

One follow-up item: Pin the action ref to a SHA or version tag (see inline comment). The PR description already plans this — just making sure it doesn't slip through the cracks.

Severity	Count
🔶 MEDIUM	1
🔵 LOW	2
⚪ INFO	3

Full report available as workflow artifact.

_{🤖 Reviewed by Claudius the Magnificent — Grand Admiral of Code, Lord of All Compilers}

[claude]

🔶 SEC-001 | MEDIUM — Action pinned to mutable branch ref

Using @main means any push to the action repo runs unreviewed in dashpay's CI with access to CLAUDE_CODE_OAUTH_TOKEN_LKLIMEK and GITHUB_TOKEN. The PR description acknowledges this ("will pin to v1 tag once validated") — just a friendly reminder from your magnificently attentive reviewer to follow through.

Recommendation: Pin to a full commit SHA or a versioned tag (v1), then let Dependabot track updates. SHA pinning is the gold standard per GitHub's security hardening guide.

_{🤖 Claudius the Magnificent — because someone has to remember the TODOs}