Skip to content

added claude code review CI workflow#33037

Open
igorkorsukov wants to merge 1 commit intomusescore:masterfrom
igorkorsukov:w/repo/claude_review
Open

added claude code review CI workflow#33037
igorkorsukov wants to merge 1 commit intomusescore:masterfrom
igorkorsukov:w/repo/claude_review

Conversation

@igorkorsukov
Copy link
Copy Markdown
Contributor

@igorkorsukov igorkorsukov commented Apr 17, 2026

No description provided.

claude[bot]
claude bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 17, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Two new GitHub Actions workflows were added: .github/workflows/check_review.yml and .github/workflows/claude.yml. check_review.yml runs on pull_request_target for opened and synchronize with a review job on ubuntu-latest that runs anthropics/claude-code-action@v1 using secrets.ANTHROPIC_API_KEY, a fixed prompt, and claude_args: --max-turns 5. claude.yml triggers on issue/PR comments, review submissions, issue opens/assignments, conditionally runs when text contains the trigger \@claude, checks out the repo, and invokes the same action with elevated permissions.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning No pull request description was provided, but the template requires multiple sections including motivation, CLA signature, and verification checkboxes. Add a pull request description following the template: include issue reference, motivation for changes, and complete the required checklist items.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: adding GitHub Actions workflows for Claude-based code review CI.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/check_review.yml:
- Line 9: Replace the mutable ref on the third‑party GitHub Action by pinning
anthropics/claude-code-action@v1 to a specific commit SHA: update the usage of
anthropics/claude-code-action@v1 in the workflow to
anthropics/claude-code-action@<full-commit-sha> and add a trailing comment like
"# v1.x.y" to document the intended tag; this hardens CI by ensuring the action
that consumes ANTHROPIC_API_KEY and writes to PRs cannot change unexpectedly.
- Around line 5-13: The review job is missing a concurrency group, so rapid
pushes spawn duplicate Claude runs; add a top-level concurrency block for the
review job (referencing the job name "review") with a stable group like "${{
github.workflow }}-${{ github.ref }}" or "${{ github.workflow }}-pr-${{
github.event.pull_request.number }}" and set cancel-in-progress: true to ensure
superseded runs are cancelled on synchronize; insert this concurrency stanza
directly under the "review:" job definition to prevent parallel duplicate
executions.
- Around line 6-11: Add an explicit least-privilege permissions block to the
"review" job and add a preceding actions/checkout step if needed: declare
permissions matching the upstream example (e.g., contents: write, pull-requests:
write, issues: write, id-token: write, actions: read) scoped under the review
job, insert actions/checkout@v3 before the anthropics/claude-code-action@v1 step
if the action requires repository files, and verify against the pinned
anthropics/claude-code-action@v1 docs whether checkout is required and whether
this repository’s default GITHUB_TOKEN permissions permit writing PR review
comments.
- Around line 2-4: The workflow currently triggers only on pull_request which
prevents secrets like ANTROPIC_API_KEY from being available to fork PRs and also
omits actions/checkout required by anthropics/claude-code-action@v1; update the
workflow to either (A) keep pull_request but add an early short-circuit
conditional (if: github.event.pull_request.head.repo.full_name ==
github.repository) and add actions/checkout@v4 when running in-repo, or (B)
switch the trigger to pull_request_target (which runs with base-branch secrets)
and use actions/checkout@v4 to check out the base branch only (do NOT check out
the PR head), and in both cases add an explicit permissions block (e.g.,
contents, issues, pull-requests read/write) and a concurrency group to prevent
overlapping Claude runs; reference the on: pull_request trigger, the missing
actions/checkout@v4 step, and anthropics/claude-code-action@v1 when making these
changes.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f5c23cb4-efc3-4143-b155-6d545623672f

📥 Commits

Reviewing files that changed from the base of the PR and between a0d3d2a and 9fd38f0.

