Fetch the complete documentation index at: https://code.claude.com/docs/llms.txt Use this file to discover all available pages before exploring further.
Learn about integrating Claude Code into your development workflow with Claude Code GitHub Actions
Claude Code GitHub Actions brings AI-powered automation to your GitHub workflow. With a simple @claude mention in any PR or issue, Claude can analyze your code, create pull requests, implement features, and fix bugs - all while following your project's standards. For automatic reviews posted on every PR without a trigger, see GitHub Code Review.
Claude Code GitHub Actions is built on top of the Claude Agent SDK, which enables programmatic integration of Claude Code into your applications. You can use the SDK to build custom automation workflows beyond GitHub Actions.
Claude Opus 4.7 is now available. Claude Code GitHub Actions default to Sonnet. To use Opus 4.7, configure the model parameter to use claude-opus-4-7.
- Instant PR creation: Describe what you need, and Claude creates a complete PR with all necessary changes
- Automated code implementation: Turn issues into working code with a single command
- Follows your standards: Claude respects your
CLAUDE.mdguidelines and existing code patterns - Simple setup: Get started in minutes with our installer and API key
- Secure by default: Your code stays on Github's runners
Claude Code provides a powerful GitHub Action that transforms how you work with code:
This GitHub Action allows you to run Claude Code within your GitHub Actions workflows. You can use this to build any custom workflow on top of Claude Code.
The easiest way to set up this action is through Claude Code in the terminal. Just open claude and run /install-github-app.
This command will guide you through setting up the GitHub app and required secrets.
- You must be a repository admin to install the GitHub app and add secrets
- The GitHub app will request read & write permissions for Contents, Issues, and Pull requests
- This quickstart method is only available for direct Claude API users. If you're using Amazon Bedrock or Google Vertex AI, see the Using with Amazon Bedrock & Google Vertex AI section.
If the /install-github-app command fails or you prefer manual setup, please follow these manual setup instructions:
-
Install the Claude GitHub app to your repository: https://github.com/apps/claude
The Claude GitHub app requires the following repository permissions:
- Contents: Read & write (to modify repository files)
- Issues: Read & write (to respond to issues)
- Pull requests: Read & write (to create PRs and push changes)
For more details on security and permissions, see the security documentation.
-
Add ANTHROPIC_API_KEY to your repository secrets (Learn how to use secrets in GitHub Actions)
-
Copy the workflow file from examples/claude.yml into your repository's
.github/workflows/
After completing either the quickstart or manual setup, test the action by tagging @claude in an issue or PR comment.
Claude Code GitHub Actions v1.0 introduces breaking changes that require updating your workflow files in order to upgrade to v1.0 from the beta version.
If you're currently using the beta version of Claude Code GitHub Actions, we recommend that you update your workflows to use the GA version. The new version simplifies configuration while adding powerful new features like automatic mode detection.
All beta users must make these changes to their workflow files in order to upgrade:
- Update the action version: Change
@betato@v1 - Remove mode configuration: Delete
mode: "tag"ormode: "agent"(now auto-detected) - Update prompt inputs: Replace
direct_promptwithprompt - Move CLI options: Convert
max_turns,model,custom_instructions, etc. toclaude_args
| Old Beta Input | New v1.0 Input |
|---|---|
mode |
(Removed - auto-detected) |
direct_prompt |
prompt |
override_prompt |
prompt with GitHub variables |
custom_instructions |
claude_args: --append-system-prompt |
max_turns |
claude_args: --max-turns |
model |
claude_args: --model |
allowed_tools |
claude_args: --allowedTools |
disallowed_tools |
claude_args: --disallowedTools |
claude_env |
settings JSON format |
Beta version:
- uses: anthropics/claude-code-action@beta
with:
mode: "tag"
direct_prompt: "Review this PR for security issues"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
custom_instructions: "Follow our coding standards"
max_turns: "10"
model: "claude-sonnet-4-6"GA version (v1.0):
- uses: anthropics/claude-code-action@v1
with:
prompt: "Review this PR for security issues"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--append-system-prompt "Follow our coding standards"
--max-turns 10
--model claude-sonnet-4-6The action now automatically detects whether to run in interactive mode (responds to @claude mentions) or automation mode (runs immediately with a prompt) based on your configuration.
Claude Code GitHub Actions can help you with a variety of tasks. The examples directory contains ready-to-use workflows for different scenarios.
name: Claude Code
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
claude:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Responds to @claude mentions in commentsThe prompt input accepts a skill invocation as well as plain text:
- For a skill in your repository's
.claude/skills/directory, runactions/checkoutbefore the action step and pass/skill-name. - For a skill packaged in a plugin, install the plugin with the
plugin_marketplacesandpluginsinputs and pass the namespaced/plugin-name:skill-name.
The following workflow installs the code-review plugin and runs its skill on each new or updated pull request:
name: Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
plugin_marketplaces: "https://github.com/anthropics/claude-code.git"
plugins: "code-review@claude-code-plugins"
prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}"name: Daily Report
on:
schedule:
- cron: "0 9 * * *"
jobs:
report:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: "Generate a summary of yesterday's commits and open issues"
claude_args: "--model opus"In issue or PR comments:
@claude implement this feature based on the issue description
@claude how should I implement user authentication for this endpoint?
@claude fix the TypeError in the user dashboard component
Claude will automatically analyze the context and respond appropriately.
Create a CLAUDE.md file in your repository root to define code style guidelines, review criteria, project-specific rules, and preferred patterns. This file guides Claude's understanding of your project standards.
For comprehensive security guidance including permissions, authentication, and best practices, see the Claude Code Action security documentation.
Always use GitHub Secrets for API keys:
- Add your API key as a repository secret named
ANTHROPIC_API_KEY - Reference it in workflows:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - Limit action permissions to only what's necessary
- Review Claude's suggestions before merging
Always use GitHub Secrets (for example, ${{ secrets.ANTHROPIC_API_KEY }}) rather than hardcoding API keys directly in your workflow files.
Use issue templates to provide context, keep your CLAUDE.md concise and focused, and configure appropriate timeouts for your workflows.
When using Claude Code GitHub Actions, be aware of the associated costs:
GitHub Actions costs:
- Claude Code runs on GitHub-hosted runners, which consume your GitHub Actions minutes
- See GitHub's billing documentation for detailed pricing and minute limits
API costs:
- Each Claude interaction consumes API tokens based on the length of prompts and responses
- Token usage varies by task complexity and codebase size
- See Claude's pricing page for current token rates
Cost optimization tips:
- Use specific
@claudecommands to reduce unnecessary API calls - Configure appropriate
--max-turnsinclaude_argsto prevent excessive iterations - Set workflow-level timeouts to avoid runaway jobