chore: enable Claude issue trigger per org CI standard#48
Conversation
Add issues:[labeled] event trigger and claude label support so Claude can work issues autonomously — reading the issue, creating a branch, implementing the fix, and opening a PR. Matches the standard defined in petry-projects/.github#24. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 1 minutes and 24 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
There was a problem hiding this comment.
Pull request overview
This PR updates the Claude automation GitHub Actions workflow to support the org-standard “label an issue to trigger Claude Code” flow, enabling autonomous branch/PR creation from labeled issues.
Changes:
- Added an
issues: [labeled]trigger and job-level condition for theclaudelabel. - Updated workflow permissions to allow
contents: write(needed for branch creation). - Pinned
anthropics/claude-code-actiontov1.0.89and configuredlabel_trigger: "claude".
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || | ||
| (github.event_name == 'issues' && github.event.action == 'labeled' && | ||
| github.event.label.name == 'claude') | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
The new issues:labeled trigger path doesn’t apply the same authorization guard as the comment-based triggers (which require author_association in OWNER/MEMBER/COLLABORATOR). With this change, anyone who can apply the claude label can trigger a workflow run that has access to CLAUDE_CODE_OAUTH_TOKEN and contents: write. If that’s not intended, add an explicit restriction for the labeler/sender (or an early-exit validation step) so only the intended roles can trigger the automation via labels.
| permissions: | ||
| contents: read | ||
| # write required for issue-triggered branch creation | ||
| contents: write | ||
| id-token: write | ||
| pull-requests: write | ||
| issues: write |
There was a problem hiding this comment.
contents permission is escalated to write for the entire job (all triggers), even though the comment suggests it’s only required for issue-triggered branch creation. If only the issues:labeled path needs contents: write, consider splitting into separate jobs (one for issues with contents: write, one for comment/PR triggers with contents: read) to keep least-privilege for the more frequently triggered paths.
Summary
issues: [labeled]event trigger toclaude.ymlworkflowlabel_trigger: "claude"input to claude-code-actioncontents: read→contents: write(required for issue-triggered branch creation)claude-code-action@v1.0.89Implements the standard defined in petry-projects/.github#24.
What this enables
When the
claudelabel is applied to an issue, Claude Code will autonomously:Test plan
claudelabel exists on repoclaudelabel to an issue triggers the workflow🤖 Generated with Claude Code