📒 Files selected for processing (1)
  • .github/workflows/check_review.yml

Comment thread .github/workflows/check_review.yml
Comment on lines +2 to +4
on:
pull_request:
types: [opened, synchronize]
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

git ls-files | grep -E "(check_review|\.github)" | head -20

Repository: musescore/MuseScore

Length of output: 761

🏁 Script executed:

cat -n .github/workflows/check_review.yml 2>/dev/null || echo "File not found in standard location"

Repository: musescore/MuseScore

Length of output: 601

🏁 Script executed:

# Check if there are other workflows using similar patterns
grep -r "pull_request:" .github/workflows/ -A 2 | head -40

Repository: musescore/MuseScore

Length of output: 1707

🏁 Script executed:

# Search for any documentation or usage of anthropics/claude-code-action in the repo
rg "anthropics/claude-code-action" -A 3 -B 3

Repository: musescore/MuseScore

Length of output: 45

🏁 Script executed:

# Check if there are any other workflows that handle fork PRs specially
grep -r "pull_request_target" .github/workflows/ || echo "No pull_request_target found"

Repository: musescore/MuseScore

Length of output: 118

🌐 Web query:

GitHub Actions fork pull_request secrets not available documentation

💡 Result:

In GitHub Actions, repository secrets (and organization/environment secrets) are not available to workflows triggered by pull_request events from forked repositories. This is a security feature to prevent malicious actors from accessing secrets via PRs from forks. Official documentation explicitly states: "With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository." (Using secrets in GitHub Actions). Also, "Actions secrets are not passed to workflows that are triggered by a pull request from a fork." (Understanding GitHub secret types). To use secrets in workflows for PRs from forks: - Use the pull_request_target event instead of pull_request. This runs the workflow in the context of the base branch (trusted), providing access to secrets and a read/write GITHUB_TOKEN. - Critical security warning: Do not checkout or execute untrusted code from the PR (e.g., avoid actions/checkout with ref: ${{ github.event.pull_request.head.sha }} unchecked). Use only for safe actions like labeling, commenting, or metadata checks. Always review PR changes, especially to .github/workflows/. For private repositories, repo settings allow limited options like "Send secrets to workflows from pull requests" under Fork pull request workflows (requires org/repo admin), but this is not recommended for public repos and still has risks. GITHUB_TOKEN is always available but read-only for pull_request from forks. Primary docs: - https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions (Result 6) - https://docs.github.com/en/code-security/getting-started/understanding-github-secret-types (Result 19) - https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository (Result 10)

Citations:

🌐 Web query:

anthropics claude-code-action requirements checkout permissions

💡 Result:

Anthropic's claude-code-action is a GitHub Action for integrating Claude Code into GitHub workflows, enabling AI-powered code reviews, edits, and automation on PRs and issues via @claude mentions. Requirements: - Repository admin access. - Anthropic API key (ANTHROPIC_API_KEY) or Claude Code OAuth token (CLAUDE_CODE_OAUTH_TOKEN) as repo secret. - actions/checkout@v4 step in workflow to check out repository code (standard for GitHub Actions; Claude uses native Read/Glob/Grep tools on checked-out files). Permissions (GitHub App): Official Claude app (https://github.com/apps/claude): Install to repo; requests: - Repository permissions: Contents (Read & Write), Issues (Read & Write), Pull requests (Read & Write). - Account permissions: None. Custom GitHub App (minimum): - Repository: Contents (Read & Write), Issues (Read & Write), Pull requests (Read & Write). Workflow example: jobs: claude: runs-on: ubuntu-latest permissions: contents: write issues: write pull-requests: write steps: - uses: actions/checkout@v4 - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} Claude Code permissions (tool use): Configurable via claude_args (e.g., --allowed-tools), /permissions command, or settings.json. Read-only tools (Read, Grep) need no approval; Bash etc. do. Note: Tool restrictions may not fully block native file reads in CI. Security: Use secrets, minimal permissions, sandbox (e.g., Docker). Known issue: Restricted tools may still allow file reads on checked-out repo.

Citations:

🏁 Script executed:

# Check the GitHub documentation examples or any CI configuration in the repo
find . -name "*.md" -path "./.github/*" -o -name "README*" | xargs grep -l "ANTHROPIC" 2>/dev/null || echo "No ANTHROPIC refs in .github docs"

Repository: musescore/MuseScore

Length of output: 96

🏁 Script executed:

# Look for any GitHub Actions security or fork handling guidance in issues or discussions
git log --oneline --all | grep -iE "(fork|security|action|secret)" | head -10 || echo "No relevant commit messages"

Repository: musescore/MuseScore

Length of output: 645

Fork PRs will fail: ANTHROPIC_API_KEY is not exposed to workflows triggered by pull_request from forks, and actions/checkout is missing.

GitHub does not pass repository secrets to pull_request runs originating from forked repositories—external contributors' PRs will execute with an empty ANTHROPIC_API_KEY and fail silently. Additionally, anthropics/claude-code-action@v1 requires an actions/checkout@v4 step (the action uses native Read/Glob/Grep tools on checked-out files), which is currently missing.

Two options:

  • Accept the limitation for forks and short-circuit early (e.g., if: github.event.pull_request.head.repo.full_name == github.repository) to avoid red X's on every external PR. If pursuing this path, still add actions/checkout@v4 for non-fork runs.
  • Use pull_request_target instead, which runs in the context of the base branch with write-scoped secrets and secret access. Do not combine this with actions/checkout of the PR head, and keep the prompt/config entirely in-repo to avoid privilege-escalation via malicious PR content. Add this step for checkout: - uses: actions/checkout@v4 (checks out the base branch by default under pull_request_target).

Additionally:

  • Add explicit permissions block (contents, issues, pull-requests all read/write) per the official example.
  • Add a concurrency group to prevent multiple expensive Claude API runs from racing when rapid pushes occur on synchronize events.
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml around lines 2 - 4, The workflow
currently triggers only on pull_request which prevents secrets like
ANTROPIC_API_KEY from being available to fork PRs and also omits
actions/checkout required by anthropics/claude-code-action@v1; update the
workflow to either (A) keep pull_request but add an early short-circuit
conditional (if: github.event.pull_request.head.repo.full_name ==
github.repository) and add actions/checkout@v4 when running in-repo, or (B)
switch the trigger to pull_request_target (which runs with base-branch secrets)
and use actions/checkout@v4 to check out the base branch only (do NOT check out
the PR head), and in both cases add an explicit permissions block (e.g.,
contents, issues, pull-requests read/write) and a concurrency group to prevent
overlapping Claude runs; reference the on: pull_request trigger, the missing
actions/checkout@v4 step, and anthropics/claude-code-action@v1 when making these
changes.

Copy link
Copy Markdown
Member

@Ximich Ximich Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CodeRabbit please check again

Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get the current content of the workflow file
cat -n .github/workflows/check_review.yml

Length of output: 538

@igorkorsukov, the file has not changed since my initial review — all four issues are still present. Here's a summary and a suggested corrected workflow:

Issues still present

# Issue Impact
1 pull_request trigger — secrets not available to fork PRs ANTHROPIC_API_KEY will be empty for external contributors; workflow fails silently
2 Missing actions/checkout@v4 Community examples and the official documentation consistently place a Checkout repository step (using actions/checkout@v4 with fetch-depth: 0) before anthropics/claude-code-action@v1 — Claude needs the repo files to analyse the diff
3 Missing permissions block The official example sets contents: write, pull-requests: write, issues: write, and id-token: write at the job level; without these the action cannot post review comments
4 Missing concurrency group On synchronize events, rapid pushes will queue up multiple expensive Claude API runs

