actions/claude-code-gitea-action
1
0
Fork 0
mirror of https://github.com/markwylde/claude-code-gitea-action.git synced 2026-06-21 22:50:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: address review feedback on auth inputs and dead base-action options

Browse Source 
- Drop anthropic_api_key from repo workflows: only CLAUDE_CODE_OAUTH_TOKEN
  is configured as a secret, and upstream docs say to pick one auth path
- Replace the undeclared allowed_tools input in test workflows with
  claude_args --allowedTools (base-action only declares claude_args)
- Remove dead ClaudeOptions fields and INPUT_* reads that prepareRunConfig
  never consumed (mcp_config, allowed_tools, max_turns, system prompts, etc.)
- Update base-action README to document the actual inputs, with former
  dedicated inputs expressed as Claude CLI flags via claude_args
This commit is contained in:
Mark Wylde
2026-06-11 20:53:50 +01:00
parent e0779c724a
commit 3001087463
10 changed files with 69 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/claude-review.yml vendored
View File

@@ -20,7 +20,6 @@ jobs:
- name: PR Review with Progress Tracking - name: PR Review with Progress Tracking
uses: anthropics/claude-code-action@v1 uses: anthropics/claude-code-action@v1
with: with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}

1
.github/workflows/claude.yml vendored
View File

@@ -33,7 +33,6 @@ jobs:
id: claude id: claude
uses: anthropics/claude-code-action@v1 uses: anthropics/claude-code-action@v1
with: with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
claude_args: | claude_args: |

1
.github/workflows/issue-triage.yml vendored
View File

@@ -22,7 +22,6 @@ jobs:
uses: anthropics/claude-code-action@main uses: anthropics/claude-code-action@main
with: with:
prompt: "/label-issue REPO: ${{ github.repository }} ISSUE_NUMBER${{ github.event.issue.number }}" prompt: "/label-issue REPO: ${{ github.repository }} ISSUE_NUMBER${{ github.event.issue.number }}"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}

6
.github/workflows/test-base-action.yml vendored
View File

@@ -23,9 +23,8 @@ jobs:
uses: ./base-action uses: ./base-action
with: with:
prompt: ${{ github.event.inputs.test_prompt || 'List the files in the current directory starting with "package"' }} prompt: ${{ github.event.inputs.test_prompt || 'List the files in the current directory starting with "package"' }}
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
allowed_tools: "LS,Read" claude_args: --allowedTools LS,Read
- name: Verify inline prompt output - name: Verify inline prompt output
run: | run: |
@@ -81,9 +80,8 @@ jobs:
uses: ./base-action uses: ./base-action
with: with:
prompt_file: "test-prompt.txt" prompt_file: "test-prompt.txt"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
allowed_tools: "LS,Read" claude_args: --allowedTools LS,Read
- name: Verify prompt file output - name: Verify prompt file output
run: | run: |

3
.github/workflows/test-custom-executables.yml vendored
View File

@@ -49,11 +49,10 @@ jobs:
with: with:
prompt: | prompt: |
List the files in the current directory starting with "package" List the files in the current directory starting with "package"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
path_to_claude_code_executable: /home/runner/.local/bin/claude path_to_claude_code_executable: /home/runner/.local/bin/claude
path_to_bun_executable: /home/runner/.bun/bin/bun path_to_bun_executable: /home/runner/.bun/bin/bun
allowed_tools: "LS,Read" claude_args: --allowedTools LS,Read
- name: Verify custom executables worked - name: Verify custom executables worked
run: | run: |

2
.github/workflows/test-mcp-servers.yml vendored
View File

@@ -28,7 +28,6 @@ jobs:
id: claude-test id: claude-test
with: with:
prompt: "Call the test_tool tool and report its response." prompt: "Call the test_tool tool and report its response."
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
claude_args: --allowedTools mcp__test-server__test_tool claude_args: --allowedTools mcp__test-server__test_tool
env: env:
@@ -119,7 +118,6 @@ jobs:
id: claude-config-test id: claude-config-test
with: with:
prompt: "Call the test_tool tool and report its response." prompt: "Call the test_tool tool and report its response."
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
claude_args: | claude_args: |
--allowedTools mcp__test-server__test_tool --allowedTools mcp__test-server__test_tool

