Add Claude Code GitHub Workflow

[josmanvis]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• Chores
  • Added automated code review workflow triggered on pull request events
  • Added workflow for Claude interactions via comments mentioning the bot

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Two new GitHub Actions workflows are introduced to integrate Claude Code Review functionality. The first workflow triggers on pull requests to run automated code review via Claude, while the second workflow triggers on comments and reviews mentioning @claude to enable Claude interactions with pull requests.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/claude-code-review.yml, .github/workflows/claude.yml	Added two new CI/CD workflows: claude-code-review.yml (+44 lines) triggers on PR events (opened, synchronize, ready_for_review, reopened) to run Claude Code Review action with code-review plugin; claude.yml (+50 lines) triggers on comments/reviews containing @claude mention to enable Claude interactions, both using anthropics/claude-code-action@v1 with OAuth token authentication

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops through workflows new,
With Claude aboard to review and brew,
Pull requests checked with AI delight,
Comments whispered to set things right! 🔍✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add Claude Code GitHub Workflow' accurately describes the main change: introducing GitHub Actions workflows to integrate Claude Code functionality.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/claude-code-review.yml:
- Around line 34-44: The workflow step with id "claude-review" currently sets
plugin_marketplaces and plugins and uses prompt '/code-review:code-review ...'
but references the wrong plugin marketplace name; update the step to either set
plugins to the correct marketplace name "code-review@claude-plugins-official"
(keeping plugin_marketplaces and the existing prompt) or remove the
plugin_marketplaces and plugins keys entirely and change the prompt value to
"/review" so the action uses the built-in review command; ensure you modify the
keys "plugin_marketplaces", "plugins", and "prompt" in the claude-review step
accordingly while leaving the uses: anthropics/claude-code-action@v1 and id:
claude-review unchanged.

🧹 Nitpick comments (2)

.github/workflows/claude.yml (1)

39-41: Redundant actions: read in additional_permissions.

The actions: read permission is already declared at the job level (line 26), making this additional_permissions entry redundant.

Suggested fix

-          # This is an optional setting that allows Claude to read CI results on PRs
-          additional_permissions: |
-            actions: read
+          # Optional: Add additional permissions if needed beyond job-level permissions
+          # additional_permissions: |
+          #   actions: read

.github/workflows/claude-code-review.yml (1)

13-26: Consider skipping draft PRs to avoid unnecessary workflow runs.

The workflow triggers on synchronize (every push), which means it runs on draft PRs as well. Adding a condition to skip drafts can reduce noise and costs:

Suggested addition

 jobs:
   claude-review:
+    if: github.event.pull_request.draft == false
     # Optional: Filter by PR author
     # if: |

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/claude-code-review.yml

Repository: josmanvis/floatnote

Length of output: 1803

---

🌐 Web query:

anthropics claude-code-action plugin marketplace configuration documentation

💡 Result:

Here are the primary docs pages for Claude Code Action “plugin/tooling” (MCP) and workflow configuration:

• GitHub Marketplace (official action listing): inputs/outputs, quickstart workflow YAML, and links to the full docs set (Setup/Usage/Custom Automations/Configuration, etc.). [1]
• Anthropic / Claude Code docs (GitHub Actions): how to configure prompt, pass CLI flags via claude_args, set anthropic_api_key, triggers, and notes about MCP (Model Context Protocol) configuration for loading external tool servers. [2]
• Source repo (docs index + configuration doc): the repository README links to a dedicated “Configuration” doc covering MCP servers, permissions, environment variables, and advanced settings. [3]

Sources: [1], [2], [3]

---

🌐 Web query:

claude-code-action GitHub marketplace official documentation plugin configuration

💡 Result:

Official links

• GitHub Marketplace listing (verified “anthropics”): Claude Code Action Official. [1]
• Official Anthropic docs (GitHub Actions): “Claude Code GitHub Actions”. [2]
• Official Anthropic docs (MCP / tool “plugins”): “Connect Claude Code to tools via MCP”. [3]

How to configure the action (v1)

In your workflow, use the unified inputs:

- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    prompt: "Your instructions here"
    claude_args: "--max-turns 5"

Anthropic documents prompt (instructions) and claude_args (passes Claude Code CLI flags) as the primary configuration surface for v1. [2]

“Plugin” configuration (MCP tools) for the action

Anthropic’s GitHub Actions docs call out CLI flags you pass via claude_args, including:

• --mcp-config (path to MCP configuration)
• --allowed-tools (comma-separated allowlist of tools) [2]

To author the MCP configuration itself (servers, scopes, .mcp.json, env var expansion, etc.), use the MCP docs. [3]

---

🌐 Web query:

anthropics/claude-code-action v1 plugin_marketplaces plugins parameter examples

💡 Result:

Here are working anthropics/claude-code-action@v1 examples for the plugin_marketplaces and plugins inputs (both are supported inputs in v1) [1].

Example: add one marketplace (URL) + install one plugin

- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    plugin_marketplaces: |
      https://github.com/your-org/your-marketplace.git
    plugins: |
      your-plugin@your-marketplace

[2]

Example: add the official Anthropic marketplace + install a plugin from it

Claude Code’s plugin install syntax is plugin-name@marketplace (e.g. feature-dev@anthropics/claude-code) [3].

- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    plugin_marketplaces: |
      anthropics/claude-code
    plugins: |
      feature-dev@anthropics/claude-code

[3]

Notes on formatting

• plugin_marketplaces: newline-separated list (YAML |) of marketplaces (commonly owner/repo or a git URL), same as you’d add via /plugin marketplace add … in Claude Code [3].
• plugins: newline-separated list where each line is plugin-name@marketplace [2], [3].

