mcp-run-python

name: '@claude' on: issue_comment: types: [created] pull_request_review_comment: types: [created] issues: types: [opened, assigned] pull_request_review: types: [submitted] env: UV_PYTHON: 3.13 UV_FROZEN: "1" jobs: get-pr-info: if: | ( (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) ) && contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association || github.event.review.author_association || github.event.issue.author_association) runs-on: ubuntu-latest outputs: is_fork: ${{ steps.pr-info.outputs.is_fork }} pr_head_repo: ${{ steps.pr-info.outputs.pr_head_repo }} pr_head_ref: ${{ steps.pr-info.outputs.pr_head_ref }} steps: - name: Get PR info if: github.event.issue.pull_request || github.event.pull_request id: pr-info run: | PR_NUMBER=${{ github.event.pull_request.number || github.event.issue.number }} PR_DATA=$(gh api repos/${{ github.repository }}/pulls/${PR_NUMBER}) echo "pr_head_repo=$(echo "$PR_DATA" | jq -r '.head.repo.full_name')" >> $GITHUB_OUTPUT echo "pr_head_ref=$(echo "$PR_DATA" | jq -r '.head.ref')" >> $GITHUB_OUTPUT echo "is_fork=$(echo "$PR_DATA" | jq -r '.head.repo.fork')" >> $GITHUB_OUTPUT env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} at-claude: needs: get-pr-info if: needs.get-pr-info.outputs.is_fork != 'true' runs-on: ubuntu-latest timeout-minutes: 60 permissions: contents: write pull-requests: write issues: write id-token: write actions: read steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 1 - uses: astral-sh/setup-uv@v5 with: enable-cache: true cache-suffix: claude-code - run: uv tool install pre-commit - run: make install - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} additional_permissions: | actions: read claude_args: | --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr checks:*),Bash(gh pr list:*),Bash(gh pr create:*),Bash(gh issue view:*),Bash(gh issue list:*),Bash(gh run view:*),Bash(gh run list:*),Bash(git log:*),Bash(git diff:*),Bash(git grep:*),Bash(git show:*),Bash(git status:*),Bash(git add:*),Bash(git checkout:*),Bash(git commit:*),Bash(git push:*),Bash(rg:*),Bash(ls:*),Bash(tree:*),Bash(grep:*),Bash(uv run:*),Bash(make:*)" at-claude-fork: needs: get-pr-info if: needs.get-pr-info.outputs.is_fork == 'true' runs-on: ubuntu-latest timeout-minutes: 60 permissions: contents: write pull-requests: write issues: write id-token: write actions: read steps: - name: Checkout fork repository uses: actions/checkout@v6 with: repository: ${{ needs.get-pr-info.outputs.pr_head_repo }} ref: ${{ needs.get-pr-info.outputs.pr_head_ref }} fetch-depth: 1 - name: Check for modified config files run: | PR_NUMBER=${{ github.event.pull_request.number || github.event.issue.number }} CHANGED=$(gh pr diff "$PR_NUMBER" --name-only --repo ${{ github.repository }}) if echo "$CHANGED" | grep -qiE '(^|/)AGENTS\.md$|(^|/)CLAUDE\.md$|(^|/)\.claude/'; then echo "::error::PR modifies agent config files (AGENTS.md, CLAUDE.md, or .claude/). Skipping for security." exit 1 fi env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} additional_permissions: | actions: read claude_args: | --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr checks:*),Bash(gh pr list:*),Bash(gh issue view:*),Bash(gh issue list:*),Bash(gh run view:*),Bash(gh run list:*),Bash(git log:*),Bash(git diff:*),Bash(git grep:*),Bash(git show:*),Bash(git status:*),Bash(rg:*),Bash(ls:*),Bash(tree:*),Bash(grep:*)"