From d15529ad9e9e705d4c8a41ea89f778ee38f0fe1f Mon Sep 17 00:00:00 2001 From: Allison Durham Date: Tue, 20 May 2025 13:18:18 -0700 Subject: [PATCH 1/5] ci fixes for claude code --- .github/workflows/claude-comment-response.yml | 28 ++++++------------- .github/workflows/claude-pr-creation.yml | 22 ++++++++++++++- 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/.github/workflows/claude-comment-response.yml b/.github/workflows/claude-comment-response.yml index 1a74fd0..852a658 100644 --- a/.github/workflows/claude-comment-response.yml +++ b/.github/workflows/claude-comment-response.yml @@ -25,33 +25,23 @@ jobs: # If running on a PR comment, we need to explicitly check out the PR branch - name: Checkout PR branch if needed if: github.event.issue.pull_request - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | # Get the PR number from the issue object PR_NUMBER="${{ github.event.issue.number }}" + echo "Fetching PR #${PR_NUMBER} details..." - echo "Checking out PR #${PR_NUMBER}" - - # Get PR info - PR_INFO=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ - "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER") - - # Extract the PR branch ref and other details - PR_BRANCH=$(echo "$PR_INFO" | jq -r .head.ref) - PR_SHA=$(echo "$PR_INFO" | jq -r .head.sha) - PR_REPO=$(echo "$PR_INFO" | jq -r .head.repo.full_name) + # Use the GitHub CLI to get PR details + gh pr view $PR_NUMBER --json headRefName,headRepository --jq '.headRefName, .headRepository.nameWithOwner' - echo "PR branch is $PR_BRANCH from repo $PR_REPO with commit SHA $PR_SHA" + # Checkout the PR using the GitHub CLI - this handles forks automatically + echo "Checking out PR #${PR_NUMBER}..." + gh pr checkout $PR_NUMBER - # Fetch the PR as a local branch (works for forks too) - git fetch origin "pull/$PR_NUMBER/head:pr-$PR_NUMBER" - git checkout "pr-$PR_NUMBER" - - # Verify checkout echo "Current branch details:" git status - git rev-parse HEAD + git branch + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Claude Response uses: anthropics/claude-code-action@beta diff --git a/.github/workflows/claude-pr-creation.yml b/.github/workflows/claude-pr-creation.yml index cdb798c..dcd8b29 100644 --- a/.github/workflows/claude-pr-creation.yml +++ b/.github/workflows/claude-pr-creation.yml @@ -27,6 +27,27 @@ jobs: with: fetch-depth: 0 # Fetch full history for accurate diffs + # If running on a PR comment, we need to explicitly check out the PR branch + - name: Checkout PR branch if needed + if: github.event.issue.pull_request + run: | + # Get the PR number from the issue object + PR_NUMBER="${{ github.event.issue.number }}" + echo "Fetching PR #${PR_NUMBER} details..." + + # Use the GitHub CLI to get PR details + gh pr view $PR_NUMBER --json headRefName,headRepository --jq '.headRefName, .headRepository.nameWithOwner' + + # Checkout the PR using the GitHub CLI - this handles forks automatically + echo "Checking out PR #${PR_NUMBER}..." + gh pr checkout $PR_NUMBER + + echo "Current branch details:" + git status + git branch + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Claude PR Creation uses: anthropics/claude-code-action@beta with: @@ -66,7 +87,6 @@ jobs: GrepTool # Search file contents BatchTool # Run multiple tools in parallel - # Timeout after 30 minutes for potentially complex implementations timeout_minutes: 30 From 830fc9d2f3da83c1a109dda0c661b25fd47ddd72 Mon Sep 17 00:00:00 2001 From: Allison Durham Date: Tue, 20 May 2025 13:20:36 -0700 Subject: [PATCH 2/5] trying again here --- .github/workflows/claude-code-review.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index d67c5a8..e93f8c3 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -1,7 +1,7 @@ name: Claude Code Review on: - pull_request_target: # Use pull_request_target instead of pull_request + pull_request: types: [opened, synchronize] # Runs on new PRs and updates jobs: @@ -21,8 +21,23 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 # Fetch full history for accurate diffs - # Important: For pull_request_target, ref needs to be explicitly set to PR head - ref: ${{ github.event.pull_request.head.sha }} + + # Handle PR branch checkout for forks + - name: Checkout PR branch + run: | + # Get the PR number + PR_NUMBER="${{ github.event.pull_request.number }}" + echo "Checking out PR #${PR_NUMBER}..." + + # Use the GitHub CLI to checkout the PR + gh pr checkout $PR_NUMBER + + # Verify the checkout + echo "Current branch details:" + git branch + git status + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run Code Review with Claude id: code-review From 3d5ac76940c47f60ffd0b64d7151cffcdb703835 Mon Sep 17 00:00:00 2001 From: Allison Durham Date: Tue, 20 May 2025 13:21:10 -0700 Subject: [PATCH 3/5] Update .github/workflows/claude-pr-creation.yml Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> --- .github/workflows/claude-pr-creation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-pr-creation.yml