From 557e7c955379952028cdf45c21a817b0e9cb1ed2 Mon Sep 17 00:00:00 2001 From: Haardik H Date: Mon, 12 Jan 2026 13:51:38 +0530 Subject: [PATCH 1/2] v1 workflow --- .github/workflows/claude-review.yml | 79 +++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 .github/workflows/claude-review.yml diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml new file mode 100644 index 00000000..f31562d8 --- /dev/null +++ b/.github/workflows/claude-review.yml @@ -0,0 +1,79 @@ +name: Claude Code Review + +on: + pull_request: + types: [opened, synchronize, ready_for_review, reopened] + +permissions: + contents: read + # This allows posting comments and reviews + # It does not allow pushing any commits or modifying any files in the repo + pull-requests: write + +jobs: + review: + name: Review PR + # Note: This job runs on the custom Runner to be able to access LLM Gateway + # It will not work on other runners + runs-on: BaseRunner + steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Run Claude Code + id: claude-review + uses: anthropics/claude-code-action@1b8ee3b94104046d71fde52ec3557651ad8c0d71 # v1.0.29 + env: + ANTHROPIC_BASE_URL: ${{ secrets.LLM_GATEWAY_BASE_URL }} + LLM_GATEWAY_API_KEY: ${{ secrets.LLM_GATEWAY_API_KEY }} + with: + anthropic_api_key: ${{ secrets.LLM_GATEWAY_API_KEY }} + + # When track_progress is enabled: + # - Creates a tracking comment with progress checkboxes + # - Includes all PR context (comments, attachments, images) + # - Updates progress as the review proceeds + # - Marks as completed when done + track_progress: true + + # review instructions + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + Perform a comprehensive code review with the following focus areas: + + 1. **Code Quality** + - Clean code principles and best practices + - Proper error handling and edge cases + - Code readability and maintainability + + 2. **Security** + - Check for potential security vulnerabilities + - Validate input sanitization + - Review authentication/authorization logic + + 3. **Performance** + - Identify potential performance bottlenecks + - Review database queries for efficiency + - Check for memory leaks or resource issues + + 4. **Testing** + - Verify adequate test coverage + - Review test quality and edge cases + - Check for missing test scenarios + + 5. **Documentation** + - Ensure code is properly documented + - Verify README updates for new features + - Check API documentation accuracy + + Provide detailed feedback using inline comments for specific issues. + Use top-level comments for general observations or praise. + + # Tools for comprehensive PR review + claude_args: | + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" From 1f4b537854f9ec359a06bba5fb635d72ae0ae9a6 Mon Sep 17 00:00:00 2001 From: Haardik H Date: Mon, 12 Jan 2026 14:48:25 +0530 Subject: [PATCH 2/2] use repo variables for base_url --- .github/workflows/claude-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index f31562d8..3f789f2d 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -27,7 +27,7 @@ jobs: id: claude-review uses: anthropics/claude-code-action@1b8ee3b94104046d71fde52ec3557651ad8c0d71 # v1.0.29 env: - ANTHROPIC_BASE_URL: ${{ secrets.LLM_GATEWAY_BASE_URL }} + ANTHROPIC_BASE_URL: ${{ vars.LLM_GATEWAY_BASE_URL }} LLM_GATEWAY_API_KEY: ${{ secrets.LLM_GATEWAY_API_KEY }} with: anthropic_api_key: ${{ secrets.LLM_GATEWAY_API_KEY }}