GitHub Actions Integration

Claude Code can be integrated into GitHub Actions workflows to automate code reviews, generate documentation, perform security audits, and enhance your CI/CD pipeline with AI-powered capabilities.

Getting Started

Basic Setup

Add API key to GitHub Secrets

# In your repository settings:
# Settings → Secrets and variables → Actions
# Add new repository secret: ANTHROPIC_API_KEY

Create basic workflow

name: Claude Code Analysis

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  code-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for better context

      - name: Install Claude Code
        run: |
          # Install Claude Code CLI
          npm install -g @anthropic-ai/claude-code

          # Verify installation
          claude --version

      - name: Run Code Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude review \
            --base origin/${{ github.base_ref }} \
            --head ${{ github.sha }} \
            --output review-report.md

      - name: Comment PR
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review-report.md', 'utf8');
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: review
            });

Test the workflow

# Create a test PR to trigger the workflow
git checkout -b test-claude-code
echo "# Test" > test.md
git add test.md
git commit -m "Test Claude Code integration"
git push origin test-claude-code

Advanced Workflows

Automated Code Review

Comprehensive PR Review

name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      issues: write

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get Changed Files
        id: changed-files
        run: |
          # Get list of changed files
          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...${{ github.sha }})
          echo "files<<EOF" >> $GITHUB_OUTPUT
          echo "$CHANGED_FILES" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

      - name: Claude Code Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          # Create review prompt
          cat > review-prompt.txt << 'EOF'
          Review this pull request focusing on:
          1. Code quality and best practices
          2. Potential bugs or issues
          3. Security vulnerabilities
          4. Performance implications
          5. Suggestions for improvement

          Changed files:
          ${{ steps.changed-files.outputs.files }}

          Provide specific, actionable feedback with code examples where applicable.
          Format as GitHub Flavored Markdown.
          EOF

          # Run review
          claude review \
            --prompt-file review-prompt.txt \
            --base origin/${{ github.base_ref }} \
            --format markdown \
            > review.md

      - name: Post Review Comments
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review.md', 'utf8');

            // Check if review is substantial
            if (review.length > 100) {
              // Create review comment
              await github.rest.pulls.createReview({
                owner: context.repo.owner,
                repo: context.repo.repo,
                pull_number: context.issue.number,
                body: review,
                event: 'COMMENT'
              });
            }

name: Generate API Documentation

on:
  push:
    branches: [main]
    paths:
      - 'src/api/**'
      - 'openapi.yaml'

jobs:
  generate-docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Generate API Docs
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude "Analyze the API code in src/api and:
          1. Generate comprehensive API documentation
          2. Include request/response examples
          3. Document error codes and handling
          4. Create usage examples in multiple languages
          5. Generate OpenAPI specification updates
          Output in Markdown format" \
          --output docs/api-reference.md

      - name: Generate SDK Examples
        run: |
          claude "Based on the API in src/api, generate:
          1. Python SDK usage examples
          2. JavaScript/TypeScript examples
          3. Go client examples
          4. cURL command examples
          5. Postman collection
          Store each in appropriate directory" \
          --output-dir examples/

      - name: Commit Documentation
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git add docs/ examples/
          git diff --staged --quiet || git commit -m "chore: Update API documentation [skip ci]"
          git push

name: Update README

on:
  push:
    branches: [main]
    paths:
      - 'src/**'
      - 'package.json'

jobs:
  update-readme:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Analyze Project
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude "Analyze this project and update README.md:
          1. Update feature list based on current code
          2. Refresh installation instructions
          3. Update usage examples
          4. Ensure all badges are current
          5. Add any new configuration options
          Preserve existing structure and style" \
          --edit README.md

      - name: Create PR
        uses: peter-evans/create-pull-request@v5
        with:
          commit-message: 'docs: Update README.md'
          title: 'docs: Automated README update'
          body: |
            This PR updates the README.md based on recent code changes.

            Generated by Claude Code analysis.
          branch: update-readme

Security Scanning

Security Audit Pipeline

name: Security Audit

on:
  push:
    branches: [main]
  pull_request:
  schedule:
    - cron: '0 2 * * 1'  # Weekly on Monday

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Dependency Audit
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          # Traditional scanning
          npm audit --json > npm-audit.json

          # Claude Code analysis
          claude "Analyze npm-audit.json and:
          1. Prioritize vulnerabilities by severity and exploitability
          2. Suggest specific remediation steps
          3. Identify false positives
          4. Recommend alternative packages if needed
          5. Create PR-ready fix commands" \
          --input npm-audit.json \
          --output security-report.md

      - name: Code Security Review
        run: |
          claude "Perform security review of the codebase:
          1. Check for hardcoded secrets or API keys
          2. Identify SQL injection vulnerabilities
          3. Find XSS vulnerabilities
          4. Check authentication/authorization issues
          5. Review cryptographic implementations
          6. Identify OWASP Top 10 issues
          Focus on src/ directory" \
          --output code-security-report.md

      - name: Infrastructure Security
        run: |
          claude "Review infrastructure configurations:
          1. Check Dockerfile for security issues
          2. Review k8s manifests for misconfigurations
          3. Analyze GitHub Actions for security issues
          4. Check for exposed sensitive data
          5. Review CORS and CSP policies" \
          --output infra-security-report.md

      - name: Upload Reports
        uses: actions/upload-artifact@v4
        with:
          name: security-reports
          path: |
            *-report.md
            npm-audit.json

Test Generation

Unit Test Generation

- name: Generate Missing Tests
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
  run: |
    # Find files with low coverage
    UNCOVERED=$(find src -name "*.js" -o -name "*.ts" | \
      xargs -I {} sh -c 'test -f "$(echo {} | \
      sed "s/src/test/;s/\.[jt]s$/.test.&/")" || echo {}')

    # Generate tests for uncovered files
    for file in $UNCOVERED; do
      claude "Generate comprehensive unit tests for $file:
      1. Test all exported functions
      2. Include edge cases
      3. Mock external dependencies
      4. Use Jest/Vitest syntax
      5. Aim for 90%+ coverage" \
      --output "${file/src/test}.test.js"
    done

Integration Test Generation

- name: Generate Integration Tests
  run: |
    claude "Analyze API endpoints and generate:
    1. Integration tests for all endpoints
    2. Test authentication flows
    3. Test error scenarios
    4. Test rate limiting
    5. Test data validation
    Use Supertest syntax" \
    --output test/integration/api.test.js

E2E Test Generation

- name: Generate E2E Tests
  run: |
    claude "Create Playwright E2E tests:
    1. Test critical user journeys
    2. Test form submissions
    3. Test error handling
    4. Test responsive design
    5. Include accessibility tests" \
    --output test/e2e/

Performance Optimization

Build Optimization

Dependency Analysis

- name: Optimize Dependencies
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
  run: |
    claude "Analyze package.json and:
    1. Identify unused dependencies
    2. Find duplicate dependencies
    3. Suggest lighter alternatives
    4. Identify security issues
    5. Recommend version updates
    Generate commands to fix issues" \
    --output dependency-optimization.sh

    # Execute recommendations
    chmod +x dependency-optimization.sh
    ./dependency-optimization.sh

Bundle Analysis

- name: Analyze Bundle Size
  run: |
    # Generate bundle stats
    npm run build -- --stats

    claude "Analyze webpack-stats.json:
    1. Identify large modules
    2. Find duplicate code
    3. Suggest code splitting points
    4. Recommend lazy loading
    5. Identify tree-shaking opportunities" \
    --output bundle-optimization.md

Release Management

Automated Releases

Smart Release Notes

name: Create Release

on:
  push:
    tags:
      - 'v*'

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Generate Release Notes
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          # Get commits since last tag
          LAST_TAG=$(git describe --tags --abbrev=0 HEAD^)
          COMMITS=$(git log $LAST_TAG..HEAD --pretty=format:"%h %s")

          claude "Generate release notes from these commits:
          $COMMITS

          Format as:
          1. Breaking Changes (if any)
          2. New Features
          3. Bug Fixes
          4. Performance Improvements
          5. Documentation Updates

          Make it user-friendly and exciting!" \
          --output release-notes.md

      - name: Create GitHub Release
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const notes = fs.readFileSync('release-notes.md', 'utf8');

            await github.rest.repos.createRelease({
              owner: context.repo.owner,
              repo: context.repo.repo,
              tag_name: context.ref.replace('refs/tags/', ''),
              name: `Release ${context.ref.replace('refs/tags/', '')}`,
              body: notes,
              draft: false,
              prerelease: false
            });

Cost Management

Token Usage Monitoring

Track usage per workflow

- name: Log Token Usage
  if: always()
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
  run: |
    # Get token usage from Claude Code
    TOKEN_USAGE=$(claude usage --format json)

    # Log to GitHub
    echo "::notice title=Token Usage::$TOKEN_USAGE"

    # Store for analysis
    echo "$TOKEN_USAGE" >> .github/token-usage.log

    # Alert if usage is high
    TOKENS=$(echo $TOKEN_USAGE | jq '.total_tokens')
    if [ $TOKENS -gt 10000 ]; then
      echo "::warning title=High Token Usage::Used $TOKENS tokens"
    fi

Create usage dashboard

- name: Update Usage Dashboard
  run: |
    claude "Analyze .github/token-usage.log and:
    1. Create usage trends chart
    2. Identify high-usage workflows
    3. Suggest optimizations
    4. Calculate monthly costs
    5. Generate markdown report" \
    --output .github/usage-report.md

Best Practices

Security Considerations

Workflow Templates

PR Automation Template

Complete PR Workflow

name: PR Automation

on:
  pull_request:
    types: [opened, synchronize, reopened]

concurrency:
  group: pr-${{ github.event.number }}
  cancel-in-progress: true

jobs:
  setup:
    runs-on: ubuntu-latest
    outputs:
      cache-key: ${{ steps.cache.outputs.key }}
    steps:
      - uses: actions/checkout@v4
      - id: cache
        run: echo "key=${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}"

  code-quality:
    needs: setup
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/cache@v3
        with:
          path: ~/.npm
          key: ${{ needs.setup.outputs.cache-key }}

      - name: Install Dependencies
        run: npm ci

      - name: Lint Code
        run: npm run lint

      - name: Claude Code Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude review \
            --focus "code quality, best practices, performance" \
            --severity "error,warning" \
            --output review.md

  security:
    needs: setup
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Security Scan
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude security-scan \
            --include-dependencies \
            --check-secrets \
            --output security.md

  tests:
    needs: setup
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node: [18, 20]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node }}

      - name: Run Tests
        run: |
          npm ci
          npm test

      - name: Generate Missing Tests
        if: failure()
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude generate-tests \
            --failed-only \
            --output test/generated/

  summarize:
    needs: [code-quality, security, tests]
    if: always()
    runs-on: ubuntu-latest
    steps:
      - name: Summarize Results
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude "Summarize the PR checks:
          - Code quality: ${{ needs.code-quality.result }}
          - Security: ${{ needs.security.result }}
          - Tests: ${{ needs.tests.result }}

          Provide actionable next steps" \
          --output summary.md

Troubleshooting

Common Issues

# Debug API key problems
- name: Debug API Key
  run: |
    # Check if key is set
    if [ -z "$ANTHROPIC_API_KEY" ]; then
      echo "::error::ANTHROPIC_API_KEY not set"
      exit 1
    fi

    # Test key validity
    claude "Hello" --max-tokens 10 || {
      echo "::error::API key validation failed"
      exit 1
    }

# Handle rate limiting
- name: Run with Retry
  uses: nick-fields/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 3
    retry_wait_seconds: 60
    command: |
      claude review --output review.md

# Handle large codebases
- name: Process Large Files
  run: |
    # Split review into chunks
    find src -name "*.js" | \
      xargs -n 10 -P 4 -I {} \
      claude review --files {} \
        --output reviews/{}.md

    # Combine results
    cat reviews/*.md > combined-review.md

Next Steps

Enhance your CI/CD pipeline with:

Enterprise Integration for corporate tools
Cost Control for budget management
Monitoring Costs for usage tracking

Remember: Start with simple workflows and gradually add complexity. Monitor costs closely and optimize token usage by caching results and running only on relevant changes.