b/.github/workflows/claude-pr-creation.yml index dcd8b29..2e171ac 100644 --- a/.github/workflows/claude-pr-creation.yml +++ b/.github/workflows/claude-pr-creation.yml @@ -36,7 +36,7 @@ jobs: echo "Fetching PR #${PR_NUMBER} details..." # Use the GitHub CLI to get PR details - gh pr view $PR_NUMBER --json headRefName,headRepository --jq '.headRefName, .headRepository.nameWithOwner' + gh pr view "$PR_NUMBER" --json headRefName,headRepository --jq '.headRefName, .headRepository.nameWithOwner' # Checkout the PR using the GitHub CLI - this handles forks automatically echo "Checking out PR #${PR_NUMBER}..." From 3292ac7a45bd7f2500b28f18fbeb16337325f2fe Mon Sep 17 00:00:00 2001 From: Allison Durham Date: Tue, 20 May 2025 15:39:32 -0700 Subject: [PATCH 4/5] KISS --- .github/workflows/claude-code-review.yml | 57 +++------------- .github/workflows/claude-comment-response.yml | 67 +++---------------- .github/workflows/claude-pr-creation.yml | 53 +++------------ 3 files changed, 26 insertions(+), 151 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index e93f8c3..035bcb8 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -11,62 +11,21 @@ jobs: contents: read pull-requests: write issues: write - discussions: write - id-token: write - statuses: write - actions: write steps: - # Check out the code to allow git diff operations + # Simply checking out the repository is sufficient - the action handles the PR code - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 0 # Fetch full history for accurate diffs - - # Handle PR branch checkout for forks - - name: Checkout PR branch - run: | - # Get the PR number - PR_NUMBER="${{ github.event.pull_request.number }}" - echo "Checking out PR #${PR_NUMBER}..." - - # Use the GitHub CLI to checkout the PR - gh pr checkout $PR_NUMBER - - # Verify the checkout - echo "Current branch details:" - git branch - git status - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 # Get full history for accurate diffs - name: Run Code Review with Claude - id: code-review uses: anthropics/claude-code-action@beta with: - # Define the review focus areas - direct_prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Pay special attention to Kubernetes operator patterns and Go best practices according to the CLAUDE.md file." - - # Your GitHub token for API operations - github_token: ${{ secrets.GITHUB_TOKEN }} + # Your Anthropic API key + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - # Limited tools for safer review operations - allowed_tools: |- - # Git inspection commands (read-only) - Bash(git status) - Bash(git log) - Bash(git diff --name-only HEAD~1) - Bash(git diff HEAD~1) - Bash(git show) - Bash(git blame) - - # File exploration tools - View # Read file contents - GlobTool # Find files by pattern - GrepTool # Search file contents - BatchTool # Run multiple tools in parallel - - # Timeout after 15 minutes - timeout_minutes: 15 + # Direct prompt for Claude to execute + direct_prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Pay special attention to Kubernetes operator patterns and Go best practices according to the CLAUDE.md file." - # Your Anthropic API key (stored as a GitHub secret) - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} \ No newline at end of file + # Timeout for execution + timeout_minutes: 15 \ No newline at end of file diff --git a/.github/workflows/claude-comment-response.yml b/.github/workflows/claude-comment-response.yml index 852a658..a77ef17 100644 --- a/.github/workflows/claude-comment-response.yml +++ b/.github/workflows/claude-comment-response.yml @@ -12,71 +12,22 @@ jobs: contents: write pull-requests: write issues: write - discussions: write - id-token: write - statuses: write - actions: write steps: + # Simply checking out the repository is sufficient - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 0 # Fetch full history for accurate diffs - - # If running on a PR comment, we need to explicitly check out the PR branch - - name: Checkout PR branch if needed - if: github.event.issue.pull_request - run: | - # Get the PR number from the issue object - PR_NUMBER="${{ github.event.issue.number }}" - echo "Fetching PR #${PR_NUMBER} details..." - - # Use the GitHub CLI to get PR details - gh pr view $PR_NUMBER --json headRefName,headRepository --jq '.headRefName, .headRepository.nameWithOwner' - - # Checkout the PR using the GitHub CLI - this handles forks automatically - echo "Checking out PR #${PR_NUMBER}..." - gh pr checkout $PR_NUMBER - - echo "Current branch details:" - git status - git branch - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 # Get full history for accurate diffs - name: Claude Response uses: anthropics/claude-code-action@beta with: - # Your GitHub token for API