Conversation
Updated workflow to use pull_request_target for fork PRs and added comments for clarity.
Removed redundant comments and cleaned up the CLAUDE action configuration.
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
📝 WalkthroughWalkthroughTwo GitHub Actions workflow files were modified to improve security and fork pull request support. The changes include switching the trigger mechanism to Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
codeant-ai
bot
added
the
size:S
|
CodeAnt AI finished reviewing your PR. |
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions workflows used to run Anthropic Claude automations, primarily adjusting triggers/permissions and removing repository checkout steps.
Changes:
- Simplifies
claude.ymlby removing the checkout step and trimming inline comments. - Switches the code-review workflow to
pull_request_targetand removes checkout to support fork PRs while trying to avoid executing fork code.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| .github/workflows/claude.yml | Removes checkout step; keeps Claude action invocation with permissions. |
| .github/workflows/claude-code-review.yml | Moves to pull_request_target and removes checkout; updates comments and optional author filter notes. |
| # Use pull_request_target so this works for fork PRs and can mint an OIDC token. | ||
| # IMPORTANT: do NOT checkout or run fork code in this workflow. | ||
| pull_request_target: | ||
| types: [opened, synchronize, ready_for_review, reopened] |
There was a problem hiding this comment.
Switching this workflow to pull_request_target means it will run in the base repo context for fork PRs and can access secrets.CLAUDE_CODE_OAUTH_TOKEN (and any other available secrets). That creates a real secret-exfiltration risk (e.g., via prompt injection in PR text or a compromised third-party action). Consider gating execution to trusted authors (MEMBER/OWNER/COLLABORATOR), requiring a manual trigger/approval step, or reverting to pull_request with no secrets and reduced permissions.
| # Optional: Filter by PR author / association | ||
| # if: | | ||
| # github.event.pull_request.user.login == 'external-contributor' || | ||
| # github.event.pull_request.user.login == 'new-developer' || | ||
| # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' | ||
| # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' || | ||
| # github.event.pull_request.author_association == 'CONTRIBUTOR' |
There was a problem hiding this comment.
The optional author-association guard is commented out, so the job will run automatically for any PR (including forks) under pull_request_target. If the intent is to limit who can trigger a secrets-bearing workflow, uncomment/enforce an if: condition for trusted associations (e.g., MEMBER/OWNER/COLLABORATOR) or similar policy.
| @@ -26,10 +27,8 @@ jobs: | |||
| id-token: write | |||
There was a problem hiding this comment.
id-token: write is a high-privilege permission. If this workflow doesn't strictly need GitHub OIDC, drop it to reduce blast radius; if it does, ensure any cloud trust policy is tightly scoped to this repo/workflow and doesn't allow unintended access from untrusted PR runs.
| id-token: write |
| # Use pull_request_target so this works for fork PRs and can mint an OIDC token. | ||
| # IMPORTANT: do NOT checkout or run fork code in this workflow. | ||
| pull_request_target: |
There was a problem hiding this comment.
The PR description/testing sections are still template placeholders (no motivation, testing details, or issue link). Please update the PR description to state what problem is being fixed, why these workflow changes are needed, and how they were validated (e.g., test run links or a screenshot of a successful workflow run).
| additional_permissions: | | ||
| actions: read |
There was a problem hiding this comment.
additional_permissions repeats actions: read, but this job already grants actions: read at the workflow permissions level (line 26). Consider removing the duplicate to make permission auditing clearer unless the action requires both.
| additional_permissions: | | |
| actions: read |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Confidence score: 4/5
- Workflow risk is limited to CI: without a checkout,
anthropics/claude-code-action@v1runs on an empty workspace and can't read/modify repo files in.github/workflows/claude.yml. - Overall merge risk is low since the issue is confined to automation rather than production code, but it can block intended workflow behavior.
- Pay close attention to
.github/workflows/claude.yml- add a checkout step so the action has repository files available.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/claude.yml">
<violation number="1" location=".github/workflows/claude.yml:28">
P2: Add a checkout step before running `anthropics/claude-code-action@v1`; otherwise the workflow runs Claude with an empty workspace, so it can't read or modify repository files.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| fetch-depth: 1 | ||
| actions: read | ||
|
|
||
| steps: |
There was a problem hiding this comment.