4
.github/workflows/test-settings.yml vendored
View File

@@ -19,7 +19,6 @@ jobs:
with: with:
prompt: | prompt: |
Use Bash to echo "Hello from settings test" Use Bash to echo "Hello from settings test"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
settings: | settings: |
{ {
@@ -69,7 +68,6 @@ jobs:
with: with:
prompt: | prompt: |
Use Bash to echo "This should not work" Use Bash to echo "This should not work"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
settings: | settings: |
{ {
@@ -112,7 +110,6 @@ jobs:
with: with:
prompt: | prompt: |
Use Bash to echo "Hello from settings file test" Use Bash to echo "Hello from settings file test"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
settings: "test-settings.json" settings: "test-settings.json"
@@ -167,7 +164,6 @@ jobs:
with: with:
prompt: | prompt: |
Use Bash to echo "This should not work from file" Use Bash to echo "This should not work from file"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
settings: "test-settings.json" settings: "test-settings.json"

182
base-action/README.md
View File

@@ -14,7 +14,7 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or using a prompt from a file # Or using a prompt from a file
@@ -22,7 +22,7 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt_file: "/path/to/prompt.txt" prompt_file: "/path/to/prompt.txt"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or limiting the conversation turns # Or limiting the conversation turns
@@ -30,8 +30,9 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" claude_args: |
max_turns: "5" # Limit conversation to 5 turns --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
--max-turns 5
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using custom system prompts # Using custom system prompts
@@ -39,8 +40,9 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Build a REST API" prompt: "Build a REST API"
system_prompt: "You are a senior backend engineer. Focus on security, performance, and maintainability." claude_args: |
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" --system-prompt "You are a senior backend engineer. Focus on security, performance, and maintainability."
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or appending to the default system prompt # Or appending to the default system prompt
@@ -48,20 +50,9 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Create a database schema" prompt: "Create a database schema"
append_system_prompt: "After writing code, be sure to code review yourself." claude_args: |
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" --append-system-prompt "After writing code, be sure to code review yourself."
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
# Using custom environment variables
- name: Run Claude Code with custom environment variables
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Deploy to staging environment"
claude_env: |
ENVIRONMENT: staging
API_URL: https://api-staging.example.com
DEBUG: true
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using fallback model for handling API errors # Using fallback model for handling API errors
@@ -69,9 +60,10 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Review and fix TypeScript errors" prompt: "Review and fix TypeScript errors"
model: "claude-opus-4-1-20250805" claude_args: |
fallback_model: "claude-sonnet-4-20250514" --model claude-opus-4-1-20250805
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" --fallback-model claude-sonnet-4-20250514
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Using OAuth token instead of API key # Using OAuth token instead of API key
@@ -79,35 +71,30 @@ Add the following to your workflow file:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Update dependencies" prompt: "Update dependencies"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
``` ```
## Inputs ## Inputs
| Input | Description | Required | Default | | Input | Description | Required | Default |
| ------------------------- | ------------------------------------------------------------------------------------------------- | -------- | ---------------------------- | | -------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------- | ------- |
| `prompt` | The prompt to send to Claude Code | No\* | '' | | `prompt` | The prompt to send to Claude Code | No\* | '' |
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' | | `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' | | `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' | | `claude_args` | Additional arguments passed directly to the Claude CLI (e.g., `--max-turns 3 --mcp-config /path/to/config.json`) | No | '' |
| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' | | `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' | | `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' | | `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `system_prompt` | Override system prompt | No | '' | | `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `append_system_prompt` | Append to system prompt | No | '' | | `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' | | `path_to_claude_code_executable` | Optional path to a custom Claude Code executable; skips automatic installation | No | '' |
| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' | | `path_to_bun_executable` | Optional path to a custom Bun executable; skips automatic Bun installation | No | '' |
| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' |
| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' |
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
\*Either `prompt` or `prompt_file` must be provided, but not both. \*Either `prompt` or `prompt_file` must be provided, but not both.
Options like allowed tools, turn limits, system prompts, models, and MCP configuration are passed through `claude_args` using the corresponding [Claude CLI flags](https://docs.anthropic.com/en/docs/claude-code/cli-reference) (e.g., `--allowedTools`, `--max-turns`, `--system-prompt`, `--model`, `--mcp-config`).
## Outputs ## Outputs
| Output | Description | | Output | Description |
@@ -137,56 +124,27 @@ Example usage:
## Custom Environment Variables ## Custom Environment Variables
You can pass custom environment variables to Claude Code execution using the `claude_env` input. This allows Claude to access environment-specific configuration during its execution. You can pass custom environment variables to Claude Code execution using the `env` key of the `settings` input. This allows Claude to access environment-specific configuration during its execution:
The `claude_env` input accepts YAML multiline format with key-value pairs:
```yaml ```yaml
- name: Deploy with custom environment - name: Deploy with custom environment
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Deploy the application to the staging environment" prompt: "Deploy the application to the staging environment"
claude_env: | settings: |
