claude-code-review: run on Claude-bot pushes#900
Open
d-morrison wants to merge 3 commits into
Open
Conversation
The job `if:` and mirrored `concurrency.cancel-in-progress` expression skipped every bot-actor push (generic `endsWith(actor, '[bot]')` / `sender.type == 'Bot'` rule). That silently excluded Claude's own commits: Claude Code on the web and the @claude agent commit as the `claude` user account, and Claude GitHub App pushes surface as `claude[bot]` — exactly the AI-authored diffs we most want reviewed. Add explicit clauses so actor `claude` / `claude[bot]` pushes trigger a review. Recursion-safe: the reviewer is review-only (the `--disallowedTools Bash(git commit:*) …` list means it can never commit or push), so it can never fire a self-triggering `synchronize`; and the @claude agent pushes via GITHUB_TOKEN, which never fires `synchronize` (claude.yml dispatches the review explicitly). Both expressions kept in sync per the existing invariant.
Owner
Author
|
@claude review |
Contributor
|
👀 Picked up by workflow run #27191708084. R/Quarto/renv setup runs first (~3-5 min); Claude itself responds after that. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Make the Claude Code Review workflow (
.github/workflows/claude-code-review.yml) run on Claude-bot commits, which it was silently skipping.Why
The job
if:(and the mirroredconcurrency.cancel-in-progressexpression) skipped every bot-actor push via the genericendsWith(github.actor, '[bot]')/github.event.sender.type == 'Bot'rule. That rule was added to stop other bots' pushes from triggering reviews, but it also excluded Claude's own commits — which are exactly the AI-authored diffs we most want a second pass over.Inspecting recent Claude-authored commits in this repo, they are committed under:
claudeuser account (loginclaude, id81847,noreply@anthropic.com) — used by Claude Code on the web and the@claudeagent, andclaude[bot]when a push goes through the Claude GitHub App.Both forms were being filtered out, so a Claude push to a PR left it stuck on whatever verdict existed before.
Change
Add two clauses to both the job
if:and theconcurrency.cancel-in-progressexpression (kept identical, per the existing in-sync invariant):Why this is recursion-safe
The original bot filter existed partly to avoid the self-trigger / frozen-comment loop documented in the concurrency comment (PR #809). Letting Claude-bot pushes through does not reintroduce it:
--disallowedTools "Bash(git commit:*)" …list means the reviewer can never commit, hence never push, hence can never fire asynchronizeevent that re-triggers itself.@claudeagent's own commits are pushed withGITHUB_TOKEN, which by design does not firesynchronize(claude.ymldispatches this workflow explicitly viaworkflow_dispatchinstead), so those are not double-reviewed.The load-bearing comments in both spots were updated to explain the exception and the safety argument.
Verification
python3 -c "import yaml; ..."parses the workflow and confirms theif:andcancel-in-progressexpressions are byte-identical (the comments require them to stay in sync).Per CLAUDE.md, this is a
.github/CI/infra-only change kept in its own dedicated PR (no book content touched).Known CI note —
claude-reviewcheck fails on this PR (expected)The
claude-reviewcheck fails here with:This is inherent to editing
claude-code-review.ymlitself, not a defect in this change.anthropics/claude-code-action's OIDC app-token exchange requires the workflow file on the PR branch to be byte-identical to the one on the default branch (a guard against a PR modifying the workflow to exfiltrate the app token). Any PR that touches this workflow trips it. It clears automatically once this merges tomain(then branch == default). The fix cannot be applied on the PR without reverting the change.https://claude.ai/code/session_01ER1dFrUPTjaHeL3n7Yy7qG