Add Claude Code GitHub Workflow

[thomhurst]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[claude]

Code Review - Claude Code GitHub Workflow

Thank you for adding Claude Code integration to TUnit! This is a nice enhancement for AI-assisted development. Here's my review:

✅ Positive Changes

1. Simplified workflow trigger: Removing workflow_dispatch simplifies the claude-code-review.yml workflow by focusing solely on automatic PR reviews triggered by pull_request events.

2. Cleaner checkout logic: The simplified checkout step removes the complex conditional logic that was needed for manual dispatch, making the workflow more maintainable.

3. Consistent action versions: Updating from actions/checkout@v6 to @v4 in claude.yml maintains consistency with the claude-code-review.yml workflow.

4. Reduced complexity: Removing 23 net lines of code (28 deletions, 5 additions) while maintaining functionality is excellent.

🔍 Observations & Suggestions

1. Checkout Action Version (Minor)

Both workflows now use actions/checkout@v4. This is good for consistency, but note that:

• @v6 may have been intentionally used for newer features
• Consider verifying if @v4 has all required functionality
• If @v4 works correctly, this is fine (and actually safer for stability)

2. Fetch Depth

Both workflows use fetch-depth: 1 (shallow clone). This is appropriate for:

• ✅ Reading current code state
• ✅ PR reviews
• ❌ May not work if Claude needs git history for analysis

For PR reviews, this is likely sufficient and improves performance.

3. Workflow Trigger Scope

The claude-code-review.yml workflow runs on ALL PRs with opened and synchronize events. Consider:

• Resource usage: Every PR will trigger a Claude review (could be expensive)
• Recommendation: The commented-out filters are excellent - consider documenting when to enable them:
  • Filter by paths for large repos
  • Filter by author for external contributors only

4. Security Considerations ✅

• Permissions are correctly scoped (read-only except id-token: write)
• CLAUDE_CODE_OAUTH_TOKEN properly uses secrets
• Allowed tools are explicitly whitelisted (good practice)
• No write permissions to code/PRs from automatic reviews

5. Integration with TUnit Development

The prompt references CLAUDE.md which is excellent! This aligns with TUnit's comprehensive development guidelines. Consider:

• Adding a note in the PR description about Claude being aware of dual-mode requirements
• Mentioning that reviews should check for source-gen + reflection parity

📝 Suggestions for Future Enhancement

1. Cost control: Add documentation about expected API usage/costs
2. Rate limiting: Consider adding workflow concurrency controls to prevent duplicate runs
3. Feedback loop: After a few weeks, evaluate:
   • Review quality
   • False positive rate
   • Whether to enable path filters or author filters

🎯 TUnit-Specific Considerations

Based on CLAUDE.md:

• ✅ Claude's prompt correctly references CLAUDE.md for style guidance
• ✅ The allowed bash tools include gh commands for PR interaction
• ⚠️ Consider adding specific prompts about dual-mode implementation checks
• ⚠️ Consider mentioning snapshot testing requirements in the review prompt

Overall Assessment

Verdict: ✅ Approve with minor suggestions

This is a clean, well-structured addition that:

• Removes unnecessary complexity
• Maintains security best practices
• Integrates nicely with TUnit's existing documentation
• Provides value through automated PR reviews

The changes are minimal, focused, and improve maintainability. The removal of manual dispatch is reasonable - if needed later, it can be re-added.

Action Items (Optional)

• Verify actions/checkout@v4 has all needed features (vs v6)
• Document when/how to enable path/author filters
• Monitor Claude review quality after merge
• Consider adding concurrency controls if needed

Great work! 🚀

[Copilot]

Pull request overview

This PR adds Claude Code integration to the repository by introducing GitHub Actions workflows that enable AI-assisted development. The changes simplify the existing workflow configurations by removing manual trigger capabilities and standardizing the checkout process.

Key changes:

• Updates actions/checkout from v6 to v4 in Claude-related workflows
• Removes workflow_dispatch manual trigger capability from the code review workflow
• Simplifies the PR checkout process by removing complex conditional logic for manual triggers

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/claude.yml	Downgrades checkout action from v6 to v4 for the Claude Code workflow
.github/workflows/claude-code-review.yml	Removes workflow_dispatch manual trigger support and simplifies PR checkout to use v4 checkout action

[Copilot]

The checkout action version is inconsistent with other workflows in this repository. All other workflows (codeql.yml, deploy-pages.yml, dotnet.yml, generate-readme.yml, speed-comparison.yml, etc.) use actions/checkout@v6, while this workflow uses actions/checkout@v4. For consistency and to use the latest version available in the repository, this should be updated to v6.

Suggested change

	uses: actions/checkout@v4
	uses: actions/checkout@v6

[Copilot]

The fetch-depth: 1 setting uses a shallow clone, which may limit Claude's ability to analyze the repository history or understand the full context of changes. Most other workflows in this repository use fetch-depth: 0 (full history) when performing analysis or code reviews. Consider using fetch-depth: 0 to provide Claude with complete repository context for more thorough code reviews.

Suggested change

	fetch-depth: 1
	fetch-depth: 0

[Copilot]

The checkout action version is inconsistent with other workflows in this repository. All other workflows (codeql.yml, deploy-pages.yml, dotnet.yml, generate-readme.yml, speed-comparison.yml, etc.) use actions/checkout@v6, while this workflow uses actions/checkout@v4. For consistency and to use the latest version available in the repository, this should be updated to v6.

Suggested change

	uses: actions/checkout@v4
	uses: actions/checkout@v6