From 1ba1af296ee0d2896446ba8114923ce7ece99954 Mon Sep 17 00:00:00 2001 From: Ned Twigg Date: Wed, 11 Jun 2025 14:33:05 -0700 Subject: [PATCH 1/2] Add Claude PR Assistant workflow --- .github/workflows/claude.yml | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/claude.yml diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml new file mode 100644 index 0000000000..bcd8ef5933 --- /dev/null +++ b/.github/workflows/claude.yml @@ -0,0 +1,37 @@ +name: Claude Code + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request_review: + types: [submitted] + +jobs: + claude: + if: | + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: read + issues: read + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code + id: claude + uses: anthropics/claude-code-action@beta + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + From ee7ef70e2cd717e0d40e5365f87fdee5f6b3f25c Mon Sep 17 00:00:00 2001 From: ntwigg Date: Wed, 11 Jun 2025 14:39:50 -0700 Subject: [PATCH 2/2] Update claude.yml so that only members of team Spotless can do `@claude`. --- .github/workflows/claude.yml | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index bcd8ef5933..4608a4c6bb 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -11,12 +11,39 @@ on: types: [submitted] jobs: + check-team-membership: + runs-on: ubuntu-latest + outputs: + is-team-member: ${{ steps.check-membership.outputs.is-member }} + steps: + - name: Check team membership + id: check-membership + uses: actions/github-script@v7 + with: + script: | + try { + const { data } = await github.rest.teams.getMembershipForUserInOrg({ + org: 'diffplug', + team_slug: 'spotless', + username: github.event.sender.login + }); + console.log(`User ${github.event.sender.login} membership status: ${data.state}`); + return data.state === 'active'; + } catch (error) { + console.log(`User ${github.event.sender.login} is not a member of the Spotless team`); + return false; + } + claude: + needs: check-team-membership if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + needs.check-team-membership.outputs.is-team-member == 'true' && + ( + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + ) runs-on: ubuntu-latest permissions: contents: read