Skip to content

Use centralized Claude Code Review workflow#109

Closed
justin808 wants to merge 1 commit intomainfrom
jg/use-centralized-review-workflow
Closed

Use centralized Claude Code Review workflow#109
justin808 wants to merge 1 commit intomainfrom
jg/use-centralized-review-workflow

Conversation

@justin808
Copy link
Copy Markdown
Member

@justin808 justin808 commented Feb 9, 2026
edited by coderabbitai Bot
Loading

Summary

  • Replaces the inline Claude Code Review workflow with a call to the shared reusable workflow in shakacode/.github
  • Removes the hardcoded --model claude-sonnet-4-5-20250929 — uses Claude Code's default model (currently Opus 4.6)
  • Future model or config changes only need to be made in one place

Dependencies

Test plan

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated internal CI/CD workflow configuration to use an optimized external workflow setup, improving development infrastructure maintainability.

@justin808 @claude
Use centralized Claude Code Review workflow
68f0dea 
Replace the inline review config with a call to the shared reusable
workflow in shakacode/.github. This removes the hardcoded model
so reviews use Claude Code's default.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings February 9, 2026 00:41
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Feb 9, 2026
edited
Loading

Walkthrough

The CLAUDE code review workflow has been refactored to delegate responsibility to a reusable external workflow maintained in shakacode/.github instead of managing the configuration inline. This change reduces workflow complexity by 46 lines while maintaining functionality.

Changes

Cohort / File(s) Summary
Workflow Configuration
.github/workflows/claude-code-review.yml		 Replaced verbose inline CLAUDE setup with external reusable workflow reference from shakacode/.github. Simplified configuration by delegating job logic, steps, and permissions management.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A workflow once tangled in lines forty-nine,
Now delegates cleanly to shakacode's design.
Three lines of grace, where verbosity lay,
External wisdom guides the CLAUDE code review way!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Use centralized Claude Code Review workflow' directly and clearly describes the main change: replacing an inline workflow with a centralized reusable workflow from shakacode/.github.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch jg/use-centralized-review-workflow

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments
.github/workflows/claude-code-review.yml (1)

9-11: Consider pinning the reusable workflow to a commit SHA instead of @main.

Referencing @main means any push to the shared repo's main branch immediately affects this workflow, including potentially breaking or malicious changes. GitHub recommends pinning reusable workflows to a full commit SHA for supply-chain safety (e.g., @<commit-sha>), with a comment noting the version. Since this is within the same org, the risk is lower, and the convenience of auto-updating is the stated goal — so this is a tradeoff worth acknowledging rather than a blocker.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR centralizes the Claude Code Review GitHub Actions workflow by replacing the repository-local, inline workflow definition with a call to the shared reusable workflow in shakacode/.github, aiming to make future model/config updates happen in one place.

Changes:

  • Replaced the inline anthropics/claude-code-action job with a reusable workflow call.
  • Removed the hardcoded Claude model argument, relying on the shared workflow/default model configuration.
  • Passed CLAUDE_CODE_OAUTH_TOKEN into the reusable workflow via secrets.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/claude-code-review.yml
# or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
claude_args: '--model claude-sonnet-4-5-20250929 --allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

uses: shakacode/.github/.github/workflows/claude-code-review.yml@main
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using shakacode/.github/...@main means this repo’s workflow behavior can change without any change in this repository (and can be impacted by a compromise of that branch). Prefer pinning to a tag or commit SHA for supply-chain safety and reproducibility, updating intentionally when you want changes.

Suggested change
uses: shakacode/.github/.github/workflows/claude-code-review.yml@main
uses: shakacode/.github/.github/workflows/claude-code-review.yml@4f3c2b1a0d9e8f7c6b5a49382716e5d4c3b2a1f

Copilot uses AI. Check for mistakes.
Comment thread .github/workflows/claude-code-review.yml
# - "src/**/*.jsx"

jobs:
claude-review:
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reusable workflow will run with the caller workflow’s GITHUB_TOKEN permissions. This workflow no longer sets explicit permissions (the previous inline job did), so the called workflow may not be able to request an OIDC token (id-token: write) or post PR comments (pull-requests: write) depending on repo defaults. Recommend adding an explicit permissions: block (either at workflow top-level or under this job) matching what the reusable workflow needs (see .github/workflows/claude.yml for the permissions previously required).

Suggested change
claude-review:
claude-review:
permissions:
id-token: write
pull-requests: write

Copilot uses AI. Check for mistakes.
@justin808 justin808 closed this Feb 9, 2026
@justin808 justin808 deleted the jg/use-centralized-review-workflow branch February 9, 2026 01:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@justin808