Skip to content
.github/workflows/claude-review.yml

Fix: Correct secrets access in reusable workflow #12

Sign in to view logs

Fix: Correct secrets access in reusable workflow

Fix: Correct secrets access in reusable workflow #12

Workflow file for this run

.github/workflows/claude-review.yml at a855419
name: Claude Code – PR Review

Check failure on line 1 in .github/workflows/claude-review.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/claude-review.yml

Invalid workflow file 

(Line: 47, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.APP_ID != '' && secrets.APP_PRIVATE_KEY != ''
on:
workflow_call:
inputs:
mode:
description: "review | security | fix"
required: false
type: string
default: "review"
paths:
description: "Only run if these paths change"
required: false
type: string
default: ""
model:
description: "Claude model (direct)"
required: false
type: string
default: "claude-sonnet-4-5"
secrets:
ANTHROPIC_API_KEY:
required: true
APP_ID:
required: false
APP_PRIVATE_KEY:
required: false
AWS_ROLE_TO_ASSUME:
required: false
permissions:
contents: write
pull-requests: write
issues: write
id-token: write # needed for Bedrock/Vertex OIDC
jobs:
review:
runs-on: ubuntu-latest
timeout-minutes: 15
if: ${{ inputs.paths == '' || contains(join(github.event.pull_request.changed_files, ','), inputs.paths) }}
steps:
- uses: actions/checkout@v4
# (Optional) Generate a GitHub App token for better commenting behavior
- name: Generate GitHub App token
id: app-token
if: ${{ secrets.APP_ID != '' && secrets.APP_PRIVATE_KEY != '' }}
uses: actions/create-github-app-token@v2
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Run Claude via Anthropic API
uses: anthropics/claude-code-action-official@v1
with:
github_token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
/review
Use CLAUDE.md if present.
Mode: ${{ inputs.mode }}
Be concise. Flag security/PII/secrets risks. Propose diffs.
claude_args: "--model ${{ inputs.model }} --max-turns 6"