diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index f7c8ee2..2b4b849 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -21,17 +21,26 @@ jobs: contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.pull_request.author_association) }} env: - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }} + HAS_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY != '' }} + HAS_ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL != '' }} + HAS_CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN != '' }} CLAUDE_MODEL: claude-sonnet-4-6 steps: - name: Skip when Claude secrets are not configured - if: ${{ env.ANTHROPIC_API_KEY == '' || env.ANTHROPIC_BASE_URL == '' }} + if: >- + ${{ + env.HAS_CLAUDE_CODE_OAUTH_TOKEN != 'true' && + (env.HAS_ANTHROPIC_API_KEY != 'true' || env.HAS_ANTHROPIC_BASE_URL != 'true') + }} run: echo "Claude Code review secrets are not configured; skipping Claude Code review." - name: Detect Claude review workflow changes id: claude-workflow-change - if: ${{ env.ANTHROPIC_API_KEY != '' && env.ANTHROPIC_BASE_URL != '' }} + if: >- + ${{ + env.HAS_CLAUDE_CODE_OAUTH_TOKEN == 'true' || + (env.HAS_ANTHROPIC_API_KEY == 'true' && env.HAS_ANTHROPIC_BASE_URL == 'true') + }} uses: actions/github-script@v8 with: script: | @@ -51,15 +60,61 @@ jobs: run: echo "Skipping Claude Code Review because this PR changes the review workflow itself." - name: Checkout repository - if: ${{ env.ANTHROPIC_API_KEY != '' && env.ANTHROPIC_BASE_URL != '' && steps.claude-workflow-change.outputs.self_changed != 'true' }} + if: >- + ${{ + ( + env.HAS_CLAUDE_CODE_OAUTH_TOKEN == 'true' || + (env.HAS_ANTHROPIC_API_KEY == 'true' && env.HAS_ANTHROPIC_BASE_URL == 'true') + ) && + steps.claude-workflow-change.outputs.self_changed != 'true' + }} uses: actions/checkout@v6 with: fetch-depth: 1 persist-credentials: false - - name: Run Claude Code review - if: ${{ env.ANTHROPIC_API_KEY != '' && env.ANTHROPIC_BASE_URL != '' && steps.claude-workflow-change.outputs.self_changed != 'true' }} + - name: Run Claude Code review with OAuth + if: ${{ env.HAS_CLAUDE_CODE_OAUTH_TOKEN == 'true' && steps.claude-workflow-change.outputs.self_changed != 'true' }} uses: anthropics/claude-code-action@v1 + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + track_progress: true + use_sticky_comment: true + exclude_comments_by_actor: MapleEve,github-actions,codecov,sourcery-ai,copilot-pull-request-reviewer + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + Review this pull request using REVIEW.md as the review-only guide. + Focus on actionable VoScript risks: + - Privacy and security leaks + - Model lifecycle races and GPU/CPU fallback behavior + - HTTP API compatibility + - Regression-test coverage + - Synchronized English/Chinese documentation + + The PR branch is already checked out in the current working directory. + Post feedback only through the official Claude Code Action GitHub integration. + Do not use the GitHub CLI and do not use a user-owned GitHub token. + If the official Claude GitHub App integration is unavailable, fail instead of posting as the repository owner. + If there are no actionable findings, post the standard no-findings confirmation through the action integration. + Avoid formatting-only comments. + + claude_args: | + --model ${{ env.CLAUDE_MODEL }} + --max-turns 30 + + - name: Run Claude Code review with API key + if: >- + ${{ + env.HAS_CLAUDE_CODE_OAUTH_TOKEN != 'true' && + env.HAS_ANTHROPIC_API_KEY == 'true' && + env.HAS_ANTHROPIC_BASE_URL == 'true' && + steps.claude-workflow-change.outputs.self_changed != 'true' + }} + uses: anthropics/claude-code-action@v1 + env: + ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }} with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} track_progress: true