diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index eadad44..3c19735 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -20,7 +20,6 @@ jobs: - name: PR Review with Progress Tracking uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 64d889e..ec2768e 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -33,7 +33,6 @@ jobs: id: claude uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} claude_args: | diff --git a/.github/workflows/issue-triage.yml b/.github/workflows/issue-triage.yml index 6d11814..dd91594 100644 --- a/.github/workflows/issue-triage.yml +++ b/.github/workflows/issue-triage.yml @@ -22,7 +22,6 @@ jobs: uses: anthropics/claude-code-action@main with: prompt: "/label-issue REPO: ${{ github.repository }} ISSUE_NUMBER${{ github.event.issue.number }}" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test-base-action.yml b/.github/workflows/test-base-action.yml index d3a510c..0dbbe6f 100644 --- a/.github/workflows/test-base-action.yml +++ b/.github/workflows/test-base-action.yml @@ -23,9 +23,8 @@ jobs: uses: ./base-action with: prompt: ${{ github.event.inputs.test_prompt || 'List the files in the current directory starting with "package"' }} - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - allowed_tools: "LS,Read" + claude_args: --allowedTools LS,Read - name: Verify inline prompt output run: | @@ -81,9 +80,8 @@ jobs: uses: ./base-action with: prompt_file: "test-prompt.txt" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - allowed_tools: "LS,Read" + claude_args: --allowedTools LS,Read - name: Verify prompt file output run: | diff --git a/.github/workflows/test-custom-executables.yml b/.github/workflows/test-custom-executables.yml index 4745b28..1901d18 100644 --- a/.github/workflows/test-custom-executables.yml +++ b/.github/workflows/test-custom-executables.yml @@ -49,11 +49,10 @@ jobs: with: prompt: | List the files in the current directory starting with "package" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} path_to_claude_code_executable: /home/runner/.local/bin/claude path_to_bun_executable: /home/runner/.bun/bin/bun - allowed_tools: "LS,Read" + claude_args: --allowedTools LS,Read - name: Verify custom executables worked run: | diff --git a/.github/workflows/test-mcp-servers.yml b/.github/workflows/test-mcp-servers.yml index b0962d5..7aa0b55 100644 --- a/.github/workflows/test-mcp-servers.yml +++ b/.github/workflows/test-mcp-servers.yml @@ -28,7 +28,6 @@ jobs: id: claude-test with: prompt: "Call the test_tool tool and report its response." - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_args: --allowedTools mcp__test-server__test_tool env: @@ -119,7 +118,6 @@ jobs: id: claude-config-test with: prompt: "Call the test_tool tool and report its response." - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_args: | --allowedTools mcp__test-server__test_tool diff --git a/.github/workflows/test-settings.yml b/.github/workflows/test-settings.yml index 9625cc6..b9abc65 100644 --- a/.github/workflows/test-settings.yml +++ b/.github/workflows/test-settings.yml @@ -19,7 +19,6 @@ jobs: with: prompt: | Use Bash to echo "Hello from settings test" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} settings: | { @@ -69,7 +68,6 @@ jobs: with: prompt: | Use Bash to echo "This should not work" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} settings: | { @@ -112,7 +110,6 @@ jobs: with: prompt: | Use Bash to echo "Hello from settings file test" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} settings: "test-settings.json" @@ -167,7 +164,6 @@ jobs: with: prompt: | Use Bash to echo "This should not work from file" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} settings: "test-settings.json" diff --git a/base-action/README.md b/base-action/README.md index 5047631..056f2e3 100644 --- a/base-action/README.md +++ b/base-action/README.md @@ -14,7 +14,7 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Or using a prompt from a file @@ -22,7 +22,7 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt_file: "/path/to/prompt.txt" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Or limiting the conversation turns @@ -30,8 +30,9 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" - max_turns: "5" # Limit conversation to 5 turns + claude_args: | + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + --max-turns 5 anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Using custom system prompts @@ -39,8 +40,9 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt: "Build a REST API" - system_prompt: "You are a senior backend engineer. Focus on security, performance, and maintainability." - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --system-prompt "You are a senior backend engineer. Focus on security, performance, and maintainability." + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Or appending to the default system prompt @@ -48,20 +50,9 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt: "Create a database schema" - append_system_prompt: "After writing code, be sure to code review yourself." - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - -# Using custom environment variables -- name: Run Claude Code with custom environment variables - uses: anthropics/claude-code-base-action@beta - with: - prompt: "Deploy to staging environment" - claude_env: | - ENVIRONMENT: staging - API_URL: https://api-staging.example.com - DEBUG: true - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --append-system-prompt "After writing code, be sure to code review yourself." + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Using fallback model for handling API errors @@ -69,9 +60,10 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt: "Review and fix TypeScript errors" - model: "claude-opus-4-1-20250805" - fallback_model: "claude-sonnet-4-20250514" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --model claude-opus-4-1-20250805 + --fallback-model claude-sonnet-4-20250514 + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Using OAuth token instead of API key @@ -79,35 +71,30 @@ Add the following to your workflow file: uses: anthropics/claude-code-base-action@beta with: prompt: "Update dependencies" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ``` ## Inputs -| Input | Description | Required | Default | -| ------------------------- | ------------------------------------------------------------------------------------------------- | -------- | ---------------------------- | -| `prompt` | The prompt to send to Claude Code | No\* | '' | -| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' | -| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' | -| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' | -| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' | -| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' | -| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' | -| `system_prompt` | Override system prompt | No | '' | -| `append_system_prompt` | Append to system prompt | No | '' | -| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' | -| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' | -| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' | -| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' | -| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' | -| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' | -| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' | -| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' | -| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' | +| Input | Description | Required | Default | +| -------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------- | ------- | +| `prompt` | The prompt to send to Claude Code | No\* | '' | +| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' | +| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' | +| `claude_args` | Additional arguments passed directly to the Claude CLI (e.g., `--max-turns 3 --mcp-config /path/to/config.json`) | No | '' | +| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' | +| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' | +| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' | +| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' | +| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' | +| `path_to_claude_code_executable` | Optional path to a custom Claude Code executable; skips automatic installation | No | '' | +| `path_to_bun_executable` | Optional path to a custom Bun executable; skips automatic Bun installation | No | '' | \*Either `prompt` or `prompt_file` must be provided, but not both. +Options like allowed tools, turn limits, system prompts, models, and MCP configuration are passed through `claude_args` using the corresponding [Claude CLI flags](https://docs.anthropic.com/en/docs/claude-code/cli-reference) (e.g., `--allowedTools`, `--max-turns`, `--system-prompt`, `--model`, `--mcp-config`). + ## Outputs | Output | Description | @@ -137,56 +124,27 @@ Example usage: ## Custom Environment Variables -You can pass custom environment variables to Claude Code execution using the `claude_env` input. This allows Claude to access environment-specific configuration during its execution. - -The `claude_env` input accepts YAML multiline format with key-value pairs: +You can pass custom environment variables to Claude Code execution using the `env` key of the `settings` input. This allows Claude to access environment-specific configuration during its execution: ```yaml - name: Deploy with custom environment uses: anthropics/claude-code-base-action@beta with: prompt: "Deploy the application to the staging environment" - claude_env: | - ENVIRONMENT: staging - API_BASE_URL: https://api-staging.example.com - DATABASE_URL: ${{ secrets.STAGING_DB_URL }} - DEBUG: true - LOG_LEVEL: debug - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + settings: | + { + "env": { + "ENVIRONMENT": "staging", + "API_BASE_URL": "https://api-staging.example.com", + "DATABASE_URL": "${{ secrets.STAGING_DB_URL }}", + "DEBUG": "true", + "LOG_LEVEL": "debug" + } + } + claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` -### Features: - -- **YAML Format**: Use standard YAML key-value syntax (`KEY: value`) -- **Multiline Support**: Define multiple environment variables in a single input -- **Comments**: Lines starting with `#` are ignored -- **GitHub Secrets**: Can reference GitHub secrets using `${{ secrets.SECRET_NAME }}` -- **Runtime Access**: Environment variables are available to Claude during execution - -### Example Use Cases: - -```yaml -# Development configuration -claude_env: | - NODE_ENV: development - API_URL: http://localhost:3000 - DEBUG: true - -# Production deployment -claude_env: | - NODE_ENV: production - API_URL: https://api.example.com - DATABASE_URL: ${{ secrets.PROD_DB_URL }} - REDIS_URL: ${{ secrets.REDIS_URL }} - -# Feature flags and configuration -claude_env: | - FEATURE_NEW_UI: enabled - MAX_RETRIES: 3 - TIMEOUT_MS: 5000 -``` - ## Using Settings Configuration You can provide Claude Code settings configuration in two ways: @@ -201,7 +159,7 @@ Provide a path to a JSON file containing Claude Code settings: with: prompt: "Your prompt here" settings: "path/to/settings.json" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` @@ -235,7 +193,6 @@ Provide the settings configuration directly as a JSON string: }] } } - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` @@ -252,7 +209,7 @@ The settings file supports all Claude Code settings options including: ## Using MCP Config -You can provide MCP configuration in two ways: +MCP configuration is passed to the Claude CLI via the `--mcp-config` flag in `claude_args`. You can provide it in two ways: ### Option 1: MCP Configuration File @@ -263,8 +220,9 @@ Provide a path to a JSON file containing MCP configuration: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - mcp_config: "path/to/mcp-config.json" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --mcp-config path/to/mcp-config.json + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` @@ -277,19 +235,9 @@ Provide the MCP configuration directly as a JSON string: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - mcp_config: | - { - "mcpServers": { - "server-name": { - "command": "node", - "args": ["./server.js"], - "env": { - "API_KEY": "your-api-key" - } - } - } - } - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --mcp-config '{"mcpServers":{"server-name":{"command":"node","args":["./server.js"],"env":{"API_KEY":"your-api-key"}}}}' + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` @@ -309,16 +257,16 @@ The MCP config file should follow this format: } ``` -You can combine MCP config with other inputs like allowed tools: +To allow Claude to use a tool from an MCP server, include it in `--allowedTools` as `mcp__server-name__tool_name`: ```yaml -# Using multiple inputs together - name: Run Claude Code with MCP and custom tools uses: anthropics/claude-code-base-action@beta with: prompt: "Access the custom MCP server and use its tools" - mcp_config: "mcp-config.json" - allowed_tools: "Bash(git:*),View,mcp__server-name__custom_tool" + claude_args: | + --mcp-config mcp-config.json + --allowedTools "Bash(git:*),View,mcp__server-name__custom_tool" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` @@ -345,7 +293,7 @@ jobs: uses: anthropics/claude-code-base-action@beta with: prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Write your review as markdown text." - allowed_tools: "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write" + claude_args: --allowedTools "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - name: Extract and Comment PR Review @@ -400,7 +348,7 @@ You can authenticate with Claude using any of these methods: ### Model Configuration -Use provider-specific model names based on your chosen provider: +Use provider-specific model names via `--model` in `claude_args` based on your chosen provider: ```yaml # For direct Anthropic API (default) @@ -408,7 +356,7 @@ Use provider-specific model names based on your chosen provider: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - model: "claude-3-7-sonnet-20250219" + claude_args: --model claude-3-7-sonnet-20250219 anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # For Amazon Bedrock (requires OIDC authentication) @@ -422,7 +370,7 @@ Use provider-specific model names based on your chosen provider: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - model: "anthropic.claude-3-7-sonnet-20250219-v1:0" + claude_args: --model anthropic.claude-3-7-sonnet-20250219-v1:0 use_bedrock: "true" # For Google Vertex AI (requires OIDC authentication) @@ -436,7 +384,7 @@ Use provider-specific model names based on your chosen provider: uses: anthropics/claude-code-base-action@beta with: prompt: "Your prompt here" - model: "claude-3-7-sonnet@20250219" + claude_args: --model claude-3-7-sonnet@20250219 use_vertex: "true" ``` @@ -456,8 +404,9 @@ This example shows how to use OIDC authentication with AWS Bedrock: with: prompt: "Your prompt here" use_bedrock: "true" - model: "anthropic.claude-3-7-sonnet-20250219-v1:0" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --model anthropic.claude-3-7-sonnet-20250219-v1:0 + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" ``` ## Example: Using OIDC Authentication for GCP Vertex AI @@ -476,8 +425,9 @@ This example shows how to use OIDC authentication with GCP Vertex AI: with: prompt: "Your prompt here" use_vertex: "true" - model: "claude-3-7-sonnet@20250219" - allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" + claude_args: | + --model claude-3-7-sonnet@20250219 + --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool" ``` ## Security Best Practices diff --git a/base-action/src/index.ts b/base-action/src/index.ts index bd61825..d885fff 100644 --- a/base-action/src/index.ts +++ b/base-action/src/index.ts @@ -22,15 +22,6 @@ async function run() { await runClaude(promptConfig.path, { claudeArgs: process.env.INPUT_CLAUDE_ARGS, - allowedTools: process.env.INPUT_ALLOWED_TOOLS, - disallowedTools: process.env.INPUT_DISALLOWED_TOOLS, - maxTurns: process.env.INPUT_MAX_TURNS, - mcpConfig: process.env.INPUT_MCP_CONFIG, - systemPrompt: process.env.INPUT_SYSTEM_PROMPT, - appendSystemPrompt: process.env.INPUT_APPEND_SYSTEM_PROMPT, - claudeEnv: process.env.INPUT_CLAUDE_ENV, - fallbackModel: process.env.INPUT_FALLBACK_MODEL, - model: process.env.ANTHROPIC_MODEL, pathToClaudeCodeExecutable: process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE, }); diff --git a/base-action/src/run-claude.ts b/base-action/src/run-claude.ts index 58c58c0..22e144c 100644 --- a/base-action/src/run-claude.ts +++ b/base-action/src/run-claude.ts @@ -14,16 +14,7 @@ const BASE_ARGS = ["--verbose", "--output-format", "stream-json"]; export type ClaudeOptions = { claudeArgs?: string; - model?: string; pathToClaudeCodeExecutable?: string; - allowedTools?: string; - disallowedTools?: string; - maxTurns?: string; - mcpConfig?: string; - systemPrompt?: string; - appendSystemPrompt?: string; - claudeEnv?: string; - fallbackModel?: string; }; type PreparedConfig = {