Validate React on Rails 17 RC10 #4224
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | |
| on: | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| issues: | |
| types: [opened, assigned] | |
| pull_request_review: | |
| types: [submitted] | |
| jobs: | |
| authorize_claude_actor: | |
| if: | | |
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | |
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| authorized: ${{ steps.permission-gate.outputs.authorized }} | |
| steps: | |
| - name: Verify actor can run Claude | |
| id: permission-gate | |
| uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 | |
| with: | |
| script: | | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| const permissionByLogin = new Map(); | |
| function claudeRequester() { | |
| if ( | |
| context.eventName === 'issue_comment' || | |
| context.eventName === 'pull_request_review_comment' | |
| ) { | |
| return context.payload.comment?.user?.login; | |
| } | |
| if (context.eventName === 'pull_request_review') { | |
| return context.payload.review?.user?.login; | |
| } | |
| if (context.eventName === 'issues') { | |
| return context.payload.issue?.user?.login; | |
| } | |
| return null; | |
| } | |
| async function hasWriteAccessFor(username) { | |
| if (!username) { | |
| return false; | |
| } | |
| if (permissionByLogin.has(username)) { | |
| return permissionByLogin.get(username); | |
| } | |
| let hasWriteAccess = false; | |
| try { | |
| const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner, | |
| repo, | |
| username | |
| }); | |
| hasWriteAccess = ['admin', 'write'].includes(permission.permission); | |
| } catch (error) { | |
| core.warning( | |
| `Unable to verify ${username} write permission for Claude; ` + | |
| `treating the Claude request as untrusted: ${error.message || error}` | |
| ); | |
| } | |
| permissionByLogin.set(username, hasWriteAccess); | |
| return hasWriteAccess; | |
| } | |
| const actor = context.actor; | |
| const requester = claudeRequester(); | |
| if (!requester) { | |
| core.setOutput('authorized', 'false'); | |
| core.setFailed('Unable to run Claude because the requester could not be determined.'); | |
| return; | |
| } | |
| if (!(await hasWriteAccessFor(actor))) { | |
| core.setOutput('authorized', 'false'); | |
| core.setFailed(`Unable to run Claude because ${actor} does not have write/admin repository permission.`); | |
| return; | |
| } | |
| if (!(await hasWriteAccessFor(requester))) { | |
| core.setOutput('authorized', 'false'); | |
| core.setFailed( | |
| `Unable to run Claude because requester ${requester} does not have write/admin repository permission.` | |
| ); | |
| return; | |
| } | |
| core.setOutput('authorized', 'true'); | |
| core.info(`Authorized ${actor} and Claude requester ${requester} to run Claude.`); | |
| claude: | |
| needs: authorize_claude_actor | |
| if: needs.authorize_claude_actor.outputs.authorized == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| issues: read | |
| id-token: write | |
| actions: read # Required for Claude to read CI results on PRs | |
| checks: read | |
| statuses: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| env: | |
| CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| with: | |
| github_token: ${{ github.token }} | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # This is an optional setting that allows Claude to read CI results on PRs | |
| additional_permissions: | | |
| actions: read | |
| checks: read | |
| statuses: read | |
| # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. | |
| # prompt: 'Update the pull request description to include a summary of changes.' | |
| # Optional: Add claude_args to customize behavior and configuration | |
| # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md | |
| # or https://code.claude.com/docs/en/cli-reference for available options | |
| # claude_args: '--allowed-tools Bash(gh pr:*)' | |