diff options
| author | Harsh Aggarwal (NVIDIA) <haaggarwal@nvidia.com> | 2025-08-05 19:28:55 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-08-05 13:58:55 +0000 |
| commit | 2d775b54d2ab7772785c2196075d4c7c174407ab (patch) | |
| tree | a1204b30debeabe30e61a1cc7533d94eda95b904 /.github | |
| parent | 9a16700e858fc0379e551ab72188eb63a54ad3f1 (diff) | |
Bring back hooks for auto formatting and ensure build works (#7811)
* Claude code : refactor and improve stability by using hooks
* format code (#27)
Co-authored-by: slangbot <186143334+slangbot@users.noreply.github.com>
---------
Co-authored-by: szihs <675653+szihs@users.noreply.github.com>
Co-authored-by: slangbot <ellieh+slangbot@nvidia.com>
Co-authored-by: slangbot <186143334+slangbot@users.noreply.github.com>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/actions/claude-code-runner/action.yml | 359 | ||||
| -rw-r--r-- | .github/workflows/claude.yml | 288 |
2 files changed, 405 insertions, 242 deletions
diff --git a/.github/actions/claude-code-runner/action.yml b/.github/actions/claude-code-runner/action.yml new file mode 100644 index 000000000..f68a7914c --- /dev/null +++ b/.github/actions/claude-code-runner/action.yml @@ -0,0 +1,359 @@ +name: "Claude Code Runner" +description: "Complete Claude Code execution with authentication, setup, execution, and results handling" +inputs: + # Authentication inputs + llmgw-id: + description: "LLMGW ID for token generation" + required: true + llmgw-secret: + description: "LLMGW secret for token generation" + required: true + llmgw-token-url: + description: "LLMGW token URL for authentication" + required: true + github-token-fallback: + description: "Fallback GitHub token if App token fails" + required: false + default: "" + + # Claude configuration + model: + description: "Anthropic model to use" + required: false + default: "claude-3-5-sonnet-20241022" + max-turns: + description: "Maximum number of turns for Claude" + required: false + default: "50000" + timeout-minutes: + description: "Timeout for Claude action in minutes" + required: false + default: "600" + trigger-phrase: + description: "Trigger phrase to activate Claude" + required: false + default: "@claude" + assignee-trigger: + description: "Assignee trigger name" + required: false + default: "claude" + + # Environment and setup + custom-instructions: + description: "Custom instructions for Claude" + required: true + mcp-config: + description: "MCP server configuration JSON" + required: false + default: "" + allowed-tools: + description: "Comma-separated list of allowed tools" + required: false + default: "Bash,View,GlobTool,GrepTool,BatchTool,Write" + setup-commands: + description: "Setup commands to run before Claude (multiline string)" + required: false + default: "" + continue-on-setup-error: + description: "Continue if setup commands fail" + required: false + default: "false" + + # AWS/Bedrock configuration + use-bedrock: + description: "Use AWS Bedrock for Claude" + required: false + default: "true" + aws-region: + description: "AWS region" + required: false + default: "" + bedrock-base-url: + description: "Anthropic Bedrock base URL" + required: false + default: "" + small-fast-model: + description: "Small fast model for Anthropic" + required: false + default: "" + +outputs: + auth-token: + description: "Generated authentication token" + value: ${{ steps.auth-token.outputs.token }} + github-token: + description: "Final GitHub token (App or fallback)" + value: ${{ steps.auth-config.outputs.github-token }} + token-expires: + description: "Token expiration time (if