ci fixes for claude code

.github/workflows/claude-code-review.yml

@@ -1,7 +1,7 @@
 name: Claude Code Review
 
 on:
-  pull_request_target:  # Use pull_request_target instead of pull_request
+  pull_request:
     types: [opened, synchronize]  # Runs on new PRs and updates
 
 jobs:
@@ -11,47 +11,22 @@ jobs:
       contents: read
       pull-requests: write
       issues: write
-      discussions: write
       id-token: write
-      statuses: write
-      actions: write
     steps:
-      # Check out the code to allow git diff operations
+      # Simply checking out the repository is sufficient - the action handles the PR code
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # Fetch full history for accurate diffs
-          # Important: For pull_request_target, ref needs to be explicitly set to PR head
-          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0  # Get full history for accurate diffs
 
       - name: Run Code Review with Claude
-        id: code-review
         uses: anthropics/claude-code-action@beta
         with:
-          # Define the review focus areas
-          direct_prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Pay special attention to Kubernetes operator patterns and Go best practices according to the CLAUDE.md file."
-
-          # Your GitHub token for API operations
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Your Anthropic API key
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
 
-          # Limited tools for safer review operations
-          allowed_tools: |-
-            # Git inspection commands (read-only)
-            Bash(git status)
-            Bash(git log)
-            Bash(git diff --name-only HEAD~1)
-            Bash(git diff HEAD~1)
-            Bash(git show)
-            Bash(git blame)
-
-            # File exploration tools
-            View        # Read file contents
-            GlobTool    # Find files by pattern
-            GrepTool    # Search file contents
-            BatchTool   # Run multiple tools in parallel
-
-          # Timeout after 15 minutes
-          timeout_minutes: 15
+          # Direct prompt for Claude to execute
+          direct_prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Pay special attention to Kubernetes operator patterns and Go best practices according to the CLAUDE.md file."
 
-          # Your Anthropic API key (stored as a GitHub secret)
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Timeout for execution
+          timeout_minutes: 15

.github/workflows/claude-comment-response.yml

@@ -12,81 +12,23 @@ jobs:
       contents: write
       pull-requests: write
       issues: write
-      discussions: write
       id-token: write
-      statuses: write
-      actions: write
     steps:
+      # Simply checking out the repository is sufficient
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # Fetch full history for accurate diffs
-
-      # If running on a PR comment, we need to explicitly check out the PR branch
-      - name: Checkout PR branch if needed
-        if: github.event.issue.pull_request
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Get the PR number from the issue object
-          PR_NUMBER="${{ github.event.issue.number }}"
-
-          echo "Checking out PR #${PR_NUMBER}"
-
-          # Get PR info
-          PR_INFO=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
-            "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER")
-
-          # Extract the PR branch ref and other details
-          PR_BRANCH=$(echo "$PR_INFO" | jq -r .head.ref)
-          PR_SHA=$(echo "$PR_INFO" | jq -r .head.sha)
-          PR_REPO=$(echo "$PR_INFO" | jq -r .head.repo.full_name)
-
-          echo "PR branch is $PR_BRANCH from repo $PR_REPO with commit SHA $PR_SHA"
-
-          # Fetch the PR as a local branch (works for forks too)
-          git fetch origin "pull/$PR_NUMBER/head:pr-$PR_NUMBER"
-          git checkout "pr-$PR_NUMBER"
-
-          # Verify checkout
-          echo "Current branch details:"
-          git status
-          git rev-parse HEAD
+          fetch-depth: 0  # Get full history for accurate diffs
 
       - name: Claude Response
         uses: anthropics/claude-code-action@beta
         with:
-          # Your GitHub token for API operations
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-
-          # Pass the comment text as the prompt
-          direct_prompt: "${{ github.event.comment.body }}"
-
-          # Define which tools Claude can use
-          allowed_tools: |-
-            # Git inspection commands (read-only)
-            Bash(git status)
-            Bash(git log)
-            Bash(git show)
-            Bash(git blame)
-            Bash(git ls-files)
-            Bash(git branch)
-            Bash(git tag)
-            Bash(git diff)
-
-            # File modifications 
-            Bash(git add)
-            Bash(git commit)
-
-            # File exploration tools
-            View        # Read file contents
-            Edit        # Edit files
-            GlobTool    # Find files by pattern
-            GrepTool    # Search file contents
-            BatchTool   # Run multiple tools in parallel
+          # Your Anthropic API key
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
 
-          # Timeout after 20 minutes
-          timeout_minutes: 20
+          # Explicitly set the trigger phrase and provide github token
+          trigger_phrase: "@claude"
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
-          # Your Anthropic API key (stored as a GitHub secret)
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Timeout for execution
+          timeout_minutes: 20

.github/workflows/claude-pr-creation.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   create-pr:
-    # Only run if the comment mentions @claude create pr or similar
+    # Only run if the comment mentions specific PR creation prompts
     if: >
       contains(github.event.comment.body, '@claude create pr') || 
       contains(github.event.comment.body, '@claude create a pr') || 
@@ -17,58 +17,44 @@ jobs:
       contents: write
       pull-requests: write
       issues: write
-      discussions: write
       id-token: write
-      statuses: write
-      actions: write
     steps:
+      # Simply checking out the repository is sufficient
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Fetch full history for accurate diffs
 
+      # If running on a PR comment, we need to explicitly check out the PR branch
+      - name: Checkout PR branch if needed
+        if: github.event.issue.pull_request
+        run: |
+          # Get the PR number from the issue object
+          PR_NUMBER="${{ github.event.issue.number }}"
+          echo "Fetching PR #${PR_NUMBER} details..."
+
+          # Use the GitHub CLI to get PR details
+          gh pr view "$PR_NUMBER" --json headRefName,headRepository --jq '.headRefName, .headRepository.nameWithOwner'
+
+          # Checkout the PR using the GitHub CLI - this handles forks automatically
+          echo "Checking out PR #${PR_NUMBER}..."
+          gh pr checkout $PR_NUMBER
+
+          echo "Current branch details:"
+          git status
+          git branch
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Claude PR Creation
         uses: anthropics/claude-code-action@beta
         with:
-          # Your GitHub token for API operations
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Your Anthropic API key
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
 
-          # Pass the comment text as the prompt
-          direct_prompt: "${{ github.event.comment.body }}"
-
-          # Define which tools Claude can use
-          allowed_tools: |-
-            # Git inspection commands
-            Bash(git status)
-            Bash(git log)
-            Bash(git show)
-            Bash(git blame)
-            Bash(git reflog)
-            Bash(git stash list)
-            Bash(git ls-files)
-            Bash(git branch)
-            Bash(git tag)
-            Bash(git diff)
-
-            # Git modification commands
-            Bash(git checkout -b)
-            Bash(git add)
-            Bash(git commit)
-            Bash(git push)
-
-            # GitHub CLI commands for PR creation
-            Bash(gh pr create)
-
-            # File exploration and modification tools
-            View        # Read file contents
-            Edit        # Edit files
-            GlobTool    # Find files by pattern
-            GrepTool    # Search file contents
-            BatchTool   # Run multiple tools in parallel
-
-
-          # Timeout after 30 minutes for potentially complex implementations
-          timeout_minutes: 30
+          # Explicitly set the trigger phrase and provide github token
+          trigger_phrase: "@claude"
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
-          # Your Anthropic API key (stored as a GitHub secret)
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Timeout for execution (longer for PR creation)
+          timeout_minutes: 30