|
|
name: Claude Review |
|
|
|
|
|
on: |
|
|
issue_comment: |
|
|
types: [created] |
|
|
pull_request_review_comment: |
|
|
types: [created] |
|
|
issues: |
|
|
types: [opened, assigned] |
|
|
pull_request_review: |
|
|
types: [submitted] |
|
|
|
|
|
jobs: |
|
|
validation: |
|
|
name: Validation |
|
|
runs-on: ubuntu-24.04 |
|
|
permissions: |
|
|
contents: read |
|
|
outputs: |
|
|
should_comment: ${{ steps.validate.outputs.should_comment }} |
|
|
|
|
|
steps: |
|
|
- name: Check GitHub event |
|
|
id: check-github-event |
|
|
env: |
|
|
_EVENT_NAME: ${{ github.event_name }} |
|
|
_COMMENT_BODY: ${{ github.event.comment.body }} |
|
|
_REVIEW_BODY: ${{ github.event.review.body }} |
|
|
_ISSUE_BODY: ${{ github.event.issue.body }} |
|
|
run: | |
|
|
# Check if @claude is mentioned in the event |
|
|
MENTIONED=false |
|
|
|
|
|
if [ "$_EVENT_NAME" == "issue_comment" ] && echo "$_COMMENT_BODY" | grep -qF "@claude"; then |
|
|
MENTIONED=true |
|
|
elif [ "$_EVENT_NAME" == "pull_request_review_comment" ] && echo "$_COMMENT_BODY" | grep -qF "@claude"; then |
|
|
MENTIONED=true |
|
|
elif [ "$_EVENT_NAME" == "pull_request_review" ] && echo "$_REVIEW_BODY" | grep -qF "@claude"; then |
|
|
MENTIONED=true |
|
|
elif [ "$_EVENT_NAME" == "issues" ] && echo "$_ISSUE_BODY" | grep -qF "@claude"; then |
|
|
MENTIONED=true |
|
|
fi |
|
|
|
|
|
if [ "$MENTIONED" = "true" ]; then |
|
|
echo "claude_mentioned=true" >> $GITHUB_OUTPUT |
|
|
echo "✅ Validation: @claude mentioned in event" |
|
|
else |
|
|
echo "claude_mentioned=false" >> $GITHUB_OUTPUT |
|
|
echo "⏭️ Validation: @claude not mentioned - skipping" |
|
|
fi |
|
|
|
|
|
- name: Check for Azure credentials |
|
|
id: check-azure-secret |
|
|
env: |
|
|
_AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
|
|
_AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} |
|
|
_AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} |
|
|
run: | |
|
|
if [ -n "$_AZURE_SUBSCRIPTION_ID" ] && [ -n "$_AZURE_TENANT_ID" ] && [ -n "$_AZURE_CLIENT_ID" ]; then |
|
|
echo "credentials_valid=true" >> $GITHUB_OUTPUT |
|
|
echo "✅ Validation: Azure credentials available" |
|
|
else |
|
|
echo "credentials_valid=false" >> $GITHUB_OUTPUT |
|
|
echo "⚠️ Validation: Azure credentials not available" |
|
|
echo "This is expected for external contributors or forks" |
|
|
fi |
|
|
|
|
|
- name: Set validation result |
|
|
id: validate |
|
|
run: | |
|
|
if [ "${{ steps.check-github-event.outputs.claude_mentioned }}" == "true" ] && \ |
|
|
[ "${{ steps.check-azure-secret.outputs.credentials_valid }}" == "true" ]; then |
|
|
echo "should_comment=true" >> $GITHUB_OUTPUT |
|
|
echo "✅ Validation passed - comment will proceed" |
|
|
else |
|
|
echo "should_comment=false" >> $GITHUB_OUTPUT |
|
|
echo "⚠️ Validation failed - comment will be skipped" |
|
|
fi |
|
|
|
|
|
comment: |
|
|
name: Claude comment |
|
|
runs-on: ubuntu-24.04 |
|
|
needs: validation |
|
|
if: needs.validation.outputs.should_comment == 'true' |
|
|
permissions: |
|
|
contents: write |
|
|
pull-requests: write |
|
|
issues: write |
|
|
id-token: write |
|
|
actions: read |
|
|
|
|
|
steps: |
|
|
- name: Check out repo |
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
|
|
with: |
|
|
fetch-depth: 1 |
|
|
|
|
|
- name: Log in to Azure |
|
|
uses: bitwarden/gh-actions/azure-login@main |
|
|
with: |
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }} |
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }} |
|
|
|
|
|
- name: Get Azure Key Vault secrets |
|
|
id: get-kv-secrets |
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main |
|
|
with: |
|
|
keyvault: gh-org-bitwarden |
|
|
secrets: "ANTHROPIC-API-KEY" |
|
|
|
|
|
- name: Log out from Azure |
|
|
uses: bitwarden/gh-actions/azure-logout@main |
|
|
|
|
|
- name: Run Claude Code |
|
|
id: claude |
|
|
uses: anthropics/claude-code-action@e8bad572273ce919ba15fec95aef0ce974464753 # v1.0.13 |
|
|
with: |
|
|
anthropic_api_key: ${{ steps.get-kv-secrets.outputs.ANTHROPIC-API-KEY }}
|
|
|
|
