Skip to content
🤖 Claude Code Review

bring install-demo-site.sln into parity with install-demo-site.ps1 #228

Sign in to view logs

bring install-demo-site.sln into parity with install-demo-site.ps1

bring install-demo-site.sln into parity with install-demo-site.ps1 #228

Workflow file for this run

.github/workflows/claude-code-review.yml at 1e936bf
name: 🤖 Claude Code Review
on:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
# Optional: Only run on specific file changes to save credits
# paths:
# - "src/**/*.cs"
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "!**/*.md"
# - "!**/package-lock.json"
jobs:
claude-review:
# Skip draft PRs and WIP PRs to save credits
if: |
github.event.pull_request.draft == false &&
!contains(github.event.pull_request.title, '[WIP]') &&
!contains(github.event.pull_request.title, 'WIP:')
runs-on: ubuntu-latest
# Timeout to prevent runaway costs
timeout-minutes: 15
permissions:
contents: read
pull-requests: write
issues: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
# Log review metrics for monitoring.
# IMPORTANT: PR fields are passed via `env:` rather than interpolated
# directly into `run:`. Attacker-controlled values (e.g. PR title) that
# are substituted into a shell script at YAML-expansion time enable
# arbitrary command execution on the runner. Bash-level expansion of
# `$VAR` is safe. See:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
- name: Log review metrics
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
PR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
echo "📊 Review Metrics:"
echo " PR: #$PR_NUMBER"
echo " Author: $PR_AUTHOR"
echo " Association: $PR_ASSOCIATION"
echo " Title: $PR_TITLE"
# Check PR size to prevent abuse from large PRs
- name: Check PR size
id: pr-size
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
FILES_CHANGED=$(gh pr view "$PR_NUMBER" --json files --jq '.files | length')
echo "files_changed=$FILES_CHANGED"
echo "files_changed=$FILES_CHANGED" >> $GITHUB_OUTPUT
if [ "$FILES_CHANGED" -gt 100 ]; then
echo "⚠️ PR has $FILES_CHANGED files. Skipping automated review for large PRs."
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "✅ PR has $FILES_CHANGED files. Proceeding with review."
echo "skip=false" >> $GITHUB_OUTPUT
fi
- name: Run Claude Code Review
if: steps.pr-size.outputs.skip == 'false'
id: claude-review
uses: anthropics/claude-code-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
# Allow Claude bot to trigger code reviews (e.g., when Claude workflow pushes to a PR)
allowed_bots: "claude"
plugin_marketplaces: "https://github.com/anthropics/claude-code.git"
plugins: "code-review@claude-code-plugins"
prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}"
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# Notify on large PR skip
- name: Comment on large PR
if: steps.pr-size.outputs.skip == 'true'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '🤖 **Automated review skipped** - This PR modifies more than 100 files. A maintainer will review it manually.\n\nIf you believe this PR should receive an automated review, please contact a maintainer.'
})