Fix Claude Code Action authentication and context issues

- Remove invalid pr_number parameter - Add explicit github_token to fix OIDC failure in workflow_run - Add mode: review for proper review mode - Create fake event.json to provide PR context - Set environment variables to simulate PR event
2025-12-24 02:39:17 -05:00 · 2025-08-19 10:43:47 +03:00
parent e554f7b1ae
commit 933d2deb3b
1 changed files with 39 additions and 4 deletions
--- a/.github/workflows/claude-review-ext.yml
+++ b/.github/workflows/claude-review-ext.yml
@@ -113,22 +113,53 @@ jobs:
              body: `🤖 **Claude Review (External PR) Starting...**\n\nAnalyzing PR changes in a secure environment. This may take a few minutes.`
            });
      
+      - name: Create Event Context for Claude
+        run: |
+          # Create a fake event.json that Claude can use to understand the PR context
+          cat > /tmp/event.json << EOF
+          {
+            "action": "opened",
+            "number": ${{ env.PR_NUMBER }},
+            "pull_request": {
+              "number": ${{ env.PR_NUMBER }},
+              "title": "${{ env.PR_TITLE }}",
+              "user": {
+                "login": "${{ env.PR_AUTHOR }}"
+              },
+              "head": {
+                "sha": "${{ env.HEAD_SHA }}"
+              },
+              "base": {
+                "ref": "${{ env.PR_BASE_BRANCH }}"
+              }
+            }
+          }
+          EOF
+          echo "Created event context for PR #${{ env.PR_NUMBER }}"
+      
      - name: Run Claude Code Review
        id: claude
        uses: anthropics/claude-code-action@beta
        timeout-minutes: 15
+        env:
+          # Set environment variables to provide PR context
+          GITHUB_EVENT_NAME: 'pull_request'
+          GITHUB_EVENT_PATH: '/tmp/event.json'
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
          
+          # Explicitly provide GitHub token since OIDC fails in workflow_run context
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          
+          # Use review mode for code review
+          mode: 'review'
+          
          # Use the external review trigger phrase
          trigger_phrase: "@claude-review-ext"
          
-          # Custom context for PR review
-          pr_number: ${{ env.PR_NUMBER }}
-          
          # Review-specific instructions (same as claude-review.yml)
          custom_instructions: |
-            You are performing a CODE REVIEW for an EXTERNAL PULL REQUEST. 
+            You are performing a CODE REVIEW for an EXTERNAL PULL REQUEST #${{ env.PR_NUMBER }}
            This is a secure two-stage review process for PRs from forks.
            
            ## Security Context
@@ -136,6 +167,10 @@ jobs:
            The PR code has been fetched but NOT checked out for security reasons.
            Review the changes in pr-diff.patch file.
            
+            ## Important
+            Since this is running via workflow_run, you should analyze the pr-diff.patch file that contains all the changes.
+            The diff file has already been created and is available in the current directory.
+            
            ## Your Role
            You are reviewing code for Archon V2 Alpha, a local-first AI knowledge management system in early alpha stage.