Pin anthropics/claude-code-action to v1.0.88 to work around upstream ENOENT/tsconfig regression#106
Merged
Merged
Conversation
…ink/tsconfig regression Agent-Logs-Url: https://github.com/0xferit/manuscript-decentralized-curation/sessions/b15036b1-e282-41ae-8078-8f1fb6e010a4 Co-authored-by: 0xferit <3106907+0xferit@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix GitHub Actions job failure in claude-code-action
Pin anthropics/claude-code-action to v1.0.88 to work around upstream ENOENT/tsconfig regression
Apr 20, 2026
claude-code-action exchanges the workflow OIDC token for a GitHub App installation token; the server-side exchange rejects actors without repo write access (401). The allowed_bots input is the intended escape hatch, but v1.0.88 has a client-side bug that crashes on actors without a "[bot]" login suffix (Copilot's login is "Copilot"), before allowed_bots is honored. Tracked in anthropics/claude-code-action#1133; fix PRs #1144 and #1213 are unmerged as of the v1.0.88 tag. Skipped jobs count as success for branch protection, so this removes the red X on bot-authored PRs without compromising actual review for human-authored PRs. Remove this guard once the pin is lifted and allowed_bots starts working for non-"[bot]"-suffix actors.
Owner
|
Tracking follow-up for re-enabling claude-review on bot-authored PRs: #107. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR stabilizes the repository’s Claude automation by pinning anthropics/claude-code-action to a known-good release (v1.0.88) to avoid an upstream regression, and adds a temporary job-level guard to prevent failures on bot-authored PRs.
Changes:
- Pin
anthropics/claude-code-actionto commit1eddb334cfa79fdb21ecbe2180ca1a016e8e7d47(v1.0.88) in both Claude workflows, with inline context and upstream issue references. - Add a job-level
if:condition inclaude-code-review.ymlto skip running on PRs authored byCopilotanddependabot[bot].
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
.github/workflows/claude.yml |
Pins anthropics/claude-code-action to v1.0.88 with inline rationale to avoid the v1.0.89 regression. |
.github/workflows/claude-code-review.yml |
Adds a bot-author skip guard for the claude-review job and pins the action to v1.0.88 with upstream references. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
Claude Code Reviewworkflow fails on every PR. This PR addresses two stacked failure modes:1. ENOENT / tsconfig.json regression in
v1.0.89Per upstream anthropics/claude-code-action#1187, #1205, and #1220,
v1.0.89introduced a regression wherecpSyncinrestoreConfigFromBasecrashes on symlinked sensitive paths and leaks an fd that surfaces as a secondarytsconfig.json"directory mismatch" error. Upstream recommends pinning tov1.0.88..github/workflows/claude-code-review.yml: replaceanthropics/claude-code-action@v1with the SHA forv1.0.88..github/workflows/claude.yml: same pin (same action, same bug).2. 401 on bot-authored PRs (surfaced after the pin)
With v1.0.88 in place, the ENOENT error is gone, but the job now fails at the next step for bot-authored PRs:
claude-code-actionexchanges the workflow's OIDC token for a GitHub App installation token via Anthropic's server; the exchange gates on the OIDC actor's repo permissions. Theallowed_botsinput exists to let specific bots through without repo write, but v1.0.88 has a client-side bug (#1133; fix PRs #1144 / #1213 unmerged) that crashes on actors without a[bot]suffix. Copilot's actor login isCopilot(no suffix), soallowed_botscan't help here.As a targeted workaround, gate the
claude-reviewjob on anif:that skips forCopilotanddependabot[bot]. Skipped jobs report as success for branch-protection purposes.Follow-up
Unpin and remove the
if:guard once the first upstream release containing the fix for #1133/#1144/#1213 ships. A tracking issue will be opened alongside this PR.