Add Claude Code GitHub Workflow

[thomasdavis]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

Summary by CodeRabbit

• Chores
  • Enhanced CI/CD infrastructure with automated code review capabilities triggered on pull request events and code-related interactions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5d5919f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
jsonresume-org-homepage2	Ready	Preview	Comment	Dec 4, 2025 7:03am
jsonresume-org-registry	Canceled			Dec 4, 2025 7:03am

[coderabbitai]

Walkthrough

Two new GitHub Actions workflows are introduced to integrate Claude AI for code review and analysis. The first workflow automatically reviews pull requests on PR events. The second workflow responds to @claude mentions in issue comments and PR reviews, triggering interactive code analysis.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows for Claude Integration \.github/workflows/claude-code-review.yml, \.github/workflows/claude.yml	Two new workflows added: claude-code-review.yml automatically triggers Claude code reviews on PR events (opened, synchronize) to assess code quality, potential issues, performance, security, and test coverage; claude.yml triggers Claude analysis in response to @claude mentions in issue comments, PR review comments, and issue events with configurable permissions and additional analysis options.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Verify trigger conditions (PR events, @claude mentions) are appropriately scoped
• Validate OAuth token handling and security configuration
• Confirm permissions are minimal and appropriate for each workflow
• Check that allowed Bash/GitHub CLI commands in claude-code-review.yml are secure and necessary
• Ensure CLAUDE.md guidelines reference is correct and file exists

Poem

🐰 Two workflows hop into place, Claude reviews with measured pace,
PR feedback flows like morning dew, @claude responds to calls so true,
Code quality checked with expert eyes, our furry friend now scrutinizes! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add Claude Code GitHub Workflow' clearly and accurately summarizes the main change—adding GitHub Actions workflows to integrate Claude Code into the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-claude-github-actions-1764831601998

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[alwaysmeticulous]

🤖 No test run has been triggered as your Meticulous project has been deactivated (since you haven't viewed any test results in a while). Click here to reactivate.

_{Last updated for commit 5d5919f. This comment will update as new commits are pushed.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/claude-code-review.yml (2)

22-26: Simplify permissions—issues:read may be unnecessary.

The issues:read permission is not required for reviewing pull requests. This workflow only needs to read PR context and write tokens. Consider removing it to follow the principle of least privilege.

    permissions:
      contents: read
      pull-requests: read
-     issues: read
      id-token: write

---

37-56: Consider adding an early validation step for CLAUDE_CODE_OAUTH_TOKEN for faster feedback, though the action includes built-in error handling.

The anthropics/claude-code-action performs validation and reports errors with structured messages when secrets are missing. However, adding explicit validation before invoking the action provides earlier failure detection and clearer error messaging at the workflow level, rather than within the action execution.

You can add the validation step for better user experience:

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

+     - name: Validate Claude Code OAuth token
+       run: |
+         if [ -z "${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}" ]; then
+           echo "❌ Error: CLAUDE_CODE_OAUTH_TOKEN secret is not configured"
+           exit 1
+         fi

      - name: Run Claude Code Review

Alternatively, documenting the requirement in CONTRIBUTING.md or README is sufficient since the action will catch missing secrets.

.github/workflows/claude.yml (1)

28-31: Consider increasing fetch-depth for more complete context in Claude analysis.

A shallow clone with fetch-depth: 1 limits Claude's access to repository history, which may impact its ability to analyze code context, understand changes, and provide comprehensive responses. While Anthropic's documented examples use fetch-depth: 1, general best practices for AI-powered code analysis recommend fetch-depth: 0 to provide full Git history for better context awareness.

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
-         fetch-depth: 1
+         fetch-depth: 0

Note: This increases clone time and storage but provides Claude with full repository context for analysis.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 77da679 and 5d5919f.

📒 Files selected for processing (2)

• .github/workflows/claude-code-review.yml (1 hunks)
• .github/workflows/claude.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

.github/workflows/claude.yml (2)

15-19: Verify trigger and conditional coverage for all @claude mention scenarios.

The conditional logic comprehensively covers all event types and checks for @claude mentions in the relevant fields (comment bodies, review bodies, issue body, and title). This is well-structured.

One minor clarification: ensure that the issues trigger with types: [opened, assigned] is intentional. If the goal is only to trigger on new issues mentioning @claude, opened is sufficient; assigned may trigger even if the issue body/title doesn't mention @claude (the condition will filter it, but consider whether this is the intended trigger scope).

---

40-41: The additional_permissions field is a documented feature of anthropics/claude-code-action designed to specify which GitHub token permissions the action requires. It is not redundant with the workflow-level permissions block—rather, it works alongside it. The permissions block grants the token access, while additional_permissions tells the action which permissions to utilize (e.g., to read CI results on PRs). Removing this field would break the intended functionality. No changes needed.

Likely an incorrect or invalid review comment.

.github/workflows/claude-code-review.yml (1)

29-32: Increase fetch-depth to enable proper PR diff analysis.

A shallow clone with fetch-depth: 1 only retrieves the current commit and cannot compute diffs or merge-base information needed for code review. Claude's analysis requires access to the changes between the base and head branches. Use fetch-depth: 0 to fetch full git history:

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
-         fetch-depth: 1
+         fetch-depth: 0