Skip to content

ci: add Claude Code PR review via jamf/github-actions-claude#109

Closed
ktn-jamf wants to merge 1 commit into
mainfrom
feat/claude-code-pr-review
Closed

ci: add Claude Code PR review via jamf/github-actions-claude#109
ktn-jamf wants to merge 1 commit into
mainfrom
feat/claude-code-pr-review

Conversation

@ktn-jamf
Copy link
Copy Markdown
Collaborator

@ktn-jamf ktn-jamf commented Apr 9, 2026

Summary

Adds automated Claude Code PR reviews using the shared Jamf reusable workflow (jamf/github-actions-claude@v1). Reviews run via AWS Bedrock with OIDC auth — no API keys or AWS setup needed.

  • Triggers: PR open/reopen/ready, @claude in comments
  • Model: Claude Sonnet 4.6 (default, best cost/performance)
  • Plugins: pr-review-toolkit (5 specialist sub-agents: code quality, test coverage, error handling, type design, comment accuracy)

Enabled features

Feature Why
severity_taxonomy Structured findings: Critical / Important / Suggestion / Nit
resolve_threads Auto-resolve threads fixed by new commits on re-review
cleanup_comments Delete stale bot comments before each review run

Project-specific context (additional_context)

  • Skip generated code — 200+ files in internal/commands/pro/generated/ are auto-generated; review the generator source instead
  • Don't duplicate CI — golangci-lint, tests, verify-generated already run in ci.yaml
  • Credential policy — flag any PR adding --password, --token, or --client-secret flags
  • Generator awareness — template changes in generator/parser/generator.go affect all generated commands
  • Spec awarenessspecs/*.yaml changes should be paired with regenerated output

OIDC trust caveat

The shared IAM role's OIDC trust is documented for the jamf org. This repo is in Jamf-Concepts — if the credential step fails, the trust needs extending to cover this org (or we deploy a per-repo IAM role per docs).

Test plan

  • Workflow triggers on this PR's opened event (check Actions tab)
  • OIDC credential step succeeds (verifies Jamf-Concepts org trust)
  • Claude posts inline comments with severity tags and a summary comment
  • Push a follow-up commit with @claude in the message — re-review triggers
  • Post @claude in a comment — conversational response works

🤖 Generated with Claude Code

@ktn-jamf @claude
ci: add Claude Code PR review via jamf/github-actions-claude
95070ab 
Automated PR reviews using Claude Sonnet 4.6 via AWS Bedrock. Reviews
trigger on PR open/update and respond to @claude in comments.

Configured with project-specific context: skip generated code review,
enforce credential input policy, focus on design/correctness over
linter feedback (CI already covers that).

Enabled: severity taxonomy, thread resolution, comment cleanup.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ktn-jamf ktn-jamf closed this Apr 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@neilmartin83 neilmartin83 neilmartin83 approved these changes

@grahampugh grahampugh Awaiting requested review from grahampugh grahampugh is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ktn-jamf @neilmartin83