mirror of
https://github.com/lobehub/lobehub
synced 2026-04-21 17:47:27 +00:00
aaefe6c0d2
* 👷 chore(ci): unify CI package manager from bun to pnpm Replace bun with pnpm across all GitHub Actions workflows to ensure lockfile consistency with pnpm-lock.yaml as single source of truth. * 👷 chore(ci): replace bun run with pnpm run in package.json scripts Fix build failure in CI where bun is not installed. Replace bun run references in root and e2e package.json scripts with pnpm run. * 👷 chore(e2e): replace bunx with npx in e2e server startup * 👷 chore(ci): create unified setup-env action, use pnpm install + bun run - Add .github/actions/setup-env composite action (pnpm + bun + node) - Refactor desktop-build-setup to use setup-env internally - All workflows: pnpm install for deps, bun run for scripts - Revert package.json/e2e scripts back to bun run - Remove all direct pnpm/action-setup and oven-sh/setup-bun from workflows * 🐛 fix(test): inline lexical ESM deps for vitest under pnpm pnpm's strict node_modules layout causes vitest ESM resolution to fail for lexical's named exports. Add lexical and @lexical/* to inline deps.
59 lines
2.3 KiB
YAML
59 lines
2.3 KiB
YAML
name: Claude Code
|
|
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
pull_request_review_comment:
|
|
types: [created]
|
|
issues:
|
|
types: [opened, assigned]
|
|
pull_request_review:
|
|
types: [submitted]
|
|
|
|
jobs:
|
|
claude:
|
|
if: |
|
|
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
|
|
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
|
|
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
|
|
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
issues: write
|
|
id-token: write
|
|
actions: read # Required for Claude to read CI results on PRs
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Copy security prompt
|
|
run: |
|
|
mkdir -p /tmp/claude-prompts
|
|
cp .claude/prompts/security-rules.md /tmp/claude-prompts/
|
|
|
|
- name: Run Claude Code
|
|
id: claude
|
|
uses: anthropics/claude-code-action@v1
|
|
with:
|
|
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
|
|
|
# This is an optional setting that allows Claude to read CI results on PRs
|
|
additional_permissions: |
|
|
actions: read
|
|
|
|
# Optional: Specify model via claude_args --model (defaults to Claude Sonnet 4)
|
|
allowed_bots: 'bot'
|
|
|
|
# Optional: Customize the trigger phrase (default: @claude)
|
|
# trigger_phrase: "/claude"
|
|
|
|
# Optional: Trigger when specific user is assigned to an issue
|
|
# assignee_trigger: "claude-bot"
|
|
|
|
# Security: Allow only specific safe commands - no gh commands to prevent token exfiltration
|
|
# These tools are restricted to code analysis and build operations only
|
|
claude_args: |
|
|
--allowedTools "Bash(git:*),Bash(gh:*),Bash(bun run:*),Bash(bunx:*),Bash(pnpm:*),Bash(npm run:*),Bash(npx:*),Bash(vitest:*),Bash(rg:*),Bash(find:*),Bash(sed:*),Bash(grep:*),Bash(awk:*),Bash(wc:*),Bash(xargs:*)"
|
|
--append-system-prompt "$(cat /tmp/claude-prompts/security-rules.md)"
|