Skip to content

ci: skip Claude Code Review on fork PRs#107

Merged
nicolotognoni merged 1 commit into
mainfrom
ci/skip-claude-review-on-fork-prs
May 25, 2026
Merged

ci: skip Claude Code Review on fork PRs#107
nicolotognoni merged 1 commit into
mainfrom
ci/skip-claude-review-on-fork-prs

Conversation

@nicolotognoni
Copy link
Copy Markdown
Collaborator

@nicolotognoni nicolotognoni commented May 25, 2026

Summary

  • Skip the Claude Code Review workflow on PRs opened from forks (1-line if: guard on the job).
  • Fork PRs cannot receive repository secrets or OIDC tokens for pull_request-triggered workflows — anthropics/claude-code-action@v1 consequently fails with Could not fetch an OIDC token and leaves a spurious red check on every external contribution.

Implementation

  • .github/workflows/claude-code-review.yml: add if: github.event.pull_request.head.repo.fork == false to the claude-review job.
  • Replaced the (commented-out) author-filter template with this concrete guard + a comment explaining the rationale and the manual fallback (@claude mention via claude.yml).

Breaking change?

No. The workflow keeps its full behaviour for PRs opened from branches in the upstream repo. Only fork PRs are affected — they previously failed with an OIDC error, now they skip the job cleanly.

Test plan

  • gh workflow view "Claude Code Review" — syntax valid (action YAML loads).
  • Once merged, re-run CI on feat(recording): Telnyx recording parity #106 (an external fork PR) — claude-review should report Skipped, not Failure.
  • An upstream-branch PR run should still execute the review (e.g. next internal change).

Docs updates

N/A (CI-only change, not user-visible — no CHANGELOG entry per documentation-best-practices.md invariant 0 exemption for pure refactors with zero behaviour change to the SDKs).

Why now

Surfaced by #106 (external contributor's Telnyx recording parity PR). The failing claude-review check is non-required so it doesn't actually block the merge, but it adds noise to every fork-PR rollup and makes "all green" status checks impossible for external contributors. Cleaner to skip than to fail.

@nicolotognoni
ci: skip Claude Code Review on fork PRs
3d5082b 
GitHub Actions does not pass repository secrets
(`CLAUDE_CODE_OAUTH_TOKEN`) or emit OIDC tokens for `pull_request`
workflows triggered by forks. The `anthropics/claude-code-action@v1`
action consequently fails with "Could not fetch an OIDC token" every
time an external contributor opens a PR, leaving a spurious red check
on the rollup.

Gate the job on `github.event.pull_request.head.repo.fork == false` so
the workflow is skipped (not failed) for fork PRs. Maintainers can
still trigger a code review manually by mentioning @claude in a comment
— that path goes through `claude.yml` (`workflow_dispatch` /
`issue_comment` triggers) which runs in the upstream repo's security
context with access to secrets.

No behaviour change for PRs opened from branches in the upstream repo.

Refs PR #106 (Telnyx recording parity by external contributor) which
surfaced the noise.
@nicolotognoni nicolotognoni merged commit fdd1bbb into main May 25, 2026
9 of 10 checks passed
@github-actions github-actions Bot deleted the ci/skip-claude-review-on-fork-prs branch May 26, 2026 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nicolotognoni