Update claude code github actions

[123vivekr]

No description provided.

[claude]

Code Review

Summary

This PR updates the Claude Code GitHub Actions workflows from beta to v1, streamlining configuration and removing unnecessary commented examples. The changes are generally positive and follow best practices.

✅ Strengths

1. Version Update: Migration from @beta to @v1 is appropriate for a stable release
2. Code Cleanup: Removal of extensive commented examples improves readability
3. Improved Configuration: The new claude_args approach is cleaner than inline configuration
4. Permission Enhancement: Added actions: read permission in .github/workflows/claude.yml enables Claude to read CI results

📝 Code Quality & Best Practices

Good:

• Consistent formatting (whitespace cleanup on lines 20, 24)
• Simplified parameter structure (direct_prompt → prompt)
• Clear separation of concerns with claude_args
• Added helpful documentation links

Suggestions:

1. PR Title: Should follow repository conventions with a prefix like "Improve: Update claude code github actions" per CONTRIBUTING.md:18-24
2. PR Description: Currently empty. Should include:
   • What changed (beta → v1)
   • Why (stable release, cleaner config)
   • Any breaking changes or migration notes

🐛 Potential Issues

1. Model Specification Removal (.github/workflows/claude.yml:35)

   • The PR removes "model: claude-opus-4-20250514" from claude.yml
   • But keeps it commented in claude-code-review.yml
   • Question: Was this intentional? If the main workflow previously used Opus 4, removing it means defaulting to Sonnet 4. Ensure this is the desired behavior.

2. Allowed Tools Scope

   • .github/workflows/claude-code-review.yml:55 restricts tools to only gh commands
   • This is appropriate for automated reviews, but verify this doesn't prevent legitimate review activities (e.g., reading files, running tests if needed)

🔒 Security Concerns

Positive:

• Permissions remain properly scoped with least-privilege principle
• No secrets are exposed or mishandled
• The allowed_tools restriction in review workflow is a good security practice

Consider:

• The automated review workflow runs on pull_request trigger. Verify that secrets.ANTHROPIC_API_KEY is available for PRs from forks if that's intended, or if this should be limited to same-repo PRs only

⚡ Performance Considerations

• Minimal performance impact
• The streamlined configuration should reduce workflow startup overhead slightly
• No blocking or resource-intensive operations introduced

🧪 Test Coverage

Gap Identified:

• No tests verify these workflow changes
• Recommendation: After merging, monitor the next few PRs to ensure:
  1. Claude Code Review workflow triggers correctly
  2. The gh pr comment functionality works as expected
  3. The main Claude workflow functions properly without the explicit model specification

📋 Action Items

1. ✏️ Update PR title to include appropriate prefix per CONTRIBUTING.md
2. 📄 Add PR description explaining the changes
3. ✅ Confirm the model removal in claude.yml is intentional
4. 🧪 Test the workflows after merging on a real PR

Overall Assessment

Verdict: ✅ Approve with minor suggestions

This is a solid maintenance PR that modernizes the Claude Code Actions integration. The changes are low-risk and improve code maintainability. The only concerns are documentation (PR title/description) and clarifying the model specification removal.

Great work simplifying the configuration!