P2: Add a checkout step before running anthropics/claude-code-action@v1; otherwise the workflow runs Claude with an empty workspace, so it can't read or modify repository files.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/claude.yml, line 28:
<comment>Add a checkout step before running `anthropics/claude-code-action@v1`; otherwise the workflow runs Claude with an empty workspace, so it can't read or modify repository files.</comment>
<file context>
@@ -23,28 +23,13 @@ jobs:
- fetch-depth: 1
+ actions: read
+ steps:
- name: Run Claude Code
id: claude
</file context>
| steps: | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/claude.yml (1)
26-26:actions: readis declared twice — remove the redundantadditional_permissionsentry.
actions: readalready appears in the job-levelpermissionsblock (Line 26), so theadditional_permissions: actions: readinput to the action (Lines 34–35) is a no-op duplicate.🧹 Proposed fix
steps: - name: Run Claude Code id: claude uses: anthropics/claude-code-action@v1 with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - additional_permissions: | - actions: readAlso applies to: 34-35
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claude.yml at line 26, Remove the redundant additional_permissions entry that duplicates the job-level permissions; specifically delete the additional_permissions: actions: read block (the duplicate "actions: read" input) so only the job-level permissions: actions: read remains; ensure no other inputs rely on additional_permissions before removing.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/claude-code-review.yml:
- Around line 4-6: The workflow uses pull_request_target together with a prompt
input which can trigger agent mode in claude-code-action and cause reviews to be
hidden; either switch the event to pull_request or remove the prompt input to
avoid agent mode, or add a post-step that reads claude-execution-output.json and
posts it as a PR comment via gh pr comment (use the documented workaround).
Update references to pull_request_target, prompt, claude-code-action,
claude-execution-output.json, gh pr comment, and any usage of
code-review@claude-code-plugins accordingly so the workflow reliably posts PR
comments to contributors.
In @.github/workflows/claude.yml:
- Around line 28-35: The workflow is missing a repository checkout so the "Run
Claude Code" step using anthropics/claude-code-action@v1 cannot read or modify
files; add an initial step that runs actions/checkout@v6 (as the first step
before the step with id "claude") so the repository is available for interactive
`@claude` file operations and preserve existing with inputs like
claude_code_oauth_token and additional_permissions.
---
Nitpick comments:
In @.github/workflows/claude.yml:
- Line 26: Remove the redundant additional_permissions entry that duplicates the
job-level permissions; specifically delete the additional_permissions: actions:
read block (the duplicate "actions: read" input) so only the job-level
permissions: actions: read remains; ensure no other inputs rely on
additional_permissions before removing.
| # Use pull_request_target so this works for fork PRs and can mint an OIDC token. | ||
| # IMPORTANT: do NOT checkout or run fork code in this workflow. | ||
| pull_request_target: |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
anthropics claude-code-action issue #621 pull_request_target automation mode PR comments
💡 Result:
In anthropics/claude-code-action Issue #621 (opened Oct 14, 2025, now closed), the reported problem is:
- When a workflow runs on
pull_request_targetand you provide aprompt(i.e., “automation mode” / automated review), the action’s mode detector selects agent mode. - Agent mode does not create PR comments/reviews—it only outputs the review in the GitHub Actions step summary—so nothing appears as a comment on the PR, and
use_sticky_comment: truehas no effect in that mode. [1]
Why it happens (per the issue):
- Agent mode explicitly disables comment creation via
shouldCreateTrackingComment() { return false; }, and mode detection picksagentfor PR events whenpromptis set. [1]
Workaround noted in the issue:
- Post-process the generated output (e.g., from
claude-execution-output.json) and manually post it to the PR using something likegh pr comment .... [1]
If you tell me what outcome you want (e.g., “always comment on the PR even in automation mode” vs “only for Dependabot PRs”), I can suggest a concrete workflow YAML pattern.
Sources: [1]
🌐 Web query:
code-review claude-code-plugins pull_request_target automation mode comments 2025 2026
💡 Result:
-
pull_request_targetsupport (for fork/Dependabot PRs with base-repo permissions):anthropics/claude-code-actionadded explicit support for thepull_request_targetevent on September 22, 2025, noting it uses the same payload shape aspull_requestbut runs with write permissions from the base repository (with associated security considerations). [1] -
“Automation mode” vs “interactive mode” (what controls it):
- Interactive mode = no
promptinput → responds to@claudementions and creates tracking/progress comments. [1] - Automation mode =
promptprovided → runs immediately and does not create tracking comments by default. [1]
- Interactive mode = no
-
If you want comments/progress in automation mode: in v1, tracking comments are intentionally off “to reduce noise”; enable them with
track_progress: true. [1] -
Related (PR review comments behavior in the Code Review plugin): the official Code Review Claude plugin describes posting only high-confidence findings (default threshold 80) to reduce comment noise. [2]
Sources: custom-automations docs for anthropics/claude-code-action (incl. pull_request_target, mode detection, tracking comments) [1]; Anthropic Code Review plugin page [2].