ENVIRONMENT: staging {
API_BASE_URL: https://api-staging.example.com "env": {
DATABASE_URL: ${{ secrets.STAGING_DB_URL }} "ENVIRONMENT": "staging",
DEBUG: true "API_BASE_URL": "https://api-staging.example.com",
LOG_LEVEL: debug "DATABASE_URL": "${{ secrets.STAGING_DB_URL }}",
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" "DEBUG": "true",
"LOG_LEVEL": "debug"
}
}
claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
``` ```
### Features:
- **YAML Format**: Use standard YAML key-value syntax (`KEY: value`)
- **Multiline Support**: Define multiple environment variables in a single input
- **Comments**: Lines starting with `#` are ignored
- **GitHub Secrets**: Can reference GitHub secrets using `${{ secrets.SECRET_NAME }}`
- **Runtime Access**: Environment variables are available to Claude during execution
### Example Use Cases:
```yaml
# Development configuration
claude_env: |
NODE_ENV: development
API_URL: http://localhost:3000
DEBUG: true
# Production deployment
claude_env: |
NODE_ENV: production
API_URL: https://api.example.com
DATABASE_URL: ${{ secrets.PROD_DB_URL }}
REDIS_URL: ${{ secrets.REDIS_URL }}
# Feature flags and configuration
claude_env: |
FEATURE_NEW_UI: enabled
MAX_RETRIES: 3
TIMEOUT_MS: 5000
```
## Using Settings Configuration ## Using Settings Configuration
You can provide Claude Code settings configuration in two ways: You can provide Claude Code settings configuration in two ways:
@@ -201,7 +159,7 @@ Provide a path to a JSON file containing Claude Code settings:
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
settings: "path/to/settings.json" settings: "path/to/settings.json"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" claude_args: --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
``` ```
@@ -235,7 +193,6 @@ Provide the settings configuration directly as a JSON string:
}] }]
} }
} }
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
``` ```
@@ -252,7 +209,7 @@ The settings file supports all Claude Code settings options including:
## Using MCP Config ## Using MCP Config
You can provide MCP configuration in two ways: MCP configuration is passed to the Claude CLI via the `--mcp-config` flag in `claude_args`. You can provide it in two ways:
### Option 1: MCP Configuration File ### Option 1: MCP Configuration File
@@ -263,8 +220,9 @@ Provide a path to a JSON file containing MCP configuration:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
mcp_config: "path/to/mcp-config.json" claude_args: |
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" --mcp-config path/to/mcp-config.json
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
``` ```
@@ -277,19 +235,9 @@ Provide the MCP configuration directly as a JSON string:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
mcp_config: | claude_args: |
{ --mcp-config '{"mcpServers":{"server-name":{"command":"node","args":["./server.js"],"env":{"API_KEY":"your-api-key"}}}}'
"mcpServers": { --allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
"server-name": {
"command": "node",
"args": ["./server.js"],
"env": {
"API_KEY": "your-api-key"
}
}
}
}
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
``` ```
@@ -309,16 +257,16 @@ The MCP config file should follow this format:
} }
``` ```
You can combine MCP config with other inputs like allowed tools: To allow Claude to use a tool from an MCP server, include it in `--allowedTools` as `mcp__server-name__tool_name`:
```yaml ```yaml
# Using multiple inputs together
- name: Run Claude Code with MCP and custom tools - name: Run Claude Code with MCP and custom tools
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Access the custom MCP server and use its tools" prompt: "Access the custom MCP server and use its tools"
mcp_config: "mcp-config.json" claude_args: |
allowed_tools: "Bash(git:*),View,mcp__server-name__custom_tool" --mcp-config mcp-config.json
--allowedTools "Bash(git:*),View,mcp__server-name__custom_tool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
``` ```
@@ -345,7 +293,7 @@ jobs:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Write your review as markdown text." prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Write your review as markdown text."
allowed_tools: "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write" claude_args: --allowedTools "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Extract and Comment PR Review - name: Extract and Comment PR Review
@@ -400,7 +348,7 @@ You can authenticate with Claude using any of these methods:
### Model Configuration ### Model Configuration
Use provider-specific model names based on your chosen provider: Use provider-specific model names via `--model` in `claude_args` based on your chosen provider:
```yaml ```yaml
# For direct Anthropic API (default) # For direct Anthropic API (default)
@@ -408,7 +356,7 @@ Use provider-specific model names based on your chosen provider:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
model: "claude-3-7-sonnet-20250219" claude_args: --model claude-3-7-sonnet-20250219
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# For Amazon Bedrock (requires OIDC authentication) # For Amazon Bedrock (requires OIDC authentication)
@@ -422,7 +370,7 @@ Use provider-specific model names based on your chosen provider:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
model: "anthropic.claude-3-7-sonnet-20250219-v1:0" claude_args: --model anthropic.claude-3-7-sonnet-20250219-v1:0
use_bedrock: "true" use_bedrock: "true"
# For Google Vertex AI (requires OIDC authentication) # For Google Vertex AI (requires OIDC authentication)
@@ -436,7 +384,7 @@ Use provider-specific model names based on your chosen provider:
uses: anthropics/claude-code-base-action@beta uses: anthropics/claude-code-base-action@beta
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
model: "claude-3-7-sonnet@20250219" claude_args: --model claude-3-7-sonnet@20250219
use_vertex: "true" use_vertex: "true"
``` ```
@@ -456,8 +404,9 @@ This example shows how to use OIDC authentication with AWS Bedrock:
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
use_bedrock: "true" use_bedrock: "true"
model: "anthropic.claude-3-7-sonnet-20250219-v1:0" claude_args: |
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" --model anthropic.claude-3-7-sonnet-20250219-v1:0
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
``` ```
## Example: Using OIDC Authentication for GCP Vertex AI ## Example: Using OIDC Authentication for GCP Vertex AI
@@ -476,8 +425,9 @@ This example shows how to use OIDC authentication with GCP Vertex AI:
with: with:
prompt: "Your prompt here" prompt: "Your prompt here"
use_vertex: "true" use_vertex: "true"
model: "claude-3-7-sonnet@20250219" claude_args: |
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool" --model claude-3-7-sonnet@20250219
--allowedTools "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
``` ```
## Security Best Practices ## Security Best Practices

