Add claude GitHub actions 1769016624918

[maxisbey]

Motivation and Context

Adds GitHub Actions workflows to enable Claude Code integration on the repository.

Workflows

claude.yml — Interactive assistant

Triggered by @claude mentions in issue comments, PR comments, and PR reviews. Uses the Claude Code GitHub App for authentication, which provides its own write-capable token. Commit signing is enabled via GitHub API (use_commit_signing: true). Also has actions: read to let Claude read CI results.

Usage on PRs (upstream branches):

• Comment @claude fix this or @claude do X on a PR
• Claude commits directly to the PR's existing branch

Usage on issues:

• Comment @claude please fix on an issue
• Claude creates a new claude/ prefixed branch, commits changes, and posts a link to create a PR (human-in-the-loop for PR creation)

claude-code-review.yml — Automated code review

Runs automatically on PR open/sync. Read-only permissions. Uses the code-review plugin.

Limitations

• No rebase/conflict resolution: use_commit_signing uses the GitHub API for commits, so Claude cannot perform complex git operations (rebase, cherry-pick, conflict resolution). For full git CLI support, an ssh_signing_key would need to be configured instead.
• Fork PRs: Claude cannot push to fork branches (e.g., contributor:feature/branch). The GitHub App token is scoped to this repo only. On fork PRs, Claude would create a new branch on the upstream repo instead.
• Write access required: Only users with write access to the repo can trigger Claude (security restriction of the action).

Prerequisites

1. Claude Code GitHub App must be installed on the repo
2. ANTHROPIC_API_KEY must be configured as a repo secret

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

_{AI Disclaimer}

[maxisbey]

@claude does this look good

[Kludex]

Post the source of this file in the header, please.

[maxisbey]

added

[Kludex]

Drop comments that came with the template, please.

[maxisbey]

done

[Kludex]

Is Claude able to change branch here, tho?

[maxisbey]

No — actions: read has nothing to do with branches. It only enables reading CI/workflow results (run statuses, job details, logs). The additional_permissions input spins up a GitHub CI MCP server that gives Claude three read-only tools: get_ci_status, get_workflow_run_details, and download_job_log. Branch operations would require contents: write, which we don't grant.

Also addressed the other two comments (added source headers, removed template boilerplate).

[maxisbey]

woops claude posted this without me seeing it