available)" + value: ${{ steps.auth-token.outputs.token-expires }} + github-app-token-outcome: + description: "Outcome of GitHub App token generation" + value: ${{ steps.github-app-token.outcome }} + claude-outcome: + description: "Outcome of Claude Code execution" + value: ${{ steps.claude-action.outcome }} + +runs: + using: "composite" + steps: + # Validate environment and inputs + - name: Validate Environment + shell: bash + run: | + set -euo pipefail + + # Check required secrets + if [ -z "${{ inputs.llmgw-id }}" ] || [ -z "${{ inputs.llmgw-secret }}" ] || [ -z "${{ inputs.llmgw-token-url }}" ]; then + echo "::error::Missing required secrets: LLMGW_ID or LLMGW_SECRET or LLMGW_TOKEN_URL" + exit 1 + fi + + # Install required tools + command -v jq >/dev/null 2>&1 || { echo "::error::jq is required but not installed"; exit 1; } + command -v curl >/dev/null 2>&1 || { echo "::error::curl is required but not installed"; exit 1; } + + echo "โ
Environment validation passed" + + # Generate custom auth token + - name: Generate Custom Auth Token + id: auth-token + shell: bash + run: | + set -euo pipefail + + echo "๐ Generating authentication token..." + + # Set up error handling + cleanup() { + local exit_code=$? + echo "๐งน Cleaning up temporary files..." + rm -f /tmp/token_response.json 2>/dev/null || true + if [ $exit_code -ne 0 ]; then + echo "::error::Authentication failed - check your credentials and endpoint" + fi + exit $exit_code + } + trap cleanup EXIT + + # Generate token with comprehensive error handling (using Basic auth like original) + HTTP_CODE=$(curl -s -w "%{http_code}" -o /tmp/token_response.json --fail-with-body \ + --max-time 30 \ + --retry 3 \ + --retry-delay 2 \ + --location "${{ inputs.llmgw-token-url }}" \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --header "Authorization: Basic $(echo -n ${{ inputs.llmgw-id }}:${{ inputs.llmgw-secret }} | base64 -w0)" \ + --data-urlencode 'grant_type=client_credentials' \ + --data-urlencode 'scope=awsanthropic-readwrite azureopenai-readwrite' \ + 2>/dev/null) + + # Check HTTP response code + if [ "$HTTP_CODE" -ne 200 ]; then + echo "::error::Authentication failed with HTTP code: $HTTP_CODE" + if [ -f /tmp/token_response.json ]; then + echo "::error::Response: $(cat /tmp/token_response.json | head -c 200)" + fi + exit 1 + fi + + # Extract and validate token + if [ ! -f /tmp/token_response.json ]; then + echo "::error::No response file generated" + exit 1 + fi + + ANTHROPIC_AUTH_TOKEN=$(jq -r '.access_token // empty' /tmp/token_response.json 2>/dev/null) + + # Validate token format and length + if [ -z "$ANTHROPIC_AUTH_TOKEN" ] || [ "$ANTHROPIC_AUTH_TOKEN" = "null" ]; then + echo "::error::Failed to extract access token from response" + exit 1 + fi + + # Basic token validation + if [ ${#ANTHROPIC_AUTH_TOKEN} -lt 10 ]; then + echo "::error::Token appears to be too short (${#ANTHROPIC_AUTH_TOKEN} characters)" + exit 1 + fi + + # CRITICAL: Mask the token BEFORE any output + echo "::add-mask::$ANTHROPIC_AUTH_TOKEN" + + # Set outputs + echo "token=$ANTHROPIC_AUTH_TOKEN" >> $GITHUB_OUTPUT + + # Set token expiry if available + TOKEN_EXPIRES=$(jq -r '.expires_in // empty' /tmp/token_response.json 2>/dev/null) + if [ -n "$TOKEN_EXPIRES" ]; then + echo "::add-mask::$TOKEN_EXPIRES" + echo "token-expires=$TOKEN_EXPIRES" >> $GITHUB_OUTPUT + fi + + echo "โ
