mirror of
https://github.com/anthropics/claude-code.git
synced 2026-06-19 05:53:31 +00:00
5ef2f06c6a
Replace the static ANTHROPIC_API_KEY secret with Workload Identity Federation inputs in claude.yml, claude-issue-triage.yml, and claude-dedupe-issues.yml. The federation rule, organization, service account, and workspace IDs are read from repository variables.
45 lines
1.6 KiB
YAML
45 lines
1.6 KiB
YAML
name: Claude Code
|
|
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
pull_request_review_comment:
|
|
types: [created]
|
|
issues:
|
|
types: [opened, assigned]
|
|
pull_request_review:
|
|
types: [submitted]
|
|
|
|
jobs:
|
|
claude:
|
|
if: |
|
|
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
|
|
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
|
|
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
|
|
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
issues: read
|
|
id-token: write
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Run Claude Code
|
|
id: claude
|
|
uses: anthropics/claude-code-action@v1
|
|
with:
|
|
# Authenticate to the Claude API via Workload Identity Federation
|
|
# (the workflow's OIDC token is exchanged for a short-lived access
|
|
# token) instead of a static API key.
|
|
anthropic_federation_rule_id: ${{ vars.ANTHROPIC_FEDERATION_RULE_ID }}
|
|
anthropic_organization_id: ${{ vars.ANTHROPIC_ORGANIZATION_ID }}
|
|
anthropic_service_account_id: ${{ vars.ANTHROPIC_SERVICE_ACCOUNT_ID }}
|
|
anthropic_workspace_id: ${{ vars.ANTHROPIC_WORKSPACE_ID }}
|
|
claude_args: "--model claude-sonnet-4-5-20250929"
|
|
|