Suggested fix

name: 'Check: Code Review'
on:
  pull_request:
    types: [opened, synchronize]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  review:
    # Skip fork PRs — ANTHROPIC_API_KEY is not available in that context
    if: github.event.pull_request.head.repo.full_name == github.repository
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      issues: write
      id-token: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Run Claude Code Review
        uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: "Review this pull request for code quality, correctness, and security. Analyze the diff, then post your findings as review comments."
          claude_args: "--max-turns 5"

Key changes:

  • if: condition — skips the job for fork PRs to avoid red check failures from missing secrets.
  • actions/checkout@v4 — required by the action to read repository files.
  • permissions — grants the action the rights to post PR review comments.
  • concurrency — cancels in-progress runs when a new push arrives on the same PR.
🧠 Learnings used 
Learnt from: mathesoncalum
Repo: musescore/MuseScore PR: 32954
File: .github/workflows/triage_prs.yml:14-14
Timestamp: 2026-04-08T15:43:32.666Z
Learning: In the musescore/MuseScore repository, do not flag GitHub Actions workflow steps that use the mutable ref `actions/add-to-projectmain` as a supply-chain security issue. This is an intentional, consistent pattern in this repo’s `.github/workflows/` (notably `triage_issues.yml` and `triage_prs.yml`), so reviews should not require pinning to a full commit SHA for this specific action reference.

Comment thread .github/workflows/check_review.yml
Comment on lines +5 to +13
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: "Review this pull request for code quality, correctness, and security. Analyze the diff, then post your findings as review comments."
claude_args: "--max-turns 5" No newline at end of file
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Add a concurrency group to cancel superseded runs on synchronize.

Every push to a PR branch re-triggers this job, and Claude reviews are slow and billable. Without a concurrency group, rapid pushes will fan out into several parallel review runs that produce duplicate/overlapping comments and waste API credits.

♻️ Suggested change 
 on:
   pull_request:
     types: [opened, synchronize]
+
+concurrency:
+  group: claude-review-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
 jobs:
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml around lines 5 - 13, The review job is
missing a concurrency group, so rapid pushes spawn duplicate Claude runs; add a
top-level concurrency block for the review job (referencing the job name
"review") with a stable group like "${{ github.workflow }}-${{ github.ref }}" or
"${{ github.workflow }}-pr-${{ github.event.pull_request.number }}" and set
cancel-in-progress: true to ensure superseded runs are cancelled on synchronize;
insert this concurrency stanza directly under the "review:" job definition to
prevent parallel duplicate executions.

Comment thread .github/workflows/check_review.yml
Comment on lines +6 to +11
review:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Declare an explicit least-privilege permissions: block and verify whether actions/checkout is required.

Two concerns based on the upstream anthropics/claude-code-action@v1 docs:

  1. The official example workflow sets an explicit permissions block (contents, pull-requests, issues, id-token, and actions: read to read CI results). Although the action states "standard permissions (contents: write, pull_requests: write, issues: write) are always included", relying on the default GITHUB_TOKEN permissions of this repo is fragile — if the org default is read-only, Claude won't be able to post review comments. Declaring them explicitly is both more secure (least privilege, scoped to this job) and more robust.
  2. The upstream example also includes actions/checkout@v... before the Claude step. Review-only usage with a prompt may work without a checkout, but this isn't documented as guaranteed.
♻️ Suggested baseline 
 jobs:
   review:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
     steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
       - uses: anthropics/claude-code-action@v1
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           prompt: "Review this pull request for code quality, correctness, and security. Analyze the diff, then post your findings as review comments."
           claude_args: "--max-turns 5"

Please confirm against the pinned v1 version whether a prior actions/checkout step is required for diff-review mode, and whether the default GITHUB_TOKEN permissions in this repository allow writing PR review comments.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml around lines 6 - 11, Add an explicit
least-privilege permissions block to the "review" job and add a preceding
actions/checkout step if needed: declare permissions matching the upstream
example (e.g., contents: write, pull-requests: write, issues: write, id-token:
write, actions: read) scoped under the review job, insert actions/checkout@v3
before the anthropics/claude-code-action@v1 step if the action requires
repository files, and verify against the pinned anthropics/claude-code-action@v1
docs whether checkout is required and whether this repository’s default
GITHUB_TOKEN permissions permit writing PR review comments.

