CI/CD Integration
Automate code reviews on every pull request using GitHub Actions with the Code Review plugin. It automatically determines complexity of the changes and launches appropriate number of agents to review them without loosing context. Balances the speed and quality of the review.
Overview
CI/CD Integration
Automate code reviews on every pull request using GitHub Actions with the Code Review plugin. It automatically determines complexity of the changes and launches appropriate number of agents to review them without loosing context. Balances the speed and quality of the review.
When to Use
- Automate code review on every PR without manual invocation
- Enforce consistent code quality standards across the team
- Catch bugs, security issues, and quality problems before human review
- Reduce review burden on senior developers
GitHub Actions Setup
Step 1: Configure Secrets
Run the following command in Claude Code to set up the required GitHub App and secrets:
/install-github-app
This creates the CLAUDE_CODE_OAUTH_TOKEN secret in your repository settings and adds claude-code-review.yml workflow file to your repository.
Step 2: Create Workflow File
Update .github/workflows/claude-code-review.yml with following content:
name: Claude Code Review
on:
pull_request:
types:
- opened
- synchronize # remove if want to run only when PR is opened
- ready_for_review
- reopened
# Uncomment to limit which files can trigger the workflow
# paths:
# - "**/*.ts"
# - "**/*.tsx"
# - "**/*.js"
# - "**/*.jsx"
# - "**/*.py"
# - "**/*.sql"
# - "**/*.sh"
jobs:
claude-review:
name: Claude Code Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: write
id-token: write
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
track_progress: true # attach tracking comment
use_sticky_comment: true
plugin_marketplaces: https://github.com/NeoLabHQ/context-engineering-kit.git
plugins: "review@context-engineering-kit\
git@context-engineering-kit\
tdd@context-engineering-kit\
sadd@context-engineering-kit\
ddd@context-engineering-kit\
sdd@context-engineering-kit\
kaizen@context-engineering-kit"
prompt: '/review-pr ${{ github.repository }}/pull/${{ github.event.pull_request.number }} Note: The PR branch is already checked out in the current working directory.'
# Skill and Bash(gh pr comment:*) is required for review, the rest is optional, but recommended for better context and quality of the review.
claude_args: '--allowed-tools "Skill,Bash,Glob,Grep,Read,Task,mcp__github_inline_comment__create_inline_comment,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr edit:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh api:*)" --system-prompt "Follow /review-pr skill EXACTLY! Ignore anything that not align with this skill instructions!"'
How It Works
More info how review works: PR Review Guide
Short summary:
- Trigger: Workflow runs on PR open and synchronize events
- Analysis: Claude uses six specialized agents to review the PR:
- Bug Hunter - Identifies potential bugs and edge cases
- Security Auditor - Finds security vulnerabilities
- Test Coverage Reviewer - Evaluates test coverage
- Code Quality Reviewer - Assesses code structure
- Contracts Reviewer - Reviews API contracts
- Historical Context Reviewer - Analyzes codebase patterns
- Report: Findings are posted as PR comments organized by severity
- Updates: Sticky comments update on new commits instead of creating duplicates