Sources: [1] [2] [3]

---

🌐 Web query:

claude-code-plugins marketplace anthropics

💡 Result:

“claude-code-plugins marketplace anthropics” refers to Anthropic’s official Claude Code plugin marketplace, typically added in Claude Code as the GitHub repo anthropics/claude-code. It’s a plugin marketplace catalog (a repo/URL containing a .claude-plugin/marketplace.json), not “GitHub Marketplace.” [1][2][3]

How to use it (in Claude Code)

1. Add the Anthropic marketplace:

/plugin marketplace add anthropics/claude-code

2. Install a plugin from it (examples):

/plugin install pr-review-toolkit@anthropics/claude-code
/plugin install commit-commands@anthropics/claude-code
/plugin install feature-dev@anthropics/claude-code

Claude Code also supports browsing/installing via the /plugin menu. [1][2][3]

What it contains

Anthropic’s marketplace includes bundled plugins such as PR review toolkit, commit workflow commands, and feature development workflows (plus others, depending on the current catalog). [3][4]

Sources: Anthropic’s plugin announcement and usage instructions [1], official Claude Code plugin docs [2], marketplace listing for anthropics/claude-code [3], and community notes clarifying it’s not GitHub Marketplace [5].

References
[1] https://claude.com/blog/claude-code-plugins
[2] https://docs.claude.com/en/docs/claude-code/plugins
[3] https://claudecodemarketplace.com/marketplace/anthropics/claude-code
[4] https://github.com/anthropics/claude-code
[5] https://github.com/jeremylongshore/claude-code-plugins

---

🌐 Web query:

claude-code-action anthropic_api_key vs claude_code_oauth_token authentication

💡 Result:

In anthropics/claude-code-action@v1, the two inputs correspond to two different ways Claude Code can authenticate to Anthropic:

• anthropic_api_key / ANTHROPIC_API_KEY

  • Uses an Anthropic Console API key (sent as the X-Api-Key header). This is the standard “direct API” / pay‑as‑you‑go authentication. [1]
  • Important precedence rule (Claude Code behavior): if ANTHROPIC_API_KEY is set in the environment, Claude Code will prefer it over any logged-in Claude.ai subscription, which can lead to unexpected API charges. [2]

• claude_code_oauth_token / CLAUDE_CODE_OAUTH_TOKEN

  • Uses a Claude Code OAuth access token (typically tied to a Claude.ai subscription like Pro/Max/Team/Enterprise) instead of an API key (often provided as a bearer Authorization token). This is documented/observed in Claude Code issue reports and in third-party summaries of the action’s inputs. [3][4]

Practical guidance

• Use anthropic_api_key when you want billing/quotas to come from your Anthropic Console API account. [1][2]
• Use claude_code_oauth_token when you intend to run under a Claude.ai subscription token (and avoid API-key billing), and ensure you do not also set ANTHROPIC_API_KEY, since API keys can take precedence. [2][3]

Sources: Claude Code env var docs + auth priority guidance, plus observed OAuth-token support in Claude Code/action materials. [1][2][3][4]

---

🌐 Web query:

anthropics/claude-code code-review plugin

💡 Result:

In Anthropic’s anthropics/claude-code ecosystem, the Code Review plugin is available as an installable Claude Code plugin and adds review-focused slash commands. The Claude Code repo also explicitly notes it “includes several Claude Code plugins” under its plugins directory. [2]

Code Review plugin (official)

• Install: claude plugins add code-review@claude-plugins-official [1]
• Enable (config):

  {
    "enabledPlugins": {
      "code-review@claude-plugins-official": true
    }
  }

  [1]
• Commands: /code-review, /review, /review-file [1]

Related: PR review plugin bundle

A separate, related plugin listed in the anthropics/claude-code plugin marketplace is pr-review-toolkit, described as a set of PR review agents focused on code quality, tests, error handling, simplification, etc. [3]

Sources: [1] [2] [3]

---

🌐 Web query:

claude-code-action workflow example code-review

💡 Result:

Here’s a minimal Claude Code Action GitHub workflow that runs an automatic PR code review on every PR update using the built-in /review slash command: [1]

name: Code Review (Claude)

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: "/review"
          claude_args: "--max-turns 5"

Notes:

• Add ANTHROPIC_API_KEY as a repo secret. [1]
• The action is anthropics/claude-code-action@v1. [2]

Sources: [1] [2]

---

Fix the plugin specification—@claude-code-plugins does not match the correct marketplace.

The plugins configuration references code-review@claude-code-plugins, but the official code-review plugin is code-review@claude-plugins-official. Alternatively, the simpler approach is to omit the explicit plugin configuration and use prompt: "/review" directly, which leverages the built-in review command without requiring marketplace setup.

Update the configuration to either:

1. Use the correct marketplace: plugins: 'code-review@claude-plugins-official', or
2. Simplify by removing plugin_marketplaces and plugins entirely and setting prompt: '/review' instead.

🤖 Prompt for AI Agents

In @.github/workflows/claude-code-review.yml around lines 34 - 44, The workflow
step with id "claude-review" currently sets plugin_marketplaces and plugins and
uses prompt '/code-review:code-review ...' but references the wrong plugin
marketplace name; update the step to either set plugins to the correct
marketplace name "code-review@claude-plugins-official" (keeping
plugin_marketplaces and the existing prompt) or remove the plugin_marketplaces
and plugins keys entirely and change the prompt value to "/review" so the action
uses the built-in review command; ensure you modify the keys
"plugin_marketplaces", "plugins", and "prompt" in the claude-review step
accordingly while leaving the uses: anthropics/claude-code-action@v1 and id:
claude-review unchanged.