9
base-action/src/index.ts
View File

@@ -22,15 +22,6 @@ async function run() {
await runClaude(promptConfig.path, { await runClaude(promptConfig.path, {
claudeArgs: process.env.INPUT_CLAUDE_ARGS, claudeArgs: process.env.INPUT_CLAUDE_ARGS,
allowedTools: process.env.INPUT_ALLOWED_TOOLS,
disallowedTools: process.env.INPUT_DISALLOWED_TOOLS,
maxTurns: process.env.INPUT_MAX_TURNS,
mcpConfig: process.env.INPUT_MCP_CONFIG,
systemPrompt: process.env.INPUT_SYSTEM_PROMPT,
appendSystemPrompt: process.env.INPUT_APPEND_SYSTEM_PROMPT,
claudeEnv: process.env.INPUT_CLAUDE_ENV,
fallbackModel: process.env.INPUT_FALLBACK_MODEL,
model: process.env.ANTHROPIC_MODEL,
pathToClaudeCodeExecutable: pathToClaudeCodeExecutable:
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE, process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
}); });

9
base-action/src/run-claude.ts
View File

@@ -14,16 +14,7 @@ const BASE_ARGS = ["--verbose", "--output-format", "stream-json"];
export type ClaudeOptions = { export type ClaudeOptions = {
claudeArgs?: string; claudeArgs?: string;
model?: string;
pathToClaudeCodeExecutable?: string; pathToClaudeCodeExecutable?: string;
allowedTools?: string;
disallowedTools?: string;
maxTurns?: string;
mcpConfig?: string;
systemPrompt?: string;
appendSystemPrompt?: string;
claudeEnv?: string;
fallbackModel?: string;
}; };
type PreparedConfig = { type PreparedConfig = {