fix(ci): use bot token so Claude commits trigger CI workflows #491
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add WORKTRUNK_BOT_TOKEN to both checkout and claude-code-action steps in claude-mention.yaml and claude-ci-fix.yaml. This ensures pushed commits trigger CI workflows, since GITHUB_TOKEN is intentionally blocked from triggering workflows to prevent infinite loops. Co-Authored-By: Claude <[email protected]>
2 tasks
max-sixty
added a commit
that referenced
this pull request
Jan 9, 2026
Add WORKTRUNK_BOT_TOKEN to both checkout and claude-code-action steps in claude-mention.yaml and claude-ci-fix.yaml. This ensures pushed commits trigger CI workflows, since GITHUB_TOKEN is intentionally blocked from triggering workflows to prevent infinite loops. Co-authored-by: Claude <[email protected]>
max-sixty
added a commit
that referenced
this pull request
Jan 9, 2026
* fix(test): apply mtime sleep to all platforms, not just Windows The `test_list_full_working_tree_conflicts` test was failing on Linux CI because git's mtime-based change detection wasn't reliably seeing file modifications. The sleep was previously Windows-only, but CI environments on all platforms can have this issue. Co-Authored-By: Claude <[email protected]> * fix(ci): use bot token so Claude commits trigger CI workflows (#491) Add WORKTRUNK_BOT_TOKEN to both checkout and claude-code-action steps in claude-mention.yaml and claude-ci-fix.yaml. This ensures pushed commits trigger CI workflows, since GITHUB_TOKEN is intentionally blocked from triggering workflows to prevent infinite loops. Co-authored-by: Claude <[email protected]> * refactor(windows): remove hardcoded fallback, rely on PATH only (#489) * refactor(windows): simplify Git Bash detection with single fallback Simplify Git Bash detection: 1. Primary: Find git.exe in PATH and derive bash.exe location 2. Fallback: Check standard Git for Windows path (C:\Program Files\Git) Removed the other 5 hardcoded paths (Program Files (x86), C:\Git, MSYS2 locations) since they're rare edge cases. The standard path covers GitHub Actions and most installations. Co-Authored-By: Claude <[email protected]> * refactor(windows): simplify Git Bash detection with single fallback Simplify Git Bash detection from 6 hardcoded paths to just 1: 1. Primary: find git.exe in PATH and derive bash.exe location 2. Fallback: C:\Program Files\Git\bin\bash.exe The fallback is needed because `which::which("git")` fails in some CI environments even when git is installed (Windows PATH handling quirk). Co-Authored-By: Claude <[email protected]> * ci: retry flaky windows test * ci: retry (flaky working_tree_conflicts test) --------- Co-authored-by: Claude <[email protected]> * fix(test): replace sleep with polling for racy git detection (#492) Replace the fixed 100ms sleep in test_list_full_working_tree_conflicts with a polling-based approach using the new general `wait_for` helper. The "racy git" problem occurs when file modifications happen within the same filesystem timestamp granularity - git's mtime-based detection may not see the change. Polling with exponential backoff (10ms -> 500ms cap, 15s timeout) is both faster on normal systems and more reliable on slow CI. Co-authored-by: Claude <[email protected]> * fix(security): add prompt instruction to prevent secret exposure (#493) Add security instruction to both Claude workflows prohibiting commands that could expose secrets (env, printenv, etc.) and forbidding inclusion of credentials in responses. Co-authored-by: Claude <[email protected]> * feat(ci): use OAuth token for Claude Code subscription auth (#494) Switch from ANTHROPIC_API_KEY to CLAUDE_CODE_OAUTH_TOKEN to use subscription-based authentication instead of per-token API pricing. Co-authored-by: Claude <[email protected]> * test: verify OAuth token authentication (#495) * feat(ci): use OAuth token for Claude Code subscription auth Switch from ANTHROPIC_API_KEY to CLAUDE_CODE_OAUTH_TOKEN to use subscription-based authentication instead of per-token API pricing. Co-Authored-By: Claude <[email protected]> * test: verify OAuth token authentication Co-Authored-By: Claude <[email protected]> * fix(ci): use input parameter instead of env var for OAuth token The claude-code-action expects claude_code_oauth_token as an input parameter, not an environment variable. Co-Authored-By: Claude <[email protected]> --------- Co-authored-by: Claude <[email protected]> * fix(test): normalize PTY blank lines in shell install tests PTY echo timing varies between systems, causing blank lines to appear at different positions in the output. On CI macOS, the newline from user input appears after the prompt text rather than before it. Normalize by collapsing consecutive newlines and stripping leading newlines, making the snapshots consistent across all environments. Co-Authored-By: Claude <[email protected]> --------- Co-authored-by: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
WORKTRUNK_BOT_TOKENto checkout steps so git operations use the bot tokengithub_tokenparameter toclaude-code-actionso Claude's GitHub API calls use itThis fixes the issue where Claude's pushed commits don't trigger CI workflows.
GITHUB_TOKENis intentionally blocked from triggering workflows to prevent infinite loops, but PATs and bot tokens don't have this restriction.Test plan
🤖 Generated with Claude Code
Co-Authored-By: Claude [email protected]