Authentication token generated and masked successfully" + + # Clean up response file + rm -f /tmp/token_response.json + + # Configure authentication + - name: Configure Authentication + id: auth-config + shell: bash + run: | + set -euo pipefail + + # Use GitHub App token if available, otherwise use GITHUB_TOKEN + if [ -n "${{ steps.github-app-token.outputs.token }}" ]; then + echo "github-token=${{ steps.github-app-token.outputs.token }}" >> $GITHUB_OUTPUT + echo "โ
Using GitHub App authentication" + else + echo "github-token=${{ inputs.github-token-fallback }}" >> $GITHUB_OUTPUT + echo "โ ๏ธ Using fallback GITHUB_TOKEN authentication" + fi + + # Run setup commands if provided + - name: Run setup commands + id: setup-commands + if: inputs.setup-commands != '' + shell: bash + continue-on-error: ${{ inputs.continue-on-setup-error == 'true' }} + run: ${{ inputs.setup-commands }} + + # Security cleanup + - name: Security Cleanup + if: always() + shell: bash + run: | + set -euo pipefail + + echo "๐งน Performing security cleanup..." + + # Clear any temporary files that might contain sensitive data + find /tmp -name "*token*" -type f -delete 2>/dev/null || true + find /tmp -name "*auth*" -type f -delete 2>/dev/null || true + find /tmp -name "*response*" -type f -delete 2>/dev/null || true + + # Clear environment variables (belt and suspenders approach) + unset ANTHROPIC_API_KEY 2>/dev/null || true + unset ANTHROPIC_AUTH_TOKEN 2>/dev/null || true + + echo "โ
Security cleanup completed" + + # Workflow summary + - name: Generate Workflow Summary + if: always() + shell: bash + run: | + echo "## Claude Code Runner Summary" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Authentication" >> $GITHUB_STEP_SUMMARY + echo "- **Auth Token**: โ
Generated" >> $GITHUB_STEP_SUMMARY + echo "- **Token Expiry**: ${{ steps.auth-token.outputs.token-expires || 'Not provided' }}" >> $GITHUB_STEP_SUMMARY + echo "- **GitHub Token**: ${{ steps.github-app-token.outcome == 'success' && 'โ
GitHub App' || 'โ ๏ธ Fallback' }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Configuration" >> $GITHUB_STEP_SUMMARY + echo "- **Model**: ${{ inputs.model }}" >> $GITHUB_STEP_SUMMARY + echo "- **Max Turns**: ${{ inputs.max-turns }}" >> $GITHUB_STEP_SUMMARY + echo "- **Timeout**: ${{ inputs.timeout-minutes }} minutes" >> $GITHUB_STEP_SUMMARY + echo "- **Bedrock**: ${{ inputs.use-bedrock == 'true' && 'โ
Enabled' || 'โ Disabled' }}" >> $GITHUB_STEP_SUMMARY + if [ "${{ inputs.use-bedrock }}" = "true" ]; then + echo "- **AWS Region**: ${{ inputs.aws-region || 'Default' }}" >> $GITHUB_STEP_SUMMARY + fi + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Setup" >> $GITHUB_STEP_SUMMARY + echo "- **Setup Commands**: ${{ inputs.setup-commands != '' && 'โ
Executed' || 'โญ๏ธ Skipped' }}" >> $GITHUB_STEP_SUMMARY + if [ "${{ inputs.setup-commands }}" != "" ]; then + echo "- **Setup Result**: ${{ steps.setup-commands.outcome || 'Unknown' }}" >> $GITHUB_STEP_SUMMARY + fi + echo "- **Security Cleanup**: โ
Completed" >> $GITHUB_STEP_SUMMARY + + # Execute Claude Code Action + - name: Execute Claude Code Action + id: claude-action + uses: anthropics/claude-code-action@beta + with: + custom_instructions: ${{ inputs.custom-instructions }} + mcp_config: ${{ inputs.mcp-config }} + allowed_tools: ${{ inputs.allowed-tools }} + trigger_phrase: ${{ inputs.trigger-phrase }} + assignee_trigger: ${{ inputs.assignee-trigger }} + timeout_minutes: ${{ inputs.timeout-minutes }} + github_token: ${{ steps.auth-config.outputs.github-token }} + use_bedrock: ${{ inputs.use-bedrock }} + model: ${{ inputs.model }} + max_turns: ${{ inputs.max-turns }} + # Use claude_env for custom environment variables + claude_env: | + ANTHROPIC_BEDROCK_BASE_URL: ${{ inputs.bedrock-base-url }} + ANTHROPIC_SMALL_FAST_MODEL: ${{ inputs.small-fast-model }} + AWS_REGION: ${{ inputs.aws-region }} + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_EVENT_NAME: ${{ github.event_name }} + GITHUB_ACTOR: ${{ github.actor }} + ANTHROPIC_AUTH_TOKEN: ${{ steps.auth-token.outputs.token }} + DISABLE_TELEMETRY: 1 + continue-on-error: true + + # Handle Claude results + - name: Handle Claude Results + if: always() + shell: bash + run: | + set -euo pipefail + + echo "๐ Processing Claude action results..." + + # Check if Claude action succeeded + if [ "${{ steps.claude-action.outcome }}" = "success" ]; then + echo "โ
Claude Code action completed successfully" + elif [ "${{ steps.claude-action.outcome }}" = "failure" ]; then + echo "โ Claude Code action failed" + + # Create error summary + echo "" >> $GITHUB_STEP_SUMMARY + echo "### โ Claude Execution Failed" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "The Claude Code action encountered an error. Common causes:" >> $GITHUB_STEP_SUMMARY + echo "- Authentication issues" >> $GITHUB_STEP_SUMMARY + echo "- Network connectivity problems" >> $GITHUB_STEP_SUMMARY + echo "- Model availability issues" >> $GITHUB_STEP_SUMMARY + echo "- Rate limiting" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Please check the workflow logs for detailed error information." >> $GITHUB_STEP_SUMMARY + else + echo "โ ๏ธ Claude Code action was cancelled or skipped" + fi + + # Add execution summary + - name: Add Claude Execution Summary + if: always() + shell: bash + run: | + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Claude Execution Details" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + + # Event information + echo "#### Event Information" >> $GITHUB_STEP_SUMMARY + echo "- **Trigger**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY + echo "- **Repository**: ${{ github.repository }}" >> $GITHUB_STEP_SUMMARY + echo "- **Actor**: @${{ github.actor }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + + # Execution status + echo "#### Execution Status" >> $GITHUB_STEP_SUMMARY + if [ "${{ steps.claude-action.outcome }}" = "success" ]; then + echo "- **Claude Action**: โ
Success" >> $GITHUB_STEP_SUMMARY + elif [ "${{ steps.claude-action.outcome }}" = "failure" ]; then + echo "- **Claude Action**: โ Failed" >> $GITHUB_STEP_SUMMARY + else + echo "- **Claude Action**: โ ๏ธ ${{ steps.claude-action.outcome }}" >> $GITHUB_STEP_SUMMARY + fi + echo "- **Model Used**: ${{ inputs.model }}" >> $GITHUB_STEP_SUMMARY + echo "- **Max Turns**: ${{ inputs.max-turns }}" >> $GITHUB_STEP_SUMMARY + echo "- **Workflow Status**: ${{ job.status }}" >> $GITHUB_STEP_SUMMARY + + # Add timestamp + echo "" >> $GITHUB_STEP_SUMMARY + echo "#### Timestamp" >> $GITHUB_STEP_SUMMARY + echo "- **Completed at**: $(date -u '+%Y-%m-%d %H:%M:%S UTC')" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index c2e0fb68e..f4bb58610 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -44,173 +44,60 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - submodules: "recursive" - fetch-depth: 2 # fetch minimal history for git context + fetch-depth: 0 + submodules: false + + - name: Checkout of submodules + run: git submodule update --init --recursive --depth=1 - name: Format Setup and Environment Preparation uses: ./.github/actions/format-setup - - name: Setup Environment Dependencies - run: | - set -euo pipefail - echo "๐๏ธ Setting up environment dependencies..." - - sudo apt-get update - sudo apt-get install -y libx11-dev - - # Configure and build the project - cmake --preset default --fresh - cmake --workflow --preset debug - - echo "โ
Environment setup completed" - - # Validate environment and dependencies - - name: Validate Environment - run: | - set -euo pipefail - - # Check required secrets - if [ -z "${{ secrets.LLMGW_ID }}" ] || [ -z "${{ secrets.LLMGW_SECRET }}" ] || [ -z "${{ secrets.LLMGW_TOKEN_URL }}" ]; then - echo "::error::Missing required secrets: LLMGW_ID or LLMGW_SECRET or LLMGW_TOKEN_URL" - exit 1 - fi - - # Install required tools - command -v jq >/dev/null 2>&1 || { echo "::error::jq is required but not installed"; exit 1; } - command -v curl >/dev/null 2>&1 || { echo "::error::curl is required but not installed"; exit 1; } - - echo "โ
Environment validation passed" - - # Generate custom auth token and set as environment variable - - name: Generate Custom Auth Token - id: auth-token - env: - LLMGW_TOKEN_URL: ${{ secrets.LLMGW_TOKEN_URL }} - run: | - set -euo pipefail - - echo "๐ Generating authentication token..." - - # Set up error handling - cleanup() { - local exit_code=$? - echo "๐งน Cleaning up temporary files..." - rm -f /tmp/token_response.json 2>/dev/null || true - if [ $exit_code -ne 0 ]; then - echo "::error::Authentication failed - check your credentials and endpoint" - fi - exit $exit_code - } - trap cleanup EXIT - - # Generate token with comprehensive error handling - HTTP_CODE=$(curl -s -w "%{http_code}" -o /tmp/token_response.json --fail-with-body \ - --max-time 30 \ - --retry 3 \ - --retry-delay 2 \ - --location "${{ env.LLMGW_TOKEN_URL }}" \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --header "Authorization: Basic $(echo -n ${{ secrets.LLMGW_ID }}:${{ secrets.LLMGW_SECRET }} | base64 -w0)" \ - --data-urlencode 'grant_type=client_credentials' \ - --data-urlencode 'scope=awsanthropic-readwrite azureopenai-readwrite' \ - 2>/dev/null) - - # Check HTTP response code - if [ "$HTTP_CODE" -ne 200 ]; then - echo "::error::Authentication failed with HTTP code: $HTTP_CODE" - if [ -f /tmp/token_response.json ]; then - echo "::error::Response: $(cat /tmp/token_response.json | head -c 200)" - fi - exit 1 - fi - - # Extract and validate token - if [ ! -f /tmp/token_response.json ]; then - echo "::error::No response file generated" - exit 1 - fi - - ANTHROPIC_AUTH_TOKEN=$(jq -r '.access_token // empty' /tmp/token_response.json 2>/dev/null) - - # Validate token format and length - if [ -z "$ANTHROPIC_AUTH_TOKEN" ] || [ "$ANTHROPIC_AUTH_TOKEN" = "null" ]; then - echo "::error::Failed to extract access token from response" - exit 1 - fi - - # Basic token validation - if [ ${#ANTHROPIC_AUTH_TOKEN} -lt 10 ]; then - echo "::error::Token appears to be too short (${#ANTHROPIC_AUTH_TOKEN} characters)" - exit 1 - fi - - # CRITICAL: Mask the token BEFORE any output - echo "::add-mask::$ANTHROPIC_AUTH_TOKEN" - - # Set as environment variable for subsequent steps - echo "ANTHROPIC_AUTH_TOKEN=$ANTHROPIC_AUTH_TOKEN" >> $GITHUB_ENV - - # Set token expiry if available - TOKEN_EXPIRES=$(jq -r '.expires_in // empty' /tmp/token_response.json 2>/dev/null) - if [ -n "$TOKEN_EXPIRES" ]; then - echo "::add-mask::$TOKEN_EXPIRES" - echo "token-expires=$TOKEN_EXPIRES" >> $GITHUB_OUTPUT - fi - - echo "โ
Authentication token generated and masked successfully" + # Complete Claude execution with authentication, setup, and execution + - name: Run Claude Code + id: claude + uses: ./.github/actions/claude-code-runner + with: + # Authentication (these secrets must be configured in your repository) + llmgw-id: ${{ secrets.LLMGW_ID }} + llmgw-secret: ${{ secrets.LLMGW_SECRET }} + llmgw-token-url: ${{ secrets.LLMGW_TOKEN_URL }} + github-token-fallback: ${{ secrets.GITHUB_TOKEN }} - # Clean up response file - rm -f /tmp/token_response.json + # Repository-specific setup + setup-commands: | + set -euo pipefail + echo "๐๏ธ Setting up environment dependencies..." - # Generate GitHub App token for better GitHub API access - - name: Generate GitHub App Token - id: github-token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.APP_ID }} - private-key: ${{ secrets.APP_PRIVATE_KEY }} - continue-on-error: true + sudo apt-get update + sudo apt-get install -y libx11-dev - # Set up fallback authentication - - name: Configure Authentication - id: auth-config - run: | - set -euo pipefail + # Configure and build the project + cmake --preset default --fresh + cmake --workflow --preset debug - # Use GitHub App token if available, otherwise use GITHUB_TOKEN - if [ -n "${{ steps.github-token.outputs.token }}" ]; then - echo "github-token=${{ steps.github-token.outputs.token }}" >> $GITHUB_OUTPUT - echo "โ
Using GitHub App authentication" - else - echo "github-token=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT - echo "โ ๏ธ Using fallback GITHUB_TOKEN authentication" - fi + echo "โ
Environment setup completed" - # Run Claude Code Action with optimized environment variables - - name: Execute Claude Code Action # Right now direct prompt to automatic PR Review - id: claude-action - uses: anthropics/claude-code-action@v0.0.38 - with: - # Direct Prompt is for testing. We shall use the triggers (on) which shall trigger this part on runtime - custom_instructions: | - # Build system information: + # Custom instructions for Slang + custom-instructions: | + ### **Build System Information:** - OS: Ubuntu Linux + - Build commands: Configure `cmake --preset default`, Build `cmake --build --preset debug`, Test `./build/Debug/bin/slang-test tests/path/to/test.slang` - Project is pre-built and ready for development tasks - - See CLAUDE.md for detailed build, test, and formatting instructions - # CRITICAL: You have access to the mcp__deepwiki__ask_question tool for deep repository knowledge. + ### **IMPORTANT: Deep Repository Knowledge & Debugging** + **Repository Knowledge Tool**: Use `mcp__deepwiki__ask_question` with repoName "shader-slang/slang" for architectural insights and implementation patterns. - **How to use this tool effectively:** - - Use repoName: "shader-slang/slang" for all queries - - Ask specific technical questions about architecture, patterns, or implementation approaches - - Examples: "What does the type legalization pass do?" or "What's the pattern for adding new code generation targets?" - - Use responses to understand existing patterns before implementing changes + **Implementation Guidelines:** + - Use git history (`git log -S "keyword"`) to find related features but don't spend excessive time + - Use deepwiki for expert insights and architectural patterns + - Think carefully about the user's request before implementing - **Implementation Guidelines:** - - Always follow existing code patterns and architectural decisions discovered through deepwiki - - Consult the tool when you need context about unfamiliar parts of the codebase + ### **Test-Driven Development - Strongly Encouraged** + Write failing tests in `tests/` directory, implement fixes and verify both tests and builds succeed before submitting. - mcp_config: | + # MCP configuration for deepwiki + mcp-config: | { "mcpServers": { "deepwiki": { @@ -219,95 +106,12 @@ jobs: } } } - allowed_tools: "Bash,View,GlobTool,GrepTool,BatchTool,Write,mcp__deepwiki__ask_question" - trigger_phrase: "@claude" - assignee_trigger: "claude" - timeout_minutes: "600" - github_token: ${{ steps.auth-config.outputs.github-token }} - use_bedrock: "true" - model: ${{ vars.ANTHROPIC_MODEL }} - max_turns: "50000" - # Use claude_env for custom environment variables - claude_env: | - ANTHROPIC_BEDROCK_BASE_URL: ${{ vars.ANTHROPIC_BEDROCK_BASE_URL }} - ANTHROPIC_SMALL_FAST_MODEL: ${{ vars.ANTHROPIC_SMALL_FAST_MODEL }} - AWS_REGION: ${{ vars.AWS_REGION }} - GITHUB_REPOSITORY: ${{ github.repository }} - GITHUB_EVENT_NAME: ${{ github.event_name }} - GITHUB_ACTOR: ${{ github.actor }} - ANTHROPIC_AUTH_TOKEN: ${{ env.ANTHROPIC_AUTH_TOKEN }} - DISABLE_TELEMETRY: 1 - - # The ANTHROPIC_API_KEY environment variable is automatically picked up - continue-on-error: true - - # Handle action results and errors - - name: Handle Action Results - if: always() - run: | - set -euo pipefail - - # Check if Claude action succeeded - if [ "${{ steps.claude-action.outcome }}" = "success" ]; then - echo "โ
Claude Code action completed successfully" - - # Optional: Add success comment to PR/issue - if [ -n "${{ github.event.issue.number || github.event.pull_request.number }}" ]; then - echo "Claude has successfully processed your request! ๐" >> /tmp/comment.md - echo "<!-- Claude-success -->" >> /tmp/comment.md - fi - - elif [ "${{ steps.claude-action.outcome }}" = "failure" ]; then - echo "โ Claude Code action failed" - # Create error comment for debugging - cat > /tmp/error_comment.md << 'EOF' - ## Claude Code Action Failed โ - - The Claude Code action encountered an error. This could be due to: - - Network connectivity issues - - Authentication problems - - Model availability issues - - Rate limiting - - Please check the workflow logs for more details and try again. - - <!-- Claude-error --> - EOF - - else - echo "โ ๏ธ Claude Code action was cancelled or skipped" - fi - - # Security cleanup - - name: Security Cleanup - if: always() - run: | - set -euo pipefail - - echo "๐งน Performing security cleanup..." - - # Clear any temporary files that might contain sensitive data - find /tmp -name "*token*" -type f -delete 2>/dev/null || true - find /tmp -name "*auth*" -type f -delete 2>/dev/null || true - find /tmp -name "*response*" -type f -delete 2>/dev/null || true - - # Clear environment variables (belt and suspenders approach) - unset ANTHROPIC_API_KEY 2>/dev/null || true - unset ANTHROPIC_AUTH_TOKEN 2>/dev/null || true - - echo "โ
Security cleanup completed" + # Advanced configuration (using repository variables) + model: ${{ vars.ANTHROPIC_MODEL }} + aws-region: ${{ vars.AWS_REGION }} + bedrock-base-url: ${{ vars.ANTHROPIC_BEDROCK_BASE_URL }} + small-fast-model: ${{ vars.ANTHROPIC_SMALL_FAST_MODEL }} - # Workflow summary - - name: Workflow Summary - if: always() - run: | - echo "## Claude Code Workflow Summary" >> $GITHUB_STEP_SUMMARY - echo "- **Trigger**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY - echo "- **Repository**: ${{ github.repository }}" >> $GITHUB_STEP_SUMMARY - echo "- **Actor**: ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY - echo "- **Auth Token**: โ
Generated" >> $GITHUB_STEP_SUMMARY - echo "- **GitHub Token**: ${{ steps.github-token.outcome == 'success' && 'โ
GitHub App' || 'โ ๏ธ Fallback' }}" >> $GITHUB_STEP_SUMMARY - echo "- **Claude Action**: ${{ steps.claude-action.outcome == 'success' && 'โ
Success' || 'โ Failed' }}" >> $GITHUB_STEP_SUMMARY - echo "- **Model Used**: ${{ vars.ANTHROPIC_MODEL || 'default' }}" >> $GITHUB_STEP_SUMMARY - echo "- **Workflow Status**: ${{ job.status }}" >> $GITHUB_STEP_SUMMARY + # Additional tools for deepwiki + allowed-tools: "Bash,View,GlobTool,GrepTool,BatchTool,Write,mcp__deepwiki__ask_question" |