diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml new file mode 100644 index 0000000000..415b7b1d8e --- /dev/null +++ b/.github/workflows/claude-code-review.yml @@ -0,0 +1,57 @@ +name: Claude Code Review + +on: + pull_request: + types: [opened, synchronize] + # Optional: Only run on specific file changes + # paths: + # - "src/**/*.ts" + # - "src/**/*.tsx" + # - "src/**/*.js" + # - "src/**/*.jsx" + +jobs: + claude-review: + # Optional: Filter by PR author + # if: | + # github.event.pull_request.user.login == 'external-contributor' || + # github.event.pull_request.user.login == 'new-developer' || + # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' + + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + issues: read + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code Review + id: claude-review + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + Please review this pull request and provide feedback on: + - Code quality and best practices + - Potential bugs or issues + - Performance considerations + - Security concerns + - Test coverage + + Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback. + + Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. + + # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md + # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options + claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 235ae61986..ef80f8811e 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -3,38 +3,37 @@ name: Documentation Reviewer on: pull_request: types: [opened, edited, reopened, synchronize] - # Allows Claude to trigger on PR or Issue comments issue_comment: types: [created] - # Allows Claude to trigger on specific line-level review comments pull_request_review_comment: types: [created] + issues: + types: [opened, assigned, labeled] + pull_request_review: + types: [submitted] jobs: - claude: - # Updated logic to detect your custom "/docs" trigger across all events - if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) + claude-response: runs-on: ubuntu-latest permissions: - contents: write # Required to modify repository files + contents: write # Required to read/modify repository files pull-requests: write # Required to create/modify PRs - issues: write # Required to respond to issues + issues: write # Required to respond to issues and comments id-token: write - actions: read + actions: read # Required for Claude to read CI results steps: - name: Checkout repository - uses: actions/checkout@v4 # Updated to v4 for stability + uses: actions/checkout@v4 with: + # Ensures the action checks out the PR branch instead of main + ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 - name: Checkout system prompt repository uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_REPO_TOKEN }} + token: ${{ secrets.PRIVATE_AGENTS_REPO }} # Ensure this secret is in Settings > Secrets path: system-prompt-repo ref: main sparse-checkout: | @@ -47,21 +46,20 @@ jobs: { echo "prompt<> $GITHUB_OUTPUT + } >> "$GITHUB_OUTPUT" - - name: Run Claude Code - id: claude - uses: anthropics/claude-code-action@v1 # GA version + - uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Required secret + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # + github_token: ${{ secrets.GITHUB_TOKEN }} # Required for Claude to interact with GitHub - # Claude will now only respond to "/docs" - trigger_phrase: "/docs" + # Automated mode: Claude triggers on every PR event with this instruction + prompt: "/review" - # CLI arguments passed directly to the Claude engine + # CLI arguments to configure the engine claude_args: | --model claude-sonnet-4-5-20250929 - --max-turns 10 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" diff --git a/docs/passwordsecure/9.3/index.md b/docs/passwordsecure/9.3/index.md index 7bfafea9c1..89881184ad 100644 --- a/docs/passwordsecure/9.3/index.md +++ b/docs/passwordsecure/9.3/index.md @@ -9,7 +9,7 @@ sidebar_position: 1 ## Users depend on passwords Passwords are used constantly and everywhere, -and they need to be professionally managed. Passwords should be safe, have at least 12 characters, +and should be professionally managed. Passwords should be safe, have at least 12 characters, including uppercase and lowercase as well as special characters. In the best case, a separate access password should be used for each account. It should be changed regularly. It is hard enough to meet this challenge in private settings. In a large corporate environment, you wouldn’t be able to