Merge branch 'main' of https://github.com/hed-standard/hed-python into fix_extras

VisLab · VisLab · commit 7d1dc64dd912 · 2026-02-27T09:12:40.000-06:00
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -1,34 +1,32 @@
 name: Claude Code Review
 
 on:
+  # Same-repo branches: full access to secrets and write permissions
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+  # Fork PRs: runs in base repo context with secrets access
   pull_request_target:
     types: [opened, synchronize, ready_for_review, reopened]
-    # Optional: Only run on specific file changes
-    # paths:
-    #   - "src/**/*.ts"
-    #   - "src/**/*.tsx"
-    #   - "src/**/*.js"
-    #   - "src/**/*.jsx"
 
 jobs:
   claude-review:
-    # Optional: Filter by PR author
-    # if: |
-    #   github.event.pull_request.user.login == 'external-contributor' ||
-    #   github.event.pull_request.user.login == 'new-developer' ||
-    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
-
+    # Avoid duplicate runs: use pull_request for same-repo, pull_request_target for forks
+    if: |
+      !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) &&
+      !(github.event_name == 'pull_request_target' && !github.event.pull_request.head.repo.fork)
     runs-on: ubuntu-latest
     permissions:
       contents: read
       pull-requests: write
       issues: read
       id-token: write
+      actions: read
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
+          ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 1
 
       - name: Run Claude Code Review
@@ -37,10 +35,27 @@ jobs:
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          use_sticky_comment: true
-          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
-          plugins: 'code-review@claude-code-plugins'
-          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
-          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
-          # or https://code.claude.com/docs/en/cli-reference for available options
+          additional_permissions: |
+            actions: read
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Review this pull request thoroughly. For each issue found:
+
+            1. Classify severity: critical, important, or suggestion
+            2. For critical and important issues: describe exactly what needs to change
+            3. For suggestions: only mention if they clearly improve code quality
+
+            Follow the project's code style: ruff formatting, Google-style docstrings,
+            127-char line length, PEP 8. Check for correctness, test coverage, and
+            backward compatibility.
+
+            Do not flag stylistic preferences or false positives.
+
+            Use `gh pr comment` for top-level feedback summary.
+            Use `mcp__github_inline_comment__create_inline_comment` to highlight specific code issues.
+            Only post GitHub comments; do not submit review text as messages.
 
+          claude_args: |
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Read,Glob,Grep"