Comment thread .github/workflows/check_review.yml
review:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@v1
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider pinning anthropics/claude-code-action to a commit SHA.

This action ships with an API key and is granted write access to PRs/issues. A mutable @v1 tag means any future tag move (or tag compromise) lands in CI automatically. Pinning to a full commit SHA (with a # v1.x.y comment) is the standard hardening recommendation for third-party actions handling secrets.

Note: this repo's convention for actions/add-to-projectmain intentionally uses a mutable ref, but that's a first-party GitHub action with no secrets; the calculus differs for a third-party action that consumes ANTHROPIC_API_KEY and writes to PRs.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml at line 9, Replace the mutable ref on the
third‑party GitHub Action by pinning anthropics/claude-code-action@v1 to a
specific commit SHA: update the usage of anthropics/claude-code-action@v1 in the
workflow to anthropics/claude-code-action@<full-commit-sha> and add a trailing
comment like "# v1.x.y" to document the intended tag; this hardens CI by
ensuring the action that consumes ANTHROPIC_API_KEY and writes to PRs cannot
change unexpectedly.

@igorkorsukov igorkorsukov force-pushed the w/repo/claude_review branch from 9fd38f0 to 7a7e9e1 Compare April 17, 2026 08:43
coderabbitai[bot]
coderabbitai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (2)
.github/workflows/check_review.yml (2)

5-7: 🧹 Nitpick | 🔵 Trivial

Add concurrency control to prevent duplicate Claude runs on rapid pushes.

Without concurrency, multiple synchronize events can run in parallel, producing duplicate comments and unnecessary API spend.

♻️ Suggested change 
 on:
   pull_request:
     types: [opened, synchronize]
+
+concurrency:
+  group: ${{ github.workflow }}-pr-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml around lines 5 - 7, The review job runs
in parallel on rapid pushes; add concurrency control to the review job to
prevent duplicate Claude runs by defining a concurrency group and enabling
cancel-in-progress. Modify the job named review to include a concurrency block
(e.g., group derived from the workflow and ref like ${ { github.workflow } }-${
{ github.ref } } and cancel-in-progress: true) so new synchronize-triggered runs
cancel previous in-progress runs.

2-4: ⚠️ Potential issue | 🟠 Major

Guard fork PRs when using ANTHROPIC_API_KEY on pull_request.

On pull_request from forks, repository secrets are unavailable, so Line 15 can fail/no-op for external contributors. Add a job-level guard (or switch event model safely) to avoid noisy red checks.

♻️ Suggested change 
 jobs:
   review:
+    if: github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
For GitHub Actions pull_request events from forks, are repository secrets exposed to the workflow run? Please cite current GitHub docs and recommended mitigation patterns.

Also applies to: 15-15

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml around lines 2 - 4, The workflow triggers
on pull_request and uses the ANTHROPIC_API_KEY secret (line 15) which is not
available for forked PRs; update .github/workflows/check_review.yml to guard
that job steps requiring ANTHROPIC_API_KEY only run for PRs from the same
repository (e.g., add a job-level if that compares
github.event.pull_request.head.repo.full_name to github.repository) or
alternatively switch to pull_request_target with the appropriate safety checks,
so the job never tries to access the secret for external fork PRs.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/check_review.yml:
- Around line 5-7: The review job runs in parallel on rapid pushes; add
concurrency control to the review job to prevent duplicate Claude runs by
defining a concurrency group and enabling cancel-in-progress. Modify the job
named review to include a concurrency block (e.g., group derived from the
workflow and ref like ${ { github.workflow } }-${ { github.ref } } and
cancel-in-progress: true) so new synchronize-triggered runs cancel previous
in-progress runs.
- Around line 2-4: The workflow triggers on pull_request and uses the
ANTHROPIC_API_KEY secret (line 15) which is not available for forked PRs; update
.github/workflows/check_review.yml to guard that job steps requiring
ANTHROPIC_API_KEY only run for PRs from the same repository (e.g., add a
job-level if that compares github.event.pull_request.head.repo.full_name to
github.repository) or alternatively switch to pull_request_target with the
appropriate safety checks, so the job never tries to access the secret for
external fork PRs.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ced57b17-7d98-4246-ae38-a1f5b772a0a1

