@@ -19,16 +19,18 @@ jobs:
1919 (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
2020runs-on : ubuntu-latest
2121 permissions :
22- contents : read
23- pull-requests : read
24- issues : read
25- id-token : write
26- actions : read # Required for Claude to read CI results on PRs
22+ contents : write # Allows pushing commits, rebasing, creating branches
23+ pull-requests : write # Allows updating PRs, requesting reviews, merging
24+ issues : write # Allows commenting on issues, updating labels
25+ id-token : write # Required for GitHub App authentication
26+ actions : read # Required for Claude to read CI results on PRs
27+ checks : read # Allows reading check run status
2728 steps :
2829 - name : Checkout repository
2930 uses : actions/checkout@v5
3031 with :
31- fetch-depth : 1
32+ fetch-depth : 0 # Full history needed for git operations like rebase
33+ token : ${{ secrets.GITHUB_TOKEN }} # Use workflow token for git operations
3234
3335 - name : Run Claude Code
3436 id : claude
4648 # Optional: Add claude_args to customize behavior and configuration
4749 # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
4850 # or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
49- # claude_args: '--model claude-opus-4-1-20250805 --allowed-tools Bash(gh pr:*)'
51+ #
52+ # Examples:
53+ # Use Opus for complex tasks:
54+ # claude_args: '--model claude-opus-4-1-20250805'
55+ #
56+ # Allow specific git/gh operations:
57+ # claude_args: '--allowed-tools Bash(git rebase:*) Bash(git push:*) Bash(gh pr:*)'
58+ #
59+ # Note: With the permissions above, Claude can now:
60+ # - Rebase branches (git rebase)
61+ # - Push commits (git push, git push --force-with-lease)
62+ # - Update PRs (gh pr edit, gh pr review, gh pr merge)
63+ # - Comment on issues and PRs (gh issue comment, gh pr comment)
5064
0 commit comments