chore(deps): update anthropics/claude-code-action action to v1.0.131

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
anthropics/claude-code-action	action	patch	v1.0.128 → v1.0.131	v1.0.133 (+1)

---

Release Notes

anthropics/claude-code-action (anthropics/claude-code-action)

v1.0.131

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.131

v1.0.130

Compare Source

What's Changed

• Add Workload Identity Federation (OIDC) authentication support by @​ashwin-ant in #​1338

Full Changelog: anthropics/claude-code-action@v1...v1.0.130

v1.0.129

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.129

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

v1.0.129 (No notable changes documented)

v1.0.130 — Primary feature addition:

• New feature: Workload Identity Federation (OIDC) authentication support (PR chore(deps): update dependency prettier to v3.8.1 #1338)
  • Allows GitHub Actions workflows to authenticate to Claude API using short-lived OIDC tokens instead of static API keys
  • Automatic token refresh every 4 minutes for long-running executions
  • 5 new optional inputs: anthropic_federation_rule_id, anthropic_organization_id, anthropic_service_account_id, anthropic_workspace_id, anthropic_oidc_audience
  • Requires id-token: write permission only when using federation auth
  • Fully backward-compatible: existing claude_code_oauth_token / anthropic_api_key authentication takes precedence and continues to work unchanged

v1.0.131 (No notable changes documented)

Breaking changes: None

🎯 Impact Scope Investigation

The action is used in 3 locations in this codebase:

1. .github/workflows/claude.yml:35 — Interactive Claude assistant (triggered by @claude mentions)
2. .github/workflows/ci.yml:267 — Content review job
3. .github/workflows/ci.yml:356 — Code review job

All 3 usages authenticate via claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}, which is the static credential method. Per the updated action's authentication precedence, static credentials take priority over the new OIDC federation method — so existing behavior is completely unaffected.

The workflows already include id-token: write permission (present before this update), so no permission changes are needed.

Impact on other dependencies: None.

💡 Recommended Actions

• No migration steps required
• No configuration changes needed
• The update is a straightforward patch bump — merge as-is
• Optionally: adopt the new OIDC federation authentication in the future to eliminate the need for storing CLAUDE_CODE_OAUTH_TOKEN as a long-lived secret

🔗 Reference Links

• v1.0.130 Release Notes
• PR #1338: Add Workload Identity Federation (OIDC) authentication support
• v1.0.131 Release Notes

Generated by koki-develop/claude-renovate-review