Skip to content

Add code-review action and fix security-review comment posting#4638

Open
taylordowns2000 wants to merge 2 commits intomainfrom
claude/add-review-actions-3y00b
Open

Add code-review action and fix security-review comment posting#4638
taylordowns2000 wants to merge 2 commits intomainfrom
claude/add-review-actions-3y00b

Conversation

@taylordowns2000
Copy link
Copy Markdown
Member

@taylordowns2000 taylordowns2000 commented Apr 17, 2026

  • Add issues:write permission to security-review (was preventing Claude
    from posting sticky comments via the issues API)
  • Change fallback step to if: always() so a comment is guaranteed on
    every run, not just failures
  • Add new code-review.yml workflow that invokes the /review skill via
    claude-code-action on every non-draft PR

https://claude.ai/code/session_018DKHSmTKWSyWR4iP4tPgcP

@claude
Add code-review action and fix security-review comment posting
b5e2e6e 
- Add issues:write permission to security-review (was preventing Claude
  from posting sticky comments via the issues API)
- Change fallback step to if: always() so a comment is guaranteed on
  every run, not just failures
- Add new code-review.yml workflow that invokes the /review skill via
  claude-code-action on every non-draft PR

https://claude.ai/code/session_018DKHSmTKWSyWR4iP4tPgcP
@github-project-automation github-project-automation bot moved this to New Issues in Core Apr 17, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 17, 2026

Code Review

⚠️ The review completed but no findings comment was posted.

See the workflow run for the raw Claude output.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 17, 2026

Security Review

⚠️ Automated security review did not complete.

Claude hit the max-turns limit or encountered an error before posting findings.
A manual review of S0 (project-scoped data access), S1 (authorization policies),
and S2 (audit trail coverage) is recommended for this PR.

See the workflow run for details.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 17, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.62%. Comparing base (f8a1f0b) to head (54c5297).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4638      +/-   ##
==========================================
- Coverage   89.63%   89.62%   -0.02%     
==========================================
  Files         444      444              
  Lines       21558    21558              
==========================================
- Hits        19324    19321       -3     
- Misses       2234     2237       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@claude
Fix review actions: update model to opus-4-7, fix code-review prompt
54c5297 
- Update model from deprecated claude-opus-4-6 to claude-opus-4-7 in
  both workflows (root cause of the fast failure on #4638)
- Also flatten claude_args to a single line to avoid YAML newline parsing
  issues
- Replace Skill tool invocation in code-review prompt with direct review
  instructions (the /review skill is interactive-only, unavailable in
  claude-code-action's non-interactive --prompt mode)

https://claude.ai/code/session_018DKHSmTKWSyWR4iP4tPgcP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Core
Status: New Issues

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@taylordowns2000 @claude