Skip to content

fix(claude-review): skip claude-code-action for dependabot/renovate PRs #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
topcoder1 merged 1 commit into from
May 1, 2026
Merged

fix(claude-review): skip claude-code-action for dependabot/renovate PRs #16

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/claude-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,31 @@ jobs:
with:
fetch-depth: ${{ inputs.checkout_depth }}

# Skip claude-code-action for bot-authored PRs (dependabot, renovate).
# The action's @v1 currently crashes with "directory mismatch ...
# tsconfig.json, fd 4" on dependabot's restricted GITHUB_TOKEN scope —
# verified across 3 consecutive dependabot PRs (topcoder1/ci-workflows
# #7/#8/#9). Even when the action does run, dependency bumps don't
# benefit from Claude review (the diff is upstream version metadata,
# not project logic). The risk classifier still labels these PRs.
#
# We post a "Skipped" summary comment so the required check is satisfied
# green — branch rulesets that require `review / Claude Review` would
# otherwise treat a skipped job as failing.
- name: Skip review for bot-authored PRs (dependabot/renovate)
id: bot_check
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' }}
env:
GH_TOKEN: ${{ github.token }}
PR: ${{ github.event.pull_request.number }}
ACTOR: ${{ github.event.pull_request.user.login }}
run: |
set -euo pipefail
gh pr comment "$PR" --body "Skipped: bot-authored PR (\`$ACTOR\`). Dependency bumps are reviewed by the risk classifier and human merge gate."
echo "skipped=true" >> "$GITHUB_OUTPUT"
Comment on lines +57 to +59
Copy link
Copy Markdown

@claude claude Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: skipped output never set if gh pr comment fails

With set -euo pipefail, if gh pr comment exits non-zero (transient error, rate-limit, or insufficient token permissions on a bot PR), the echo "skipped=true" line is never reached. Because Claude Code Review carries an explicit if: condition, GitHub Actions overrides the default success() guard and evaluates it anyway — '' != 'true'true — so it runs on the bot PR and reproduces the original crash.

Fix: write the output before the comment, so the guard is set even when commenting fails.

Suggested change
set -euo pipefail
gh pr comment "$PR" --body "Skipped: bot-authored PR (\`$ACTOR\`). Dependency bumps are reviewed by the risk classifier and human merge gate."
echo "skipped=true" >> "$GITHUB_OUTPUT"
set -euo pipefail
echo "skipped=true" >> "$GITHUB_OUTPUT"
gh pr comment "$PR" --body "Skipped: bot-authored PR (\`$ACTOR\`). Dependency bumps are reviewed by the risk classifier and human merge gate."


- name: Claude Code Review
if: ${{ steps.bot_check.outputs.skipped != 'true' }}
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
Expand Down
Loading