Skip to content

ci: add claude reusable workflow#53

Open
sydorovdmytro wants to merge 1 commit intomainfrom
claude
Open

ci: add claude reusable workflow#53
sydorovdmytro wants to merge 1 commit intomainfrom
claude

Conversation

@sydorovdmytro
Copy link
Copy Markdown
Collaborator

@sydorovdmytro sydorovdmytro commented Mar 30, 2026
edited
Loading

Summary

  • Extracts the Claude Code agent workflow as a reusable workflow_call workflow
  • Source: identical workflow in loft-enterprise and vcluster-pro (triggered by @claude mentions in PRs and reviews)
  • Scoped to PR events only: issue_comment, pull_request_review_comment, pull_request_review
  • SHA-pinned actions/checkout@v6.0.2 and anthropics/claude-code-action@v1
  • Added persist-credentials: false on checkout
  • Parameterized ANTHROPIC_API_KEY as a workflow_call secret (anthropic-api-key)
  • Write permissions for contents and pull-requests so Claude can respond and push
  • No fork guard needed — claude-code-action validates actor has write access before running

Caller example

name: Claude Code

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  pull_request_review:
    types: [submitted]

jobs:
  claude:
    uses: loft-sh/github-actions/.github/workflows/claude.yaml@claude/v1
    secrets:
      anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Test plan

  • actionlint passes
  • zizmor passes (secret suppression matches existing pattern in backport.yaml)
  • CI green
  • Tag claude/v1 after merge
  • Migration PRs in loft-enterprise and vcluster-pro

Part of the Phase 3 GitHub Actions centralization effort.

@sydorovdmytro
ci: add claude reusable workflow
49bb11b 
Extracts the Claude Code agent workflow (triggered by @claude mentions
in PRs and reviews) as a reusable workflow_call workflow.

Source: identical workflow in loft-enterprise and vcluster-pro.

Changes from source:
- SHA-pinned actions/checkout and anthropics/claude-code-action
- Added persist-credentials: false on checkout
- Parameterized ANTHROPIC_API_KEY as a workflow_call secret
- Scoped to PR events only (issue_comment, review_comment, review)
- Dropped issues trigger — not needed for current use cases
- Write permissions for contents and pull-requests so Claude can respond
- Removed id-token: write (not needed with direct API key)
- Removed redundant additional_permissions input
- No fork guard needed — claude-code-action checks actor write access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sydorovdmytro