ci(pr-review): add checkout step for skill definitions access by chambridge · Pull Request #252 · ambient-code/agentready

chambridge · 2026-01-15T00:16:55Z

Description

Add actions/checkout@v4 before claude-code-action to enable access to .claude/commands/ skill definitions. Uses base.sha (not head.sha) for security - this ensures skill definitions come from the trusted main branch, not from potentially malicious fork PRs.

Type of Change

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Documentation update
Refactoring (no functional changes)
Performance improvement
Test coverage improvement

Related Issues

Fixes the "Unknown skill: review-agentready" error seen in Claude Code Review workflow runs.
https://github.com/ambient-code/agentready/actions/runs/21011220924

Changes Made

Added checkout step to .github/workflows/pr-review-auto-fix.yml before claude-code-action runs
Uses actions/checkout@v4 to clone the repository
Checks out base branch (base.sha) instead of PR head for security
- Ensures .claude/commands/ skill definitions come from trusted main branch
- Prevents malicious fork PRs from injecting poisoned skill files
Fixes "Unknown skill: review-agentready" error that occurred because Claude couldn't access the skill definition file without a checkout step

Testing

Unit tests pass (pytest)
Integration tests pass
Manual testing performed
No new warnings or errors

Checklist

My code follows the project's code style
I have performed a self-review of my own code
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
My changes generate no new warnings
I have added tests that prove my fix is effective or that my feature works
New and existing unit tests pass locally with my changes
Any dependent changes have been merged and published

Screenshots (if applicable)

Additional Notes

Add actions/checkout@v4 before claude-code-action to enable access to .claude/commands/ skill definitions. Uses base.sha (not head.sha) for security - this ensures skill definitions come from the trusted main branch, not from potentially malicious fork PRs. Fixes the "Unknown skill: review-agentready" error seen in Claude Code Review workflow runs. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Chris Hambridge <chambrid@redhat.com>

Add settings block to claude-code-action configuration to allow gh pr, gh issue, gh search, and git commands during code review. This enables the review skill to interact with GitHub APIs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Chris Hambridge <chambrid@redhat.com>

github-actions · 2026-01-15T05:27:11Z

🎉 This PR is included in version 2.22.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

…t-code#252) * ci(pr-review): add checkout step for skill definitions access Add actions/checkout@v4 before claude-code-action to enable access to .claude/commands/ skill definitions. Uses base.sha (not head.sha) for security - this ensures skill definitions come from the trusted main branch, not from potentially malicious fork PRs. Fixes the "Unknown skill: review-agentready" error seen in Claude Code Review workflow runs. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Chris Hambridge <chambrid@redhat.com> * ci(pr-review): add inline settings for gh and git command permissions Add settings block to claude-code-action configuration to allow gh pr, gh issue, gh search, and git commands during code review. This enables the review skill to interact with GitHub APIs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Chris Hambridge <chambrid@redhat.com> --------- Signed-off-by: Chris Hambridge <chambrid@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>

* ci(pr-review): add checkout step for skill definitions access Add actions/checkout@v4 before claude-code-action to enable access to .claude/commands/ skill definitions. Uses base.sha (not head.sha) for security - this ensures skill definitions come from the trusted main branch, not from potentially malicious fork PRs. Fixes the "Unknown skill: review-agentready" error seen in Claude Code Review workflow runs. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Chris Hambridge <chambrid@redhat.com> * ci(pr-review): add inline settings for gh and git command permissions Add settings block to claude-code-action configuration to allow gh pr, gh issue, gh search, and git commands during code review. This enables the review skill to interact with GitHub APIs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Chris Hambridge <chambrid@redhat.com> --------- Signed-off-by: Chris Hambridge <chambrid@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>

chambridge and others added 2 commits January 14, 2026 19:13

jeremyeder merged commit aa2fb78 into ambient-code:main Jan 15, 2026
10 checks passed

github-actions Bot added the released label Jan 15, 2026

chambridge deleted the ci/add-checkout-for-claude-review branch January 15, 2026 13:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(pr-review): add checkout step for skill definitions access#252

ci(pr-review): add checkout step for skill definitions access#252
jeremyeder merged 2 commits intoambient-code:mainfrom
chambridge:ci/add-checkout-for-claude-review

chambridge commented Jan 15, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jan 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

chambridge commented Jan 15, 2026

Description

Type of Change

Related Issues

Changes Made

Testing

Checklist

Screenshots (if applicable)

Additional Notes

Uh oh!

Uh oh!

github-actions Bot commented Jan 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants