From 19896e9a28cf214c01f99b7fc17574ff4b98186a Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Sun, 17 Aug 2025 14:07:10 +0900 Subject: [PATCH 1/2] feat(ci): enable Claude experimental review mode - Enable experimental review mode in claude-review.yml - Add trigger for @claude review comments on PRs - Add synchronize event trigger for updated PRs - Enhance permissions for pull request and issue comments - Improve review focus on code quality, security, and best practices - Use GitHub suggestion format for proposed code changes --- .github/workflows/claude-review.yml | 47 ++++++++++++++++++----------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index e02060ea2..de6b7098a 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -2,31 +2,44 @@ name: Claude Auto review PRs on: pull_request: - types: [opened] + types: [opened, synchronize] + issue_comment: + types: [created] jobs: - auto-review: + code-review: + # Run on PR events, or when someone comments "@claude review" on a PR + if: | + github.event_name == 'pull_request' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@claude review')) + runs-on: ubuntu-latest permissions: contents: read + pull-requests: write + issues: write id-token: write - runs-on: ubuntu-latest - steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 with: - fetch-depth: 1 + fetch-depth: 0 # Full history for better diff analysis - - name: Auto review PR - uses: anthropics/claude-code-action@4f4f43f0444d2d14cf449afc644f13facd71ebc4 # ratchet:anthropics/claude-code-action@main + - name: Code Review with Claude + uses: anthropics/claude-code-action@78b07473f50218c6494719ef164ed1ebd31da25c # ratchet:anthropics/claude-code-action@main with: - direct_prompt: | - Please review this PR. Look at the changes and provide thoughtful feedback on: - - Code quality and best practices - - Potential bugs or issues - - Suggestions for improvements - - Overall architecture and design decisions - - Be constructive and specific in your feedback. Give inline comments where applicable. + mode: experimental-review anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - allowed_tools: "mcp__github__create_pending_pull_request_review,mcp__github__add_pull_request_review_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff" + # github_token not needed - uses default GITHUB_TOKEN for GitHub operations + timeout_minutes: "30" + custom_instructions: | + Focus on: + - Code quality and maintainability + - Security vulnerabilities + - Performance issues + - Best practices and design patterns + - Test coverage gaps + + Be constructive and provide specific suggestions for improvements. + Use GitHub's suggestion format when proposing code changes. From 33d44a1faaae17068812baee5ec35847b69c5ead Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Sun, 17 Aug 2025 14:07:50 +0900 Subject: [PATCH 2/2] ci: update GitHub Actions dependencies via Ratchet Update pinned action versions across workflow files: - actions/checkout to 08eba0b27e820071cde6df949e0beb9ba4906955 - github/codeql-action to df559355d593797519d70b90fc8edd5db049e7a2 - anthropics/claude-code-action to 78b07473f50218c6494719ef164ed1ebd31da25c - stefanzweifel/git-auto-commit-action to 3ea6ae190baf489ba007f7c92608f33ce20ef04a - crate-ci/typos to a67079b4ae32e18c3f53d75368c52ce53b5fb56b - Various Homebrew and other actions to latest commits These updates improve security with latest verified action versions. --- .github/workflows/ci.yml | 34 +++++++++++++-------------- .github/workflows/claude.yml | 4 ++-- .github/workflows/codeql.yml | 6 ++--- .github/workflows/docker.yml | 2 +- .github/workflows/homebrew.yml | 6 ++--- .github/workflows/pack-repository.yml | 4 ++-- .github/workflows/ratchet-verify.yml | 2 +- .github/workflows/test-action.yml | 2 +- 8 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6671fe874..266f819c9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -86,7 +86,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -102,7 +102,7 @@ jobs: name: Lint GitHub Actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: rhysd/actionlint@4e683ab8014a63fafa117492a0c6053758e6d593 # ratchet:rhysd/actionlint@v1.7.3 with: args: "-color" @@ -111,8 +111,8 @@ jobs: name: Check typos runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 - - uses: crate-ci/typos@52bd719c2c91f9d676e2aa359fc8e0db8925e6d8 # ratchet:crate-ci/typos@master + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 + - uses: crate-ci/typos@a67079b4ae32e18c3f53d75368c52ce53b5fb56b # ratchet:crate-ci/typos@master test: name: Test @@ -122,7 +122,7 @@ jobs: node-version: [20.x, 21.x, 22.x, 23.x, 24.x] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: @@ -141,7 +141,7 @@ jobs: bun-version: [latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Setup Bun ${{ matrix.bun-version }} uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # ratchet:oven-sh/setup-bun@v2 with: @@ -155,7 +155,7 @@ jobs: name: Test coverage runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -180,7 +180,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -200,7 +200,7 @@ jobs: node-version: [20.x, 21.x, 22.x, 23.x, 24.x] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: @@ -227,7 +227,7 @@ jobs: bun-version: [latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Setup Bun ${{ matrix.bun-version }} uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # ratchet:oven-sh/setup-bun@v2 with: @@ -250,14 +250,14 @@ jobs: runs-on: ubuntu-latest if: ${{ github.ref == 'refs/heads/main' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions cache: npm - run: npm ci - run: npm run website-generate-schema - - uses: stefanzweifel/git-auto-commit-action@01d77ca6cb089da1360e540865f7d035c95aa199 # ratchet:stefanzweifel/git-auto-commit-action@v4 + - uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # ratchet:stefanzweifel/git-auto-commit-action@v4 with: commit_message: 'chore(schema): auto generate schema' commit_user_name: "github-actions[bot]" diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 2b3b61573..c64983a3e 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -25,12 +25,12 @@ jobs: id-token: write steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 with: fetch-depth: 1 - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@4f4f43f0444d2d14cf449afc644f13facd71ebc4 # ratchet:anthropics/claude-code-action@main + uses: anthropics/claude-code-action@78b07473f50218c6494719ef164ed1ebd31da25c # ratchet:anthropics/claude-code-action@main with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1e30c57a5..5bf1a9270 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,11 +26,11 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # ratchet:github/codeql-action/init@v3 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # ratchet:github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -46,6 +46,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # ratchet:github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # ratchet:github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9e118357b..491af93cc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Docker metadata id: meta diff --git a/.github/workflows/homebrew.yml b/.github/workflows/homebrew.yml index 5a3fb28c1..a3251be4e 100644 --- a/.github/workflows/homebrew.yml +++ b/.github/workflows/homebrew.yml @@ -10,15 +10,15 @@ jobs: runs-on: macos-latest steps: - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@b3fb6f7cb1475434d4285b90020c2aa51f1e0b12 # ratchet:Homebrew/actions/setup-homebrew@master + uses: Homebrew/actions/setup-homebrew@87d3af7a72e5ede081b6dafce1798551a74fb366 # ratchet:Homebrew/actions/setup-homebrew@master with: test-bot: false - name: Configure Git user - uses: Homebrew/actions/git-user-config@b3fb6f7cb1475434d4285b90020c2aa51f1e0b12 # ratchet:Homebrew/actions/git-user-config@master + uses: Homebrew/actions/git-user-config@87d3af7a72e5ede081b6dafce1798551a74fb366 # ratchet:Homebrew/actions/git-user-config@master - name: Bump packages - uses: Homebrew/actions/bump-packages@b3fb6f7cb1475434d4285b90020c2aa51f1e0b12 # ratchet:Homebrew/actions/bump-packages@master + uses: Homebrew/actions/bump-packages@87d3af7a72e5ede081b6dafce1798551a74fb366 # ratchet:Homebrew/actions/bump-packages@master with: token: ${{ secrets.COMMITTER_TOKEN }} formulae: repomix diff --git a/.github/workflows/pack-repository.yml b/.github/workflows/pack-repository.yml index e32624d24..bd259a61f 100644 --- a/.github/workflows/pack-repository.yml +++ b/.github/workflows/pack-repository.yml @@ -12,10 +12,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Pack repository with Repomix - uses: yamadashy/repomix/.github/actions/repomix@f5104d18a613daff38ffc2b7d0cf416252d77000 # ratchet:yamadashy/repomix/.github/actions/repomix@main + uses: yamadashy/repomix/.github/actions/repomix@5cd37d6a032d785af5e6c1addb982d48dbeee315 # ratchet:yamadashy/repomix/.github/actions/repomix@main with: output: repomix-output.xml diff --git a/.github/workflows/ratchet-verify.yml b/.github/workflows/ratchet-verify.yml index e9c8e918b..abd0a9a59 100644 --- a/.github/workflows/ratchet-verify.yml +++ b/.github/workflows/ratchet-verify.yml @@ -6,7 +6,7 @@ jobs: ratchet: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # ratchet:actions/setup-go@v5 with: go-version: stable diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 53bc9b86e..eb42f2fe8 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -21,7 +21,7 @@ jobs: - node-version: 22 test-case: "full" steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Run Repomix Action (Minimal) if: matrix['test-case'] == 'minimal'