ci: use official Claude PR review comments

MapleEve · MapleEve · commit 545f5754e056 · 2026-05-08T02:14:56.000+08:00
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -2,9 +2,8 @@ name: Claude Code Review
 
 on:
   pull_request:
-    types: [opened, synchronize, ready_for_review]
+    types: [opened, synchronize, reopened, ready_for_review]
     branches: [main]
-  workflow_dispatch:
 
 permissions:
   contents: read
@@ -18,11 +17,8 @@ jobs:
     runs-on: ubuntu-latest
     if: >-
       ${{
-        github.event_name == 'workflow_dispatch' ||
-        (
-          github.event.pull_request.draft == false &&
-          contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.pull_request.author_association)
-        )
+        github.event.pull_request.draft == false &&
+        contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.pull_request.author_association)
       }}
     env:
       ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
@@ -33,61 +29,43 @@ jobs:
       - name: Skip when Claude secrets are not configured
         if: ${{ env.ANTHROPIC_API_KEY == '' || env.ANTHROPIC_BASE_URL == '' || env.GH_TOKEN_VALUE == '' }}
         run: echo "Claude Code review secrets are not configured; skipping Claude Code review."
+
       - name: Checkout repository
         if: ${{ env.ANTHROPIC_API_KEY != '' && env.ANTHROPIC_BASE_URL != '' && env.GH_TOKEN_VALUE != '' }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 1
           persist-credentials: false
+
       - name: Run Claude Code review
-        id: claude-review
         if: ${{ env.ANTHROPIC_API_KEY != '' && env.ANTHROPIC_BASE_URL != '' && env.GH_TOKEN_VALUE != '' }}
-        continue-on-error: true
         uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           github_token: ${{ secrets.GH_TOKEN }}
+          track_progress: true
           prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
             Review this pull request using REVIEW.md as the review-only guide.
-            Focus on actionable VoScript risks: privacy/security leaks, model lifecycle races,
-            GPU/CPU fallback behavior, HTTP API compatibility, regression-test coverage, and
-            synchronized English/Chinese documentation. Avoid formatting-only comments.
+            Focus on actionable VoScript risks:
+            - Privacy and security leaks
+            - Model lifecycle races and GPU/CPU fallback behavior
+            - HTTP API compatibility
+            - Regression-test coverage
+            - Synchronized English/Chinese documentation
+
+            The PR branch is already checked out in the current working directory.
+            Always post one top-level review summary with `gh pr comment`, even when there are no actionable findings.
+            If there are no actionable findings, say that explicitly in the top-level comment.
+            Use `mcp__github_inline_comment__create_inline_comment` with `confirmed: true` for specific changed-line issues.
+            Avoid formatting-only comments.
+            Only post GitHub comments; do not leave review text only in the action transcript.
+
           claude_args: |
             --model ${{ env.CLAUDE_MODEL }}
             --max-turns 30
-        env:
-          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
-
-      - name: Post Claude Code review summary
-        if: ${{ always() && github.event_name == 'pull_request' && env.ANTHROPIC_API_KEY != '' && env.ANTHROPIC_BASE_URL != '' && env.GH_TOKEN_VALUE != '' }}
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
-          CLAUDE_OUTCOME: ${{ steps.claude-review.outcome }}
-          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-          MARKER: "<!-- claude-code-review-summary -->"
-        run: |
-          set -euo pipefail
-          short_sha="${HEAD_SHA:0:7}"
-          if [ "$CLAUDE_OUTCOME" = "success" ]; then
-            body="$(printf '%s\n### Claude Code Review\n\nClaude Code Review completed for `%s`.\n\nThis summary is posted even when Claude has no line-level findings. If no separate Claude inline comments are visible, there were no actionable line-level findings for this run.\n\nRun: %s' "$MARKER" "$short_sha" "$RUN_URL")"
-          else
-            body="$(printf '%s\n### Claude Code Review\n\nClaude Code Review did not complete successfully for `%s`.\n\nCheck the workflow run before merging. The check will remain failed so this cannot be missed.\n\nRun: %s' "$MARKER" "$short_sha" "$RUN_URL")"
-          fi
-
-          comment_id="$(
-            gh api "repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/comments" --paginate \
-              --jq ".[] | select(.body | contains(\"$MARKER\")) | .id" | tail -n 1
-          )"
-          if [ -n "$comment_id" ]; then
-            jq -n --arg body "$body" '{body: $body}' \
-              | gh api -X PATCH "repos/$GITHUB_REPOSITORY/issues/comments/$comment_id" --input -
-          else
-            jq -n --arg body "$body" '{body: $body}' \
-              | gh api -X POST "repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/comments" --input -
-          fi
-
-      - name: Fail when Claude Code review failed
-        if: ${{ steps.claude-review.outcome == 'failure' }}
-        run: exit 1
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(git diff:*),Bash(rg:*)"
