From 2d65568013f2e17e29282eb0c23f1893dd448c25 Mon Sep 17 00:00:00 2001 From: Werner Robitza Date: Sun, 8 Feb 2026 16:21:43 +0100 Subject: [PATCH 1/4] "Update Claude PR Assistant workflow" --- .github/workflows/claude.yml | 44 ++++-------------------------------- 1 file changed, 5 insertions(+), 39 deletions(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index c6e14a9..d300267 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -10,9 +10,6 @@ on: pull_request_review: types: [submitted] -env: - FFMPEG_VERSION: "8.0" - jobs: claude: if: | @@ -22,9 +19,9 @@ jobs: (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write - issues: write + contents: read + pull-requests: read + issues: read id-token: write actions: read # Required for Claude to read CI results on PRs steps: @@ -33,37 +30,6 @@ jobs: with: fetch-depth: 1 - - name: Install uv - uses: astral-sh/setup-uv@v3 - - - name: Set up Python - run: uv python install 3.13 - - - name: Cache ffmpeg download - uses: actions/cache@v4 - id: cache-ffmpeg - with: - path: /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz - key: ${{ runner.os }}-ffmpeg - - - name: Download ffmpeg if not cached - if: steps.cache-ffmpeg.outputs.cache-hit != 'true' - run: | - echo "Downloading ffmpeg ${FFMPEG_VERSION}" - wget -q https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -P /opt/ffmpeg - - - name: Extract and install ffmpeg - run: | - echo "Extracting ffmpeg ${FFMPEG_VERSION}" - sudo mkdir -p /opt/ffmpeg/extracted - sudo tar --strip-components 1 -xf /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -C /opt/ffmpeg/extracted - echo "Installing ffmpeg ${FFMPEG_VERSION}" - sudo cp /opt/ffmpeg/extracted/bin/ffmpeg /usr/bin/ffmpeg - sudo cp /opt/ffmpeg/extracted/bin/ffprobe /usr/bin/ffprobe - - - name: Install dependencies - run: uv sync --group dev - - name: Run Claude Code id: claude uses: anthropics/claude-code-action@v1 @@ -79,6 +45,6 @@ jobs: # Optional: Add claude_args to customize behavior and configuration # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options - claude_args: '--allowed-tools "Bash(uv run pytest:*),Bash(uv run ruff:*),Bash(uv run mypy:*),Bash(python -m ffmpeg_normalize:*),Bash(gh:*)"' + # or https://code.claude.com/docs/en/cli-reference for available options + # claude_args: '--allowed-tools Bash(gh pr:*)' From 6cad65c8f9bb0c2c1cbe08cd84ed10a532509f7d Mon Sep 17 00:00:00 2001 From: Werner Robitza Date: Sun, 8 Feb 2026 16:21:44 +0100 Subject: [PATCH 2/4] "Update Claude Code Review workflow" --- .github/workflows/claude-code-review.yml | 67 ++++-------------------- 1 file changed, 11 insertions(+), 56 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 01b4b4d..b5e8cfd 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -1,14 +1,14 @@ name: Claude Code Review on: - pull_request_target: - types: [opened, synchronize] + pull_request: + types: [opened, synchronize, ready_for_review, reopened] # Optional: Only run on specific file changes # paths: - # - "src/**/*.py" - -env: - FFMPEG_VERSION: "8.0" + # - "src/**/*.ts" + # - "src/**/*.tsx" + # - "src/**/*.js" + # - "src/**/*.jsx" jobs: claude-review: @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - pull-requests: write + pull-requests: read issues: read id-token: write @@ -30,60 +30,15 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 1 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Install uv - uses: astral-sh/setup-uv@v3 - - - name: Set up Python - run: uv python install 3.13 - - - name: Cache ffmpeg download - uses: actions/cache@v4 - id: cache-ffmpeg - with: - path: /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz - key: ${{ runner.os }}-ffmpeg - - - name: Download ffmpeg if not cached - if: steps.cache-ffmpeg.outputs.cache-hit != 'true' - run: | - echo "Downloading ffmpeg ${FFMPEG_VERSION}" - wget -q https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -P /opt/ffmpeg - - - name: Extract and install ffmpeg - run: | - echo "Extracting ffmpeg ${FFMPEG_VERSION}" - sudo mkdir -p /opt/ffmpeg/extracted - sudo tar --strip-components 1 -xf /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -C /opt/ffmpeg/extracted - echo "Installing ffmpeg ${FFMPEG_VERSION}" - sudo cp /opt/ffmpeg/extracted/bin/ffmpeg /usr/bin/ffmpeg - sudo cp /opt/ffmpeg/extracted/bin/ffprobe /usr/bin/ffprobe - - - name: Install dependencies - run: uv sync --group dev - name: Run Claude Code Review id: claude-review uses: anthropics/claude-code-action@v1 with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - prompt: | - REPO: ${{ github.repository }} - PR NUMBER: ${{ github.event.pull_request.number }} - - Please review this pull request and provide feedback on: - - Code quality and best practices - - Potential bugs or issues - - Performance considerations - - Security concerns - - Test coverage - - Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback. - - Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. - + plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' + plugins: 'code-review@claude-code-plugins' + prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options - claude_args: '--allowed-tools "Bash(uv run pytest:*),Bash(uv run ruff:*),Bash(uv run mypy:*),Bash(python -m ffmpeg_normalize:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' + # or https://code.claude.com/docs/en/cli-reference for available options From 9a9df37b1c64e081c8c9009c19d3a93c8d4a3fa4 Mon Sep 17 00:00:00 2001 From: Werner Robitza Date: Sun, 8 Feb 2026 16:24:48 +0100 Subject: [PATCH 3/4] fix: restore uv/ffmpeg setup and allowed tools in CI workflows The auto-generated PR stripped out all project-specific setup (uv, Python, ffmpeg) and allowed tools, which would prevent Claude from running tests, linting, or type checking in CI. Changes: - Restore uv, Python 3.13, and ffmpeg installation steps - Restore claude_args with allowed tools (pytest, ruff, mypy, etc.) - Keep new syntax: plugin-based code review, updated docs URLs, pull_request trigger, read permissions (OAuth token handles writes) - Fix commented path patterns to use *.py instead of *.ts/*.tsx Co-Authored-By: Claude Opus 4.6 --- .github/workflows/claude-code-review.yml | 41 +++++++++++++++++++++--- .github/workflows/claude.yml | 41 ++++++++++++++++++++---- 2 files changed, 71 insertions(+), 11 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index b5e8cfd..a8b7567 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -5,10 +5,10 @@ on: types: [opened, synchronize, ready_for_review, reopened] # Optional: Only run on specific file changes # paths: - # - "src/**/*.ts" - # - "src/**/*.tsx" - # - "src/**/*.js" - # - "src/**/*.jsx" + # - "src/**/*.py" + +env: + FFMPEG_VERSION: "8.0" jobs: claude-review: @@ -31,6 +31,37 @@ jobs: with: fetch-depth: 1 + - name: Install uv + uses: astral-sh/setup-uv@v3 + + - name: Set up Python + run: uv python install 3.13 + + - name: Cache ffmpeg download + uses: actions/cache@v4 + id: cache-ffmpeg + with: + path: /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz + key: ${{ runner.os }}-ffmpeg + + - name: Download ffmpeg if not cached + if: steps.cache-ffmpeg.outputs.cache-hit != 'true' + run: | + echo "Downloading ffmpeg ${FFMPEG_VERSION}" + wget -q https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -P /opt/ffmpeg + + - name: Extract and install ffmpeg + run: | + echo "Extracting ffmpeg ${FFMPEG_VERSION}" + sudo mkdir -p /opt/ffmpeg/extracted + sudo tar --strip-components 1 -xf /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -C /opt/ffmpeg/extracted + echo "Installing ffmpeg ${FFMPEG_VERSION}" + sudo cp /opt/ffmpeg/extracted/bin/ffmpeg /usr/bin/ffmpeg + sudo cp /opt/ffmpeg/extracted/bin/ffprobe /usr/bin/ffprobe + + - name: Install dependencies + run: uv sync --group dev + - name: Run Claude Code Review id: claude-review uses: anthropics/claude-code-action@v1 @@ -41,4 +72,4 @@ jobs: prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md # or https://code.claude.com/docs/en/cli-reference for available options - + claude_args: '--allowed-tools "Bash(uv run pytest:*),Bash(uv run ruff:*),Bash(uv run mypy:*),Bash(python -m ffmpeg_normalize:*),Bash(gh pr:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index d300267..47b5181 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -10,6 +10,9 @@ on: pull_request_review: types: [submitted] +env: + FFMPEG_VERSION: "8.0" + jobs: claude: if: | @@ -30,6 +33,37 @@ jobs: with: fetch-depth: 1 + - name: Install uv + uses: astral-sh/setup-uv@v3 + + - name: Set up Python + run: uv python install 3.13 + + - name: Cache ffmpeg download + uses: actions/cache@v4 + id: cache-ffmpeg + with: + path: /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz + key: ${{ runner.os }}-ffmpeg + + - name: Download ffmpeg if not cached + if: steps.cache-ffmpeg.outputs.cache-hit != 'true' + run: | + echo "Downloading ffmpeg ${FFMPEG_VERSION}" + wget -q https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -P /opt/ffmpeg + + - name: Extract and install ffmpeg + run: | + echo "Extracting ffmpeg ${FFMPEG_VERSION}" + sudo mkdir -p /opt/ffmpeg/extracted + sudo tar --strip-components 1 -xf /opt/ffmpeg/ffmpeg-n${{ env.FFMPEG_VERSION }}-latest-linux64-gpl-${{ env.FFMPEG_VERSION }}.tar.xz -C /opt/ffmpeg/extracted + echo "Installing ffmpeg ${FFMPEG_VERSION}" + sudo cp /opt/ffmpeg/extracted/bin/ffmpeg /usr/bin/ffmpeg + sudo cp /opt/ffmpeg/extracted/bin/ffprobe /usr/bin/ffprobe + + - name: Install dependencies + run: uv sync --group dev + - name: Run Claude Code id: claude uses: anthropics/claude-code-action@v1 @@ -40,11 +74,6 @@ jobs: additional_permissions: | actions: read - # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. - # prompt: 'Update the pull request description to include a summary of changes.' - - # Optional: Add claude_args to customize behavior and configuration # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md # or https://code.claude.com/docs/en/cli-reference for available options - # claude_args: '--allowed-tools Bash(gh pr:*)' - + claude_args: '--allowed-tools "Bash(uv run pytest:*),Bash(uv run ruff:*),Bash(uv run mypy:*),Bash(python -m ffmpeg_normalize:*),Bash(gh:*)"' From 5cb503228d6be7c22f0bab26acc23e64f34eca28 Mon Sep 17 00:00:00 2001 From: Werner Robitza Date: Sun, 8 Feb 2026 16:26:38 +0100 Subject: [PATCH 4/4] fix: restore write permissions for Claude CI workflows The @claude mention workflow needs write access to contents, pull-requests, and issues to create commits, comment, and respond. The code review workflow needs pull-requests: write to post reviews. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/claude-code-review.yml | 2 +- .github/workflows/claude.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index a8b7567..e1ef362 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - pull-requests: read + pull-requests: write issues: read id-token: write diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 47b5181..1982474 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -22,9 +22,9 @@ jobs: (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: - contents: read - pull-requests: read - issues: read + contents: write + pull-requests: write + issues: write id-token: write actions: read # Required for Claude to read CI results on PRs steps: