Organization-wide workflows #96
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Claude Org-wide Agent" | |
| on: | |
| issue_comment: | |
| types: [created] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| actions: read | |
| jobs: | |
| check-trigger: | |
| name: "Check trigger phrase and eligibility" | |
| if: github.event.issue.number == 2 | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 1 | |
| outputs: | |
| triggered: ${{ steps.check.outputs.triggered }} | |
| steps: | |
| - name: "Check for trigger phrase" | |
| id: check | |
| env: | |
| COMMENT_BODY: ${{ github.event.comment.body }} | |
| run: | | |
| if echo "$COMMENT_BODY" | grep -qF "@phpstan-bot"; then | |
| echo "triggered=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "triggered=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| list-repos: | |
| name: "List public repositories" | |
| needs: check-trigger | |
| if: needs.check-trigger.outputs.triggered == 'true' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| outputs: | |
| repos: ${{ steps.list.outputs.repos }} | |
| steps: | |
| - name: "List all public repositories in the organization" | |
| id: list | |
| env: | |
| GH_TOKEN: ${{ secrets.PHPSTAN_BOT_TOKEN }} | |
| run: | | |
| repos=$(gh api --paginate "/orgs/${{ github.repository_owner }}/repos?type=public&per_page=100" \ | |
| --jq '[.[].full_name]' | jq -s -c 'add') | |
| echo "repos=$repos" >> "$GITHUB_OUTPUT" | |
| run-on-repo: | |
| name: "Run on ${{ matrix.repo }}" | |
| needs: [check-trigger, list-repos] | |
| if: needs.check-trigger.outputs.triggered == 'true' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 10 | |
| matrix: | |
| repo: ${{ fromJson(needs.list-repos.outputs.repos) }} | |
| exclude: | |
| - repo: phpstan/phpstan-shim | |
| - repo: phpstan/phpstan | |
| - repo: phpstan/phpstan-src | |
| - repo: phpstan/phpstan-phar-composer-source | |
| - repo: phpstan/mutant-killer-infection-runner | |
| - repo: phpstan/vim-phpstan | |
| - repo: phpstan/.github | |
| steps: | |
| - name: "Get default branch of target repository" | |
| id: default-branch | |
| env: | |
| GH_TOKEN: ${{ secrets.PHPSTAN_BOT_TOKEN }} | |
| run: | | |
| default_branch=$(gh api "repos/${{ matrix.repo }}" --jq '.default_branch') | |
| echo "branch=$default_branch" >> "$GITHUB_OUTPUT" | |
| - name: "Checkout target repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ matrix.repo }} | |
| ref: ${{ steps.default-branch.outputs.branch }} | |
| token: ${{ secrets.PHPSTAN_BOT_TOKEN }} | |
| - name: "Setup Node.js" | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: "Install Claude CLI" | |
| run: npm install -g @anthropic-ai/claude-code | |
| - name: "Configure git" | |
| run: | | |
| git config user.name "phpstan-bot" | |
| git config user.email "phpstan-bot <ondrej+phpstanbot@mirtes.cz>" | |
| - name: "Run Claude Code on repository" | |
| env: | |
| CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| GH_TOKEN: ${{ secrets.PHPSTAN_BOT_TOKEN }} | |
| COMMENT_BODY: ${{ github.event.comment.body }} | |
| REPO_NAME: ${{ matrix.repo }} | |
| TRIGGER_PHRASE: "@phpstan-bot" | |
| run: | | |
| # Strip the trigger phrase from the comment to get the actual request | |
| REQUEST=$(echo "$COMMENT_BODY" | sed "s|${TRIGGER_PHRASE}||g" | sed 's/^[[:space:]]*//') | |
| PROMPT="You are an AI assistant working on the repository ${REPO_NAME}. | |
| You are being triggered by an issue comment in the phpstan/.github repository. The comment contains a request that should be applied to this repository. | |
| Here is the request: | |
| ${REQUEST} | |
| Follow these steps: | |
| 1. First, check if there is a CLAUDE.md file in the repository root. If it exists, read and follow its instructions and guidelines. | |
| 2. Understand the request carefully. Read any relevant code before making changes. Do not modify code you have not read. | |
| 3. Implement the requested changes: | |
| - Keep changes focused and minimal — only make what was requested. | |
| - Do not add unnecessary features, refactoring, or documentation beyond what was asked. | |
| - Be careful not to introduce security vulnerabilities. | |
| - Do not over-engineer the solution. | |
| 4. After making changes, commit and create a pull request: | |
| - Stage your changes with git add. | |
| - Write a clear, descriptive commit message that explains why the change was made. | |
| - Push your branch and create a non-draft pull request using gh pr create. | |
| - The PR title should be concise and descriptive. | |
| - The PR body should clearly describe what was changed and why. | |
| - Do not just push a branch — always open a real, non-draft pull request so the changes can be reviewed and merged. | |
| Important: | |
| - Never force push or use destructive git commands. | |
| - Never commit files that may contain secrets (.env, credentials, etc.). | |
| - Only make changes that are directly requested or clearly necessary." | |
| claude -p "$PROMPT" \ | |
| --model claude-opus-4-6 \ | |
| --dangerously-skip-permissions |