📥 Commits

Reviewing files that changed from the base of the PR and between 7a7e9e1 and de63bc4.

📒 Files selected for processing (1)
  • .github/workflows/check_review.yml

@igorkorsukov igorkorsukov force-pushed the w/repo/claude_review branch from c769c9a to 169d535 Compare April 17, 2026 08:59
coderabbitai[bot]
coderabbitai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/check_review.yml:
- Around line 3-4: The workflow using pull_request_target grants too-broad
privileges: add an explicit permissions block with minimal scopes (permissions:
{ contents: read, pull-requests: read, id-token: write }) to the
pull_request_target job, and restrict Claude by appending an allowed-tools flag
to claude_args (e.g., include --allowed-tools "Bash(gh pr:*)" or another
read-only tool list) to prevent executing arbitrary commands via
ANTHROPIC_API_KEY; optionally gate fork PRs by adding an if condition such as
contains(github.event.pull_request.labels.*.name, 'safe-to-review') to require a
maintainer label before exposing secrets or running the job.

In @.github/workflows/claude.yml:
- Around line 39-58: Remove the large block of commented vendor-example options
(the commented keys like trigger_phrase, assignee_trigger, claude_args, and
settings) from the workflow to avoid noisy, decaying boilerplate; if any option
is intended to be used, replace its commented example with an enabled
configuration (uncomment and set the real value) otherwise delete the entire
commented section so only active configuration remains.
- Line 35: The workflow currently uses the mutable tag
anthropics/claude-code-action@v1 which grants code execution with write scopes
and a secret API key; replace the tag with a pinned commit SHA for
anthropics/claude-code-action (use the specific commit hash for the version you
trust) so the action cannot be silently upgraded—update the uses entry
(anthropics/claude-code-action@v1 → anthropics/claude-code-action@<commit-sha>)
in the claude.yml workflow and ensure any related workflows (e.g.,
check_review.yml) follow the same pinning practice.
- Around line 15-19: Update the workflow `if:` conditional to require a trusted
author_association for each event type that triggers on comment/review/issue;
specifically, for the clauses checking github.event.comment,
github.event.review, and github.event.issue, add checks that
github.event.*.author_association is one of OWNER, MEMBER, or COLLABORATOR
(e.g., ensure github.event.comment.author_association == 'OWNER' || ...); keep
the existing contains(..., '@claude') checks but combine them with the
author_association guard for pull_request_review_comment, pull_request_review,
issue_comment, and issues so only trusted actors can trigger the run.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e92d8669-d803-48db-aeec-57ba5f170b82

📥 Commits

Reviewing files that changed from the base of the PR and between de63bc4 and 169d535.