[1] https://git.homeinfra.org/actions/claude-code-action/src/commit/f4d737af0b61a79741d8246c5207da5887746212/docs/custom-automations.md
[2] https://claude.com/plugins/code-review
pull_request_target + automation prompt may silently swallow review comments.
There is a confirmed bug in claude-code-action (Issue #621) where using a prompt input with pull_request_target triggers agent mode, which does not post reviews as PR comments—they only appear in the GitHub Actions Step Summary. Claude Code reviews should appear as PR comments visible to PR authors and reviewers, not only in the execution summary. The documented workaround is to post-process claude-execution-output.json and manually post it using gh pr comment.
This workflow uses both pull_request_target and a prompt: parameter, which is precisely the affected configuration. Issue #621 is now closed as of February 2026, but the fix status is unclear. The code-review@claude-code-plugins plugin's effect on this behavior is unconfirmed.
If reviews are not posted as PR comments, external contributors will never see automated feedback on their PRs.
Also applies to: 33-42
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/claude-code-review.yml around lines 4 - 6, The workflow
uses pull_request_target together with a prompt input which can trigger agent
mode in claude-code-action and cause reviews to be hidden; either switch the
event to pull_request or remove the prompt input to avoid agent mode, or add a
post-step that reads claude-execution-output.json and posts it as a PR comment
via gh pr comment (use the documented workaround). Update references to
pull_request_target, prompt, claude-code-action, claude-execution-output.json,
gh pr comment, and any usage of code-review@claude-code-plugins accordingly so
the workflow reliably posts PR comments to contributors.
| steps: | ||
| - name: Run Claude Code | ||
| id: claude | ||
| uses: anthropics/claude-code-action@v1 | ||
| with: | ||
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||
|
|
||
| # This is an optional setting that allows Claude to read CI results on PRs | ||
| additional_permissions: | | ||
| actions: read |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, let's locate and examine the claude.yml file
fd -t f "claude.yml" .github/Repository: MFlowCode/MFC
Length of output: 85
🌐 Web query:
anthropic claude-code-action official documentation examples
💡 Result:
Official documentation (Claude Code GitHub Actions / claude-code-action)
- Anthropic docs: “Claude Code GitHub Actions” (setup, inputs like
prompt/claude_args, and basic workflow example). [1] - Official action repo:
anthropics/claude-code-action(README + detailed guides +examples/). [2]
Official example workflow (from the repo)
A minimal “respond to @claude” workflow is in examples/claude.yml. Here’s the core structure (abridged): [3]
name: Claude Code
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
claude:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# optional: prompt: "..."
# optional: claude_args: "--max-turns 5"Manual setup path (per Anthropic docs): install the Claude GitHub App, add ANTHROPIC_API_KEY as a repo secret, and copy the workflow from examples/claude.yml into .github/workflows/. [1]
🏁 Script executed:
cat -n .github/workflows/claude.ymlRepository: MFlowCode/MFC
Length of output: 1390
Missing actions/checkout step breaks interactive @claude file operations.
The official Anthropic template for claude.yml requires a repository checkout step before the action runs. The official example in the anthropics/claude-code-action repository shows - uses: actions/checkout@v6 as the first step before anthropics/claude-code-action@v1.
This workflow handles interactive mode (triggered by issue_comment, pull_request_review_comment, issues, pull_request_review) where Claude needs to read and modify repository files in response to @claude mentions. Without the checkout step, the action cannot access the repository contents, preventing any file-level operations.
🔧 Proposed fix
steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 1
+
- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| steps: | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # This is an optional setting that allows Claude to read CI results on PRs | |
| additional_permissions: | | |
| actions: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| additional_permissions: | | |
| actions: read |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/claude.yml around lines 28 - 35, The workflow is missing a
repository checkout so the "Run Claude Code" step using
anthropics/claude-code-action@v1 cannot read or modify files; add an initial
step that runs actions/checkout@v6 (as the first step before the step with id
"claude") so the repository is available for interactive `@claude` file operations
and preserve existing with inputs like claude_code_oauth_token and
additional_permissions.
1 participant
User description
Description
Summarize your changes and the motivation behind them.
Fixes #(issue)
Type of change
Testing
How did you test your changes?
Checklist
See the developer guide for full coding standards.
GPU changes (expand if you modified
src/simulation/)CodeAnt-AI Description
Run Claude workflows on fork PRs without checking out fork code
What Changed
Impact
✅ Runs Claude reviews for fork PRs✅ Fewer leaked secrets from workflows✅ Safer automated code reviews💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.
Summary by CodeRabbit