forked from ChrisWiles/claude-code-showcase
-
Notifications
You must be signed in to change notification settings - Fork 0
185 lines (155 loc) · 6.25 KB
/
pr-claude-code-review.yml
File metadata and controls
185 lines (155 loc) · 6.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: PR - Claude Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- '**.md'
- 'docs/**'
- 'LICENSE'
- '.gitignore'
- '**.txt'
issue_comment:
types: [created]
concurrency:
group: ${{ github.workflow }}-pr-${{ github.event.pull_request.number || github.event.issue.number }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
issues: read
jobs:
review:
# Run on PR events, or on issue comments that mention @claude
if: |
github.event_name == 'pull_request' ||
(github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
contains(github.event.comment.body, '@claude'))
runs-on: ubuntu-latest
steps:
- name: Checkout repository (PR event)
if: github.event_name == 'pull_request'
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Checkout repository (issue_comment event)
if: github.event_name == 'issue_comment'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout PR branch (issue_comment event)
if: github.event_name == 'issue_comment'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr checkout ${{ github.event.issue.number }}
- name: Get PR base branch
id: pr-info
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "${{ github.event_name }}" == "pull_request" ]; then
echo "base_ref=${{ github.event.pull_request.base.ref }}" >> $GITHUB_OUTPUT
else
BASE_REF=$(gh pr view ${{ github.event.issue.number }} --json baseRefName -q '.baseRefName')
echo "base_ref=$BASE_REF" >> $GITHUB_OUTPUT
fi
- name: Setup Python for Serena
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install Serena
run: pip install serena-agent
- name: Claude Code Review with MCP
uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
model: claude-opus-4-5-20251101
timeout_minutes: 30
track_progress: true
prompt: |
# Pull Request Code Review with Enhanced Tools
You are reviewing this Pull Request with access to advanced MCP tools:
- **Serena**: For deep code analysis and pattern detection
- **Context7**: For up-to-date framework/library documentation
- **GitHub**: For PR information and commenting
## Review Process
### 1. Read Review Standards
Read `.claude/agents/code-reviewer.md` for the complete review checklist.
### 2. Analyze Changes
```bash
# Get PR diff
git diff origin/${{ steps.pr-info.outputs.base_ref }}...HEAD
# Get changed files list
git diff --name-only origin/${{ steps.pr-info.outputs.base_ref }}...HEAD
```
### 3. Use Serena for Deep Analysis
- Analyze code quality patterns in changed files
- Identify potential issues and anti-patterns
- Get recommendations for improvements
- Check for code smells and technical debt
### 4. Use Context7 for Best Practices
When reviewing specific technologies:
- React code → Query Context7 for latest React patterns
- TypeScript → Check TypeScript best practices
- Libraries used → Get current documentation and usage patterns
- Security concerns → Reference OWASP guidelines
### 5. Apply Review Checklist
For each changed file, verify:
**TypeScript Quality**:
- [ ] No `any` types without justification
- [ ] Proper type narrowing and guards
- [ ] Interface definitions for complex objects
- [ ] Generic types used appropriately
**React Patterns** (if applicable):
- [ ] Hooks used correctly (no violations of rules)
- [ ] Proper dependency arrays
- [ ] Appropriate memoization (not over-used)
- [ ] Loading/error/empty states handled
**Security**:
- [ ] User input sanitized
- [ ] No injection vulnerabilities
- [ ] Authentication/authorization checked
- [ ] Sensitive data not exposed
**Testing**:
- [ ] Tests included for new features
- [ ] Edge cases covered
- [ ] Tests follow TDD patterns
### 6. Provide Structured Feedback
Post review comment organized by severity:
**🔴 Critical Issues** (must fix before merge):
- Security vulnerabilities
- Breaking changes
- Data loss risks
**🟡 Warnings** (should fix):
- Type errors
- Poor error handling
- Performance issues
- Missing tests
**🟢 Suggestions** (nice to have):
- Code style improvements
- Better naming
- Refactoring opportunities
**✅ Positive Notes**:
- Good patterns used
- Well-tested code
- Clear documentation
### 7. Add Specific File Comments
For critical/warning issues, use:
```bash
gh pr comment ${{ github.event.pull_request.number || github.event.issue.number }} --body "<feedback>"
```
## Guidelines
- Be constructive and helpful
- Reference specific lines/files
- Explain WHY something is an issue
- Suggest concrete fixes
- Use MCP tools to back up recommendations
- Focus on objective quality, not subjective style
claude_args: |
--max-turns 15
--allowedTools "Read,Glob,Grep,Bash(git:*),Bash(gh:*)"
env:
SERENA_API_KEY: ${{ secrets.SERENA_API_KEY }}
SERENA_HOST: ${{ secrets.SERENA_HOST || 'http://localhost:8384' }}
CONTEXT7_API_KEY: ${{ secrets.CONTEXT7_API_KEY }}