14.1 GitHub Actions: Claude in Your Workflow

Course: Claude Code - Enterprise Development Section: 14 - CI/CD & Automation Length: 3-4 minutes Presenter: Daniel Treasure

Opening Hook

"Imagine every pull request gets an instant code review from Claude. Not a bot—actual AI that understands your codebase context. That happens automatically when someone mentions @claude in a GitHub issue or PR. Let me show you how to set it up and what it can do."

Key Talking Points

What to say:

• GitHub Actions is GitHub's native CI/CD platform—workflows triggered by repository events (PRs, issues, pushes)
• Claude GitHub Action is available on the GitHub Marketplace—a few clicks to add it to your repo
• You can trigger Claude with a simple @claude mention—Claude runs with scoped permissions, posts results as comments or commits
• The magic is permissions: Claude gets exactly what you want it to access—no more, no less
• Real-world use cases: automated PR reviews, refactoring suggestions, documentation updates, bug analysis
• Everything is auditable—you see what Claude did, when, and why

What to show on screen:

1. GitHub Marketplace page for Claude Action (demonstrate search, show description)
2. Repository Settings > Secrets to add ANTHROPIC_API_KEY
3. Example workflow file (.github/workflows/claude.yml)
4. Live PR with @claude mention triggering action
5. Claude's response as a PR comment (review feedback, suggestions, or commit with changes)

Demo Plan (Timed)

Time: 0:00-0:30 - Show GitHub Marketplace, search for "Claude Code" - Click on Claude Action, show install button + description - Explain ANTHROPIC_API_KEY setup in Settings > Secrets

Time: 0:30-1:30 - Create/show a simple .github/workflows/claude.yml file - Walk through key config: - on: [pull_request, issues] — trigger events - - name: Claude Code — action step - env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - Explain permissions scoping via GitHub token (read, write, comment)

Time: 1:30-2:30 - Switch to a repository with a sample PR - Show @claude mention in PR comment or PR body - Trigger the action, wait for it to run (or show pre-recorded run) - Claude's response: a detailed PR review as a comment - Show second example: @claude refactor trigger → Claude pushes commit with changes

Time: 2:30-3:00+ - Recap: trigger, permission scoping, audit trail - Link to docs, mention rate limits + cost

Code Examples & Commands

Workflow File Example

name: Claude Review

on:
  pull_request:
  issues:
    types: [opened, edited]

jobs:
  claude-review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      issues: write
    steps:
      - uses: actions/checkout@v4

      - name: Claude Code Review
        uses: anthropics/claude-action@v1
        with:
          prompt: |
            Review this PR for code quality, potential bugs, and best practices.
            Provide constructive feedback in markdown format.
          api-key: ${{ secrets.ANTHROPIC_API_KEY }}

GitHub Secrets Setup (CLI)

# If using GitHub CLI (gh)
gh secret set ANTHROPIC_API_KEY --body "$ANTHROPIC_API_KEY"

Trigger with @claude Mention (in PR)

@claude review this PR for security vulnerabilities and test coverage

Example: Auto-fix Trigger

name: Claude Auto-fix

on:
  pull_request:
    paths:
      - '**.py'

jobs:
  claude-fix:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v4

      - name: Auto-format with Claude
        uses: anthropics/claude-action@v1
        with:
          prompt: "Fix any linting or formatting issues in the changed files"
          auto-commit: true
          commit-message: "chore: auto-format with Claude"
          api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Gotchas & Tips

• Rate Limits: GitHub Actions run frequently—watch API usage and costs. Use --max-turns if available to limit agentic loops.
• Token Scope: By default GitHub provides a limited token. Set permissions: in workflow to grant read/write for specific actions. Don't over-grant.
• Long-running Actions: If Claude takes >10 mins to complete, GitHub may timeout. Test on real PRs first.
• Secret Names: ANTHROPIC_API_KEY must match exactly in secrets. reference.
• Avoid Loops: Don't trigger Claude on every commit—only on PR events or manual @claude mentions to avoid runaway costs.
• Audit Trail: Check "Actions" tab to see logs, failures, and cost for each run.

Lead-out

"Claude as a GitHub Action transforms code review from a bottleneck into instant feedback. Your team stays focused on what matters while Claude handles the routine checks. Next, let's see how to do the same thing in GitLab CI/CD."

Reference URLs

• GitHub Actions Documentation
• Claude Action on GitHub Marketplace
• Anthropic API Documentation
• GitHub Secrets and Environment Variables

Prep Reading

• Skim: GitHub Actions Tutorial
• Review: Claude Action marketplace page (description, permissions, examples)
• Test: Create a dummy repo, install action, trigger with @claude mention
• Verify: ANTHROPIC_API_KEY is set in your test repository's secrets

Notes for Daniel

• Tone: Practical and confident. You're showing a shortcut that developers will love.
• Live Demo Risk: GitHub Actions can be slow to trigger. Have a pre-recorded fallback showing Claude's response in a PR comment.
• Pacing: Spend time on the workflow file—most viewers will be copy-pasting this. Make the YAML clear.
• Common Q: "Can Claude push code without approval?" Yes, but show how to scope it with permissions. Emphasize auditability—every change is logged.
• Smile Point: Show a real PR with thoughtful Claude feedback—the "wow" moment is a 30-second review that catches real issues.
• Segue: End with "GitLab users, don't worry—next video is for you."