Add Claude Code PR review workflow#2570
Conversation
There was a problem hiding this comment.
Pull request overview
Adds an automated PR review GitHub Actions workflow that runs the anthropics/claude-code-action on key pull request events (opened/synchronized/reopened/ready-for-review), with safeguards to skip draft and forked PRs and to cancel superseded runs.
Changes:
- Introduces a new
Claude Reviewworkflow triggered on PR lifecycle events. - Adds concurrency configuration to cancel in-progress runs for the same PR.
- Configures the Claude Code action with a review prompt and a restricted set of allowed tools for posting inline feedback.
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| id-token: write |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 890a985240
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| jobs: | ||
| review: | ||
| if: github.event.pull_request.draft == false && github.event.pull_request.head.repo.fork == false |
There was a problem hiding this comment.
This job runs on every pull_request and only filters drafts/forks, so Dependabot PRs still execute this path (if on line 12) and then invoke anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}. This repository has .github/dependabot.yml, and GitHub documents that workflows triggered by Dependabot on pull_request are treated like fork runs (read-only token, normal Actions secrets unavailable), so this step will fail unless a separate Dependabot secret is configured. Add an actor guard (for example github.actor != 'dependabot[bot]') or a dedicated Dependabot secret path to avoid breaking Dependabot PR checks.
Useful? React with 👍 / 👎.
What
Add a GitHub Actions workflow that runs
anthropics/claude-code-actionon pull request open, sync, reopen, and ready-for-review events. The job skips drafts and forked PRs, uses concurrency to cancel superseded runs, and is scoped to inline-comment and read-onlyghcommands for posting review feedback on code quality, bugs, security, and performance.Why
Automate a first-pass review on every PR to catch issues earlier and reduce reviewer load. Excluding forks avoids leaking the API key, and the draft filter prevents noise on in-progress work. I've found the Claude Code agent to provide better results than Copilot.