Switch to CC reviews v2

[Jarema]

Signed-off-by: Tomasz Pietrek tomasz@synadia.com

[github-actions]

Claude finished @Jarema's task in 34s —— View job

---

Code Review

• Gather context
• Read changed files
• Review changes
• Post findings

---

This PR upgrades the Claude Code workflow from v1 to v2 of the reusable workflow. The changes look correct and straightforward.

Summary of changes:

• Bumps reusable workflow from @v1 to @v2
• Adds gh_app_id and gh_app_private_key inputs — GitHub API access shifts to a GitHub App token instead of GITHUB_TOKEN
• Drops explicit GITHUB_TOKEN permissions in favor of permissions: {} (least privilege), relying on the App token for all GitHub API calls
• Adds checkout_mode: 'base' — checks out the base branch rather than the PR head, which is a security best practice for pull_request_target workflows to prevent untrusted code from running with elevated permissions

Security note: The use of pull_request_target with checkout_mode: 'base' is the correct and safe pattern here. Checking out the PR head in a pull_request_target context would be dangerous since that event has access to secrets; checking out only the base branch mitigates that risk.

No issues found. The changes are correct and improve the security posture of the workflow.

[piotrpio]

LGTM!