actions/claude-code-gitea-action
1
0
Fork 0
mirror of https://github.com/markwylde/claude-code-gitea-action.git synced 2026-06-21 23:09:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: address review feedback on auth inputs and dead base-action options

Browse Source 
- Drop anthropic_api_key from repo workflows: only CLAUDE_CODE_OAUTH_TOKEN
  is configured as a secret, and upstream docs say to pick one auth path
- Replace the undeclared allowed_tools input in test workflows with
  claude_args --allowedTools (base-action only declares claude_args)
- Remove dead ClaudeOptions fields and INPUT_* reads that prepareRunConfig
  never consumed (mcp_config, allowed_tools, max_turns, system prompts, etc.)
- Update base-action README to document the actual inputs, with former
  dedicated inputs expressed as Claude CLI flags via claude_args
This commit is contained in:
Mark Wylde
2026-06-11 20:53:50 +01:00
parent e0779c724a
commit 3001087463
10 changed files with 69 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
base-action/README.md
View File

@@ -14,7 +14,7 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or using a prompt from a file
@@ -22,7 +22,7 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt_file: "/path/to/prompt.txt"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or limiting the conversation turns
@@ -30,8 +30,9 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
max_turns: "5" # Limit conversation to 5 turns
claude_args: |
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
--max-turns 5
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using custom system prompts
@@ -39,8 +40,9 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Build a REST API"
system_prompt: "You are a senior backend engineer. Focus on security, performance, and maintainability."
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--system-prompt "You are a senior backend engineer. Focus on security, performance, and maintainability."
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or appending to the default system prompt
@@ -48,20 +50,9 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Create a database schema"
append_system_prompt: "After writing code, be sure to code review yourself."
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using custom environment variables
- name: Run Claude Code with custom environment variables
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Deploy to staging environment"
claude_env: |
ENVIRONMENT: staging
API_URL: https://api-staging.example.com
DEBUG: true
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--append-system-prompt "After writing code, be sure to code review yourself."
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using fallback model for handling API errors
@@ -69,9 +60,10 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Review and fix TypeScript errors"
model: "claude-opus-4-1-20250805"
fallback_model: "claude-sonnet-4-20250514"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--model claude-opus-4-1-20250805
--fallback-model claude-sonnet-4-20250514
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using OAuth token instead of API key
@@ -79,35 +71,30 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Update dependencies"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
```
## Inputs
| Input | Description | Required | Default |
| ------------------------- | ------------------------------------------------------------------------------------------------- | -------- | ---------------------------- |
| `prompt` | The prompt to send to Claude Code | No\* | '' |
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' |
| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' |
| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' |
| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' |
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
| `system_prompt` | Override system prompt | No | '' |
| `append_system_prompt` | Append to system prompt | No | '' |
| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' |
| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' |
| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' |
| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' |
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
| Input | Description | Required | Default |
| -------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------- | ------- |
| `prompt` | The prompt to send to Claude Code | No\* | '' |
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
| `claude_args` | Additional arguments passed directly to the Claude CLI (e.g., `--max-turns 3 --mcp-config /path/to/config.json`) | No | '' |
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
| `path_to_claude_code_executable` | Optional path to a custom Claude Code executable; skips automatic installation | No | '' |
| `path_to_bun_executable` | Optional path to a custom Bun executable; skips automatic Bun installation | No | '' |
\*Either `prompt` or `prompt_file` must be provided, but not both.
Options like allowed tools, turn limits, system prompts, models, and MCP configuration are passed through `claude_args` using the corresponding [Claude CLI flags](https://docs.anthropic.com/en/docs/claude-code/cli-reference) (e.g., `--allowedTools`, `--max-turns`, `--system-prompt`, `--model`, `--mcp-config`).
## Outputs
| Output | Description |
@@ -137,56 +124,27 @@ Example usage:
## Custom Environment Variables
You can pass custom environment variables to Claude Code execution using the `claude_env` input. This allows Claude to access environment-specific configuration during its execution.
The `claude_env` input accepts YAML multiline format with key-value pairs:
You can pass custom environment variables to Claude Code execution using the `env` key of the `settings` input. This allows Claude to access environment-specific configuration during its execution:
```yaml
- name: Deploy with custom environment
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Deploy the application to the staging environment"
claude_env: |
ENVIRONMENT: staging
API_BASE_URL: https://api-staging.example.com
DATABASE_URL: ${{ secrets.STAGING_DB_URL }}
DEBUG: true
LOG_LEVEL: debug
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
settings: |
{
"env": {
"ENVIRONMENT": "staging",
"API_BASE_URL": "https://api-staging.example.com",
"DATABASE_URL": "${{ secrets.STAGING_DB_URL }}",
"DEBUG": "true",
"LOG_LEVEL": "debug"
}
}
claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
### Features:
- **YAML Format**: Use standard YAML key-value syntax (`KEY: value`)
- **Multiline Support**: Define multiple environment variables in a single input
- **Comments**: Lines starting with `#` are ignored
- **GitHub Secrets**: Can reference GitHub secrets using `${{ secrets.SECRET_NAME }}`
- **Runtime Access**: Environment variables are available to Claude during execution
### Example Use Cases:
```yaml
# Development configuration
claude_env: |
NODE_ENV: development
API_URL: http://localhost:3000
DEBUG: true
# Production deployment
claude_env: |
NODE_ENV: production
API_URL: https://api.example.com
DATABASE_URL: ${{ secrets.PROD_DB_URL }}
REDIS_URL: ${{ secrets.REDIS_URL }}
# Feature flags and configuration
claude_env: |
FEATURE_NEW_UI: enabled
MAX_RETRIES: 3
TIMEOUT_MS: 5000
```
## Using Settings Configuration
You can provide Claude Code settings configuration in two ways:
@@ -201,7 +159,7 @@ Provide a path to a JSON file containing Claude Code settings:
with:
prompt: "Your prompt here"
settings: "path/to/settings.json"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
@@ -235,7 +193,6 @@ Provide the settings configuration directly as a JSON string:
}]
}
}
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
@@ -252,7 +209,7 @@ The settings file supports all Claude Code settings options including:
## Using MCP Config
You can provide MCP configuration in two ways:
MCP configuration is passed to the Claude CLI via the `--mcp-config` flag in `claude_args`. You can provide it in two ways:
### Option 1: MCP Configuration File
@@ -263,8 +220,9 @@ Provide a path to a JSON file containing MCP configuration:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
mcp_config: "path/to/mcp-config.json"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--mcp-config path/to/mcp-config.json
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
@@ -277,19 +235,9 @@ Provide the MCP configuration directly as a JSON string:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
mcp_config: |
{
"mcpServers": {
"server-name": {
"command": "node",
"args": ["./server.js"],
"env": {
"API_KEY": "your-api-key"
}
}
}
}
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--mcp-config '{"mcpServers":{"server-name":{"command":"node","args":["./server.js"],"env":{"API_KEY":"your-api-key"}}}}'
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
@@ -309,16 +257,16 @@ The MCP config file should follow this format:
}
```
You can combine MCP config with other inputs like allowed tools:
To allow Claude to use a tool from an MCP server, include it in `--allowedTools` as `mcp__server-name__tool_name`:
```yaml
# Using multiple inputs together
- name: Run Claude Code with MCP and custom tools
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Access the custom MCP server and use its tools"
mcp_config: "mcp-config.json"
allowed_tools: "Bash(git:*),View,mcp__server-name__custom_tool"
claude_args: |
--mcp-config mcp-config.json
--allowedTools "Bash(git:*),View,mcp__server-name__custom_tool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
@@ -345,7 +293,7 @@ jobs:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Write your review as markdown text."
allowed_tools: "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write"
claude_args: --allowedTools "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Extract and Comment PR Review
@@ -400,7 +348,7 @@ You can authenticate with Claude using any of these methods:
### Model Configuration
Use provider-specific model names based on your chosen provider:
Use provider-specific model names via `--model` in `claude_args` based on your chosen provider:
```yaml
# For direct Anthropic API (default)
@@ -408,7 +356,7 @@ Use provider-specific model names based on your chosen provider:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
model: "claude-3-7-sonnet-20250219"
claude_args: --model claude-3-7-sonnet-20250219
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# For Amazon Bedrock (requires OIDC authentication)
@@ -422,7 +370,7 @@ Use provider-specific model names based on your chosen provider:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
model: "anthropic.claude-3-7-sonnet-20250219-v1:0"
claude_args: --model anthropic.claude-3-7-sonnet-20250219-v1:0
use_bedrock: "true"
# For Google Vertex AI (requires OIDC authentication)
@@ -436,7 +384,7 @@ Use provider-specific model names based on your chosen provider:
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
model: "claude-3-7-sonnet@20250219"
claude_args: --model claude-3-7-sonnet@20250219
use_vertex: "true"
```
@@ -456,8 +404,9 @@ This example shows how to use OIDC authentication with AWS Bedrock:
with:
prompt: "Your prompt here"
use_bedrock: "true"
model: "anthropic.claude-3-7-sonnet-20250219-v1:0"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--model anthropic.claude-3-7-sonnet-20250219-v1:0
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
```
## Example: Using OIDC Authentication for GCP Vertex AI
@@ -476,8 +425,9 @@ This example shows how to use OIDC authentication with GCP Vertex AI:
with:
prompt: "Your prompt here"
use_vertex: "true"
model: "claude-3-7-sonnet@20250219"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_args: |
--model claude-3-7-sonnet@20250219
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
```
## Security Best Practices

9
base-action/src/index.ts
View File

@@ -22,15 +22,6 @@ async function run() {
await runClaude(promptConfig.path, {
claudeArgs: process.env.INPUT_CLAUDE_ARGS,
allowedTools: process.env.INPUT_ALLOWED_TOOLS,
disallowedTools: process.env.INPUT_DISALLOWED_TOOLS,
maxTurns: process.env.INPUT_MAX_TURNS,
mcpConfig: process.env.INPUT_MCP_CONFIG,
systemPrompt: process.env.INPUT_SYSTEM_PROMPT,
appendSystemPrompt: process.env.INPUT_APPEND_SYSTEM_PROMPT,
claudeEnv: process.env.INPUT_CLAUDE_ENV,
fallbackModel: process.env.INPUT_FALLBACK_MODEL,
model: process.env.ANTHROPIC_MODEL,
pathToClaudeCodeExecutable:
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
});

9
base-action/src/run-claude.ts
View File

@@ -14,16 +14,7 @@ const BASE_ARGS = ["--verbose", "--output-format", "stream-json"];
export type ClaudeOptions = {
claudeArgs?: string;
model?: string;
pathToClaudeCodeExecutable?: string;
allowedTools?: string;
disallowedTools?: string;
maxTurns?: string;
mcpConfig?: string;
systemPrompt?: string;
appendSystemPrompt?: string;
claudeEnv?: string;
fallbackModel?: string;
};
type PreparedConfig = {