📒 Files selected for processing (2)
  • .github/workflows/check_review.yml
  • .github/workflows/claude.yml

Comment thread .github/workflows/check_review.yml
Comment on lines +3 to +4
pull_request_target:
types: [opened, synchronize]
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

anthropics/claude-code-action v1 pull_request_target security guidance checkout PR head

💡 Result:

For the anthropics/claude-code-action v1 used with the pull_request_target trigger, the key security guidance for checking out the PR head follows GitHub Actions best practices to avoid executing untrusted code in a privileged context. Do not check out the PR head (github.event.pull_request.head.sha) directly in pull_request_target workflows, as this grants attackers access to secrets like ANTHROPIC_API_KEY while running potentially malicious code from the PR branch. This is a well-documented supply chain attack vector. Official examples in anthropics/claude-code-action docs/solutions.md and security.md use 'on: pull_request' (not _target) with standard actions/checkout@v4+ (fetch-depth:1), which checks out the merge commit safely in a read-only context without secrets. The action supports pull_request_target (added in PR #579, merged Sep 2025) for cases like Dependabot needing write permissions, treating it as PR context internally. However, no official examples show PR head checkout with _target. Safe configuration for pull_request_target (e.g., automated reviews of external PRs): - Use minimal permissions: contents: read, pull-requests: write, id-token: write - Skip actions/checkout entirely if possible—the action accesses repo via GitHub API/MCP tools (Read, Bash(gh pr:), etc.), not local filesystem. Claude analyzes PR diff remotely. - If checkout needed (rare), checkout base branch only: ref: ${{ github.ref }} or default branch, with persist-credentials: false. - Restrict tools: claude_args: '--allowed-tools "Bash(gh pr comment:)"' to limit to safe GitHub CLI ops. - Add runtime protections: step-security/harden-runner@v2 with egress-policy: audit/block. - Use allowed_non_write_users cautiously (RISKY, per security.md); prefer write-access triggers. - Enable branch protections, require approvals for external contributors. - Review prompts for injection risks. For untrusted PR analysis, prefer 'on: pull_request' or separate jobs: one safe review job (no secrets/checkout head), gated approval job (pull_request_target with head checkout). Sources confirm action runs post-checkout but relies on API context, not local files for PR review—avoiding head checkout mitigates risks while enabling _target for privileged ops like commenting.

Citations:

🏁 Script executed:

cat -n .github/workflows/check_review.yml

Repository: musescore/MuseScore

Length of output: 608

🏁 Script executed:

fd -e yml -e yaml .github/workflows/ | head -20

Repository: musescore/MuseScore

Length of output: 440

🏁 Script executed:

fd . '.github/workflows/' -e yml -e yaml

Repository: musescore/MuseScore

Length of output: 960

🏁 Script executed:

cat -n .github/workflows/triage_prs.yml

Repository: musescore/MuseScore

Length of output: 1036

🏁 Script executed:

cat -n .github/workflows/claude.yml

Repository: musescore/MuseScore

Length of output: 2461

Security: pull_request_target needs explicit permission scoping and tool restrictions.

This workflow uses pull_request_target to grant ANTHROPIC_API_KEY and full GitHub permissions to a job triggered by untrusted PR content. While the workflow does not explicitly check out the PR head (reducing the direct execution risk), it still lacks two critical mitigations:

  1. No explicit permissions block — defaults to full permissions instead of least-privilege (compare to triage_prs.yml which declares permissions: { pull-requests: read, contents: read }).
  2. No tool restrictionsclaude_args: "--max-turns 5" should include --allowed-tools to restrict Claude to read-only operations (e.g., avoid Bash(...) on untrusted input). See claude.yml line 49 for an example of tool scoping.

Apply these mitigations together:

  • Add permissions block: { contents: read, pull-requests: read, id-token: write } (minimal write scope if comment-back is needed).
  • Add to claude_args: --allowed-tools "Bash(gh pr:*)" or similar read-only tools only.
  • Optionally gate fork PRs: if: contains(github.event.pull_request.labels.*.name, 'safe-to-review') so a maintainer reviews the diff before secrets are exposed.

