Last active
September 17, 2025 21:45
-
-
Save muratkeremozcan/e417b0b68a28869603f1873153e51e8b to your computer and use it in GitHub Desktop.
Claude Code - CI code review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sample Claude Code Review Workflow | |
| # | |
| # This is a template workflow that demonstrates how to set up automated code reviews | |
| # using Claude via GitHub Actions. Customize the prompt and focus areas for your project. | |
| # | |
| # To use this workflow: | |
| # 1. Use Claude Code command in your terminal: /install-github-app , this holds your hand throughout the setup | |
| # 2. Copy this file over to your repository's .github/workflows/claude-code-review.yml , which gets auto-generated | |
| # 3. Add ANTHROPIC_API_KEY to your repository secrets | |
| # 4. Customize the prompt section for your project's specific needs | |
| # 5. Adjust the focus areas, tools, and model as needed | |
| name: Claude Code Review (Sample Template) | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| # if this branch is pushed back to back, cancel the older branch's workflow | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| claude-review: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: read | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run Claude Code Review | |
| id: claude-review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| # Using API key for per-token billing plan | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| # Track progress creates a comment showing review progress | |
| track_progress: true | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ github.event.pull_request.number }} | |
| # CUSTOMIZE THIS SECTION FOR YOUR PROJECT | |
| # Example exclusions - adjust for your project structure | |
| IMPORTANT: Skip reviewing any files in these directories: | |
| - docs/ (documentation files) | |
| - .github/ (workflow files) | |
| - config/ (configuration files) | |
| - Any other directories specific to your project that shouldn't be code reviewed | |
| Perform a comprehensive code review with focus on: | |
| ## Code Quality | |
| - **Code structure and organization** - Follow project's established patterns | |
| - **Language best practices** - Proper typing, modern language features, clean code | |
| - **Readability and maintainability** - Clear, self-documenting code | |
| - **Performance considerations** - Efficient algorithms, memory usage | |
| - **Error handling** - Proper exception handling, edge cases, graceful failures | |
| ## Testing & Reliability | |
| - **Test accompaniment** - When adding new source code, check for tests being updated or added | |
| - **Test quality** - Coverage adequacy, edge cases, error scenarios | |
| - **Test reliability** - No flaky tests, proper async handling, deterministic behavior | |
| - **Integration testing** - End-to-end validation where applicable | |
| ## Security & Best Practices | |
| - **Security considerations** - No hardcoded secrets, proper input validation | |
| - **Dependency management** - Appropriate dependencies, security vulnerabilities | |
| - **Data handling** - Safe data processing, sanitization, privacy considerations | |
| - **Authentication/Authorization** - Proper access control where applicable | |
| ## Architecture & Design | |
| - **Design patterns** - Appropriate architectural patterns for the project | |
| - **API design** - Clean interfaces, consistent naming, proper abstractions | |
| - **Separation of concerns** - Clear responsibility boundaries | |
| - **Breaking changes** - Backward compatibility considerations | |
| ## Documentation & Maintainability | |
| - **Code documentation** - Clear comments where needed (focus on "why" not "what") | |
| - **API documentation** - Public interfaces properly documented | |
| - **Change documentation** - Breaking changes or new features documented | |
| ## Review Guidelines | |
| - Use the repository's documentation (README, CONTRIBUTING, etc.) for project-specific guidance | |
| - Provide specific, actionable feedback with code examples where helpful | |
| - Prioritize issues by severity: **Critical** � **High** � **Medium** � **Low** | |
| - Be constructive and focus on code quality, security, and maintainability | |
| - Consider the project's target audience and use cases | |
| ## Project-Specific Checks | |
| # CUSTOMIZE THIS SECTION | |
| # Add any specific checks relevant to your project type: | |
| # | |
| # For React projects: | |
| # - Component patterns, hooks usage, state management | |
| # | |
| # For API projects: | |
| # - Endpoint design, validation, error responses | |
| # | |
| # For CLI tools: | |
| # - Command structure, help text, error handling | |
| # | |
| # For libraries: | |
| # - Public API design, backward compatibility, versioning | |
| Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. | |
| # Customize model and tools as needed | |
| # Available models: claude-opus-4-1-20250805, claude-sonnet-4-20250514, etc. | |
| # Tools can be restricted based on what review actions you want to allow | |
| claude_args: '--model claude-sonnet-4-20250514 --allowed-tools "mcp__github_inline_comment__create_inline_comment,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' | |
| # SETUP INSTRUCTIONS | |
| # ================== | |
| # | |
| # 1. Repository Secrets Setup: | |
| # - Go to your repository � Settings � Secrets and variables � Actions | |
| # - Click "New repository secret" | |
| # - Name: ANTHROPIC_API_KEY | |
| # - Value: Your Anthropic API key (get one from https://console.anthropic.com/) | |
| # | |
| # 2. Permissions: | |
| # - The workflow needs 'pull-requests: write' to comment on PRs | |
| # - The workflow needs 'contents: read' to access repository code | |
| # - The workflow needs 'issues: read' for GitHub CLI operations | |
| # | |
| # 3. Customization: | |
| # - Update the prompt section to match your project's needs | |
| # - Add project-specific file/directory exclusions | |
| # - Customize the focus areas based on your tech stack | |
| # - Adjust the model (opus for more thorough reviews, sonnet for faster) | |
| # - Modify allowed tools based on what actions you want Claude to perform | |
| # | |
| # 4. Testing: | |
| # - Create a test PR to verify the workflow runs correctly | |
| # - Check that Claude can comment on the PR | |
| # - Ensure the review quality meets your standards | |
| # | |
| # 5. Advanced Customization: | |
| # - Add conditional logic based on file types or changes | |
| # - Integrate with other GitHub Actions (linting, testing, etc.) | |
| # - Set up different review levels based on PR size or author | |
| # - Add custom review templates for different types of changes | |
| # | |
| # TROUBLESHOOTING | |
| # =============== | |
| # | |
| # Common Issues: | |
| # - "Authentication failed" � Check ANTHROPIC_API_KEY secret | |
| # - "Permission denied" � Verify workflow permissions in job definition | |
| # - "No comments posted" � Check allowed tools and gh CLI permissions | |
| # - "Review too generic" � Customize prompt with project-specific guidance | |
| # | |
| # For more help: | |
| # - GitHub Actions documentation: https://docs.github.com/en/actions | |
| # - Claude Code Action: https://github.com/anthropics/claude-code-action | |
| # - Anthropic API documentation: https://docs.anthropic.com/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment