GitHub Actions Integration

Your team reviews 30 PRs per week. Each review takes 20-40 minutes of senior developer time. Half the comments are the same patterns: missing error handling, inconsistent naming, tests that do not cover edge cases. Claude Code GitHub Actions automates these repetitive reviews, freeing your senior developers for the reviews that actually need human judgment.

What You Will Walk Away With

A working GitHub Actions workflow for automated code review on every PR
@claude mention support for on-demand help in issues and PRs
Custom automation workflows for scheduled tasks and event-driven operations
Cost optimization strategies for CI/CD usage
Bedrock and Vertex AI configurations for enterprise environments

Quick Setup

The fastest path is running /install-github-app inside Claude Code. This guides you through installing the GitHub app and configuring secrets.

For manual setup:

Install the Claude GitHub app from github.com/apps/claude
Add your API key as a repository secret named ANTHROPIC_API_KEY

Create the workflow file at .github/workflows/claude.yml:

name: Claude Code
on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  issues:
    types: [opened]
  pull_request:
    types: [opened, synchronize]

jobs:
  claude:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

After setup, test by tagging @claude in any issue or PR comment.

Automated Code Review on Every PR

This workflow runs a review when PRs are opened or updated:

name: Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: |
            Review this PR for:
            1. Correctness: logic errors, race conditions, null pointer risks
            2. Security: injection vulnerabilities, auth bypasses, data exposure
            3. Performance: N+1 queries, unnecessary iterations, missing indexes
            4. Testing: adequate coverage, edge cases, mocking strategy

            Be specific. Reference exact files and line numbers.
            Rate each finding as CRITICAL, HIGH, MEDIUM, or LOW.
          claude_args: "--max-turns 10 --model sonnet"

Copy-paste workflow for PR review with custom instructions:

name: Claude Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: "/review"
          claude_args: "--max-turns 5"

This uses the /review skill, which provides a structured code review. Combine it with a custom .claude/commands/review.md in your repo for project-specific review criteria.

On-Demand Help with @claude

The basic workflow responds to @claude mentions in issues and PR comments:

@claude implement the feature described in this issue
@claude fix the TypeError in the dashboard component
@claude how should I approach refactoring the auth middleware?

Claude analyzes the context (issue description, PR diff, conversation history) and responds with code, explanations, or direct changes.

Custom Automation Workflows

Scheduled Daily Summary

name: Daily Report
on:
  schedule:
    - cron: "0 9 * * 1-5"  # 9 AM weekdays

jobs:
  report:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: |
            Generate a summary of the last 24 hours:
            1. List all merged PRs with a one-line description
            2. List all open issues created in the last 24 hours
            3. Highlight any CI failures on the main branch
            Create this as a comment on issue #1 (our daily log).
          claude_args: "--model sonnet --max-turns 5"

Auto-Fix Linting Issues

name: Auto-Fix
on:
  pull_request:
    types: [opened]

jobs:
  fix:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: |
            Run the linter and fix any issues. If there are type errors,
            fix those too. Commit the changes with a clear message.
          claude_args: "--max-turns 15"

Copy-paste workflow for auto-labeling new issues:

name: Auto-Label Issues
on:
  issues:
    types: [opened]

jobs:
  label:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: |
            Read this issue and add appropriate labels:
            - bug: if it describes a defect
            - feature: if it requests new functionality
            - docs: if it is about documentation
            - security: if it involves a security concern
            Also add a priority label (P0-P3) based on severity.
          claude_args: "--max-turns 3 --model sonnet"

Bedrock and Vertex AI in CI/CD

AWS Bedrock

jobs:
  claude:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
      pull-requests: write
      issues: write
    steps:
      - uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::123456789:role/claude-github-actions
          aws-region: us-east-1

      - uses: anthropics/claude-code-action@v1
        with:
          use_bedrock: "true"

Google Vertex AI

jobs:
  claude:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
      pull-requests: write
      issues: write
    steps:
      - uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: projects/123/locations/global/workloadIdentityPools/github/providers/github
          service_account: claude@project.iam.gserviceaccount.com

      - uses: anthropics/claude-code-action@v1
        with:
          use_vertex: "true"
          vertex_region: "us-east5"
          vertex_project_id: "your-project-id"

Cost Optimization

GitHub Actions Costs

Claude Code runs on GitHub-hosted runners, consuming your Actions minutes. Each run also consumes API tokens based on task complexity.

Optimization Strategies

Set --max-turns: Prevent runaway jobs. 5-10 turns is enough for most reviews.
Use Sonnet: Default is Sonnet, which is significantly cheaper than Opus for CI tasks.
Add timeouts: Set workflow-level timeouts to prevent infinite loops.
Use concurrency controls: Limit parallel runs per PR.

jobs:
  claude:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    concurrency:
      group: claude-${{ github.event.pull_request.number }}
      cancel-in-progress: true

When This Breaks

Claude not responding to @claude: Check that the Claude GitHub app is installed and has the correct permissions (Contents, Issues, Pull requests — all Read & Write).

CI not running on Claude’s commits: By default, GitHub Actions do not trigger on commits made by GitHub Apps. If you need CI to run on Claude’s commits, use a custom GitHub App with actions/create-github-app-token.

Authentication errors with Bedrock/Vertex: The OIDC token exchange requires correct configuration of the identity provider in your cloud account. Verify the trust policy matches your repository.

Actions cost more than expected: Long-running tasks with Opus can consume significant tokens. Start with --model sonnet and --max-turns 5, then increase only if review quality is insufficient.

What is Next

Monitoring and Costs — Track CI costs alongside developer usage
Hooks and Automation — Combine hooks with GitHub Actions for end-to-end automation
Custom Commands — Create review commands that work in both CLI and CI