Note: The @v1 mutable ref is a documented pattern in this repository; this is a separate supply-chain concern.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check_review.yml around lines 3 - 4, The workflow using
pull_request_target grants too-broad privileges: add an explicit permissions
block with minimal scopes (permissions: { contents: read, pull-requests: read,
id-token: write }) to the pull_request_target job, and restrict Claude by
appending an allowed-tools flag to claude_args (e.g., include --allowed-tools
"Bash(gh pr:*)" or another read-only tool list) to prevent executing arbitrary
commands via ANTHROPIC_API_KEY; optionally gate fork PRs by adding an if
condition such as contains(github.event.pull_request.labels.*.name,
'safe-to-review') to require a maintainer label before exposing secrets or
running the job.

Comment thread .github/workflows/claude.yml
Comment on lines +15 to +19
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Consider gating @claude triggers to trusted actors to avoid API-credit abuse.

Any user who can comment on an issue/PR (including drive-by accounts) can invoke this workflow by typing @claude, consuming ANTHROPIC_API_KEY credits and running the action with contents: write / pull-requests: write. Consider adding an author-association check to the if: condition, e.g.:

      (github.event.comment.author_association == 'OWNER' ||
       github.event.comment.author_association == 'MEMBER' ||
       github.event.comment.author_association == 'COLLABORATOR')

applied per event type. This prevents anonymous cost/abuse exposure while keeping the feature available to maintainers.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/claude.yml around lines 15 - 19, Update the workflow `if:`
conditional to require a trusted author_association for each event type that
triggers on comment/review/issue; specifically, for the clauses checking
github.event.comment, github.event.review, and github.event.issue, add checks
that github.event.*.author_association is one of OWNER, MEMBER, or COLLABORATOR
(e.g., ensure github.event.comment.author_association == 'OWNER' || ...); keep
the existing contains(..., '@claude') checks but combine them with the
author_association guard for pull_request_review_comment, pull_request_review,
issue_comment, and issues so only trusted actors can trigger the run.

Comment thread .github/workflows/claude.yml

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Same mutable-ref concern as check_review.yml: anthropics/claude-code-action@v1 runs with write scopes and a secret API key — consider pinning to a commit SHA.

This is consistent with the prior review on the sibling workflow; the repo's add-to-projectmain learning (first-party, no secrets) does not apply here. A tag move or tag compromise would silently land in CI with full write access.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/claude.yml at line 35, The workflow currently uses the
mutable tag anthropics/claude-code-action@v1 which grants code execution with
write scopes and a secret API key; replace the tag with a pinned commit SHA for
anthropics/claude-code-action (use the specific commit hash for the version you
trust) so the action cannot be silently upgraded—update the uses entry
(anthropics/claude-code-action@v1 → anthropics/claude-code-action@<commit-sha>)
in the claude.yml workflow and ensure any related workflows (e.g.,
check_review.yml) follow the same pinning practice.

Comment thread .github/workflows/claude.yml
Comment on lines +39 to +58
# Optional: Customize the trigger phrase (default: @claude)
# trigger_phrase: "/claude"

# Optional: Trigger when specific user is assigned to an issue
# assignee_trigger: "claude-bot"

# Optional: Configure Claude's behavior with CLI arguments
# claude_args: |
# --model claude-opus-4-1-20250805
# --max-turns 10
# --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)"
# --system-prompt "Follow our coding standards. Ensure all new code has tests. Use TypeScript for new files."

# Optional: Advanced settings configuration
# settings: |
# {
# "env": {
# "NODE_ENV": "test"
# }
# }
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Strip commented-out boilerplate before merging.

~20 lines of vendor-example comments add no value in a production workflow and will decay over time as the upstream example changes. If any of these options are planned (e.g., claude_args), enable them; otherwise remove the block and rely on the upstream docs.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/claude.yml around lines 39 - 58, Remove the large block of
commented vendor-example options (the commented keys like trigger_phrase,
assignee_trigger, claude_args, and settings) from the workflow to avoid noisy,
decaying boilerplate; if any option is intended to be used, replace its
commented example with an enabled configuration (uncomment and set the real
value) otherwise delete the entire commented section so only active
configuration remains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ximich Ximich Ximich left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@igorkorsukov @Ximich