Add Claude to your CI pipeline and get automatic code reviews on every pull request.
Basic Setup
Create .github/workflows/claude-review.yml:
name: Claude PR Review
on:
pull_request:
issue_comment:
types: [created]
jobs:
review:
if: |
github.event_name == 'pull_request' ||
contains(github.event.comment.body, '@claude')
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
issues: write
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
Review this PR for bugs, security issues, and style.
Be specific. Reference line numbers.Trigger on @claude Mentions
Anyone on the team can tag @claude in a PR comment to ask questions, request changes, or get explanations. Claude responds in-thread with full context of the diff.
Path-Specific Reviews
Focus Claude on critical files:
- uses: anthropics/claude-code-action@v1
if: contains(github.event.pull_request.changed_files, 'src/auth/')
with:
prompt: |
This PR touches authentication code.
Review for OWASP top 10 vulnerabilities.
Check for credential leaks and injection attacks.Custom Review Checklists
prompt: |
Review against our team standards:
- [ ] No console.log left in production code
- [ ] All new functions have error handling
- [ ] Database queries use parameterized inputs
- [ ] New API endpoints have rate limitingTip
Store your ANTHROPIC_API_KEY in GitHub repository secrets. Never commit it to the repo.