operations - github_token: ${{ secrets.GITHUB_TOKEN }} + # Your Anthropic API key + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - # Pass the comment text as the prompt - direct_prompt: "${{ github.event.comment.body }}" - - # Define which tools Claude can use - allowed_tools: |- - # Git inspection commands (read-only) - Bash(git status) - Bash(git log) - Bash(git show) - Bash(git blame) - Bash(git ls-files) - Bash(git branch) - Bash(git tag) - Bash(git diff) - - # File modifications - Bash(git add) - Bash(git commit) - - # File exploration tools - View # Read file contents - Edit # Edit files - GlobTool # Find files by pattern - GrepTool # Search file contents - BatchTool # Run multiple tools in parallel - - # Timeout after 20 minutes - timeout_minutes: 20 + # Explicitly set the trigger phrase and provide github token + trigger_phrase: "@claude" + github_token: ${{ secrets.GITHUB_TOKEN }} - # Your Anthropic API key (stored as a GitHub secret) - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} \ No newline at end of file + # Timeout for execution + timeout_minutes: 20 \ No newline at end of file diff --git a/.github/workflows/claude-pr-creation.yml b/.github/workflows/claude-pr-creation.yml index 2e171ac..254fa3d 100644 --- a/.github/workflows/claude-pr-creation.yml +++ b/.github/workflows/claude-pr-creation.yml @@ -6,7 +6,7 @@ on: jobs: create-pr: - # Only run if the comment mentions @claude create pr or similar + # Only run if the comment mentions specific PR creation prompts if: > contains(github.event.comment.body, '@claude create pr') || contains(github.event.comment.body, '@claude create a pr') || @@ -17,11 +17,8 @@ jobs: contents: write pull-requests: write issues: write - discussions: write - id-token: write - statuses: write - actions: write steps: + # Simply checking out the repository is sufficient - name: Checkout code uses: actions/checkout@v4 with: @@ -51,44 +48,12 @@ jobs: - name: Claude PR Creation uses: anthropics/claude-code-action@beta with: - # Your GitHub token for API operations - github_token: ${{ secrets.GITHUB_TOKEN }} - - # Pass the comment text as the prompt - direct_prompt: "${{ github.event.comment.body }}" - - # Define which tools Claude can use - allowed_tools: |- - # Git inspection commands - Bash(git status) - Bash(git log) - Bash(git show) - Bash(git blame) - Bash(git reflog) - Bash(git stash list) - Bash(git ls-files) - Bash(git branch) - Bash(git tag) - Bash(git diff) - - # Git modification commands - Bash(git checkout -b) - Bash(git add) - Bash(git commit) - Bash(git push) - - # GitHub CLI commands for PR creation - Bash(gh pr create) - - # File exploration and modification tools - View # Read file contents - Edit # Edit files - GlobTool # Find files by pattern - GrepTool # Search file contents - BatchTool # Run multiple tools in parallel + # Your Anthropic API key + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - # Timeout after 30 minutes for potentially complex implementations - timeout_minutes: 30 + # Explicitly set the trigger phrase and provide github token + trigger_phrase: "@claude" + github_token: ${{ secrets.GITHUB_TOKEN }} - # Your Anthropic API key (stored as a GitHub secret) - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} \ No newline at end of file + # Timeout for execution (longer for PR creation) + timeout_minutes: 30 \ No newline at end of file From 3bc75c48ac6a4c435c8fb7e4507a7bfd695f9b02 Mon Sep 17 00:00:00 2001 From: Allison Durham Date: Tue, 20 May 2025 15:41:50 -0700 Subject: [PATCH 5/5] trying out token permissions --- .github/workflows/claude-code-review.yml | 1 + .github/workflows/claude-comment-response.yml | 1 + .github/workflows/claude-pr-creation.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 035bcb8..0ef6871 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -11,6 +11,7 @@ jobs: contents: read pull-requests: write issues: write + id-token: write steps: # Simply checking out the repository is sufficient - the action handles the PR code - name: Checkout code diff --git a/.github/workflows/claude-comment-response.yml b/.github/workflows/claude-comment-response.yml index a77ef17..3a29bf2 100644 --- a/.github/workflows/claude-comment-response.yml +++ b/.github/workflows/claude-comment-response.yml @@ -12,6 +12,7 @@ jobs: contents: write pull-requests: write issues: write + id-token: write steps: # Simply checking out the repository is sufficient - name: Checkout code diff --git a/.github/workflows/claude-pr-creation.yml b/.github/workflows/claude-pr-creation.yml index 254fa3d..a910d12 100644 --- a/.github/workflows/claude-pr-creation.yml +++ b/.github/workflows/claude-pr-creation.yml @@ -17,6 +17,7 @@ jobs: contents: write pull-requests: write issues: write + id-token: write steps: # Simply checking out the repository is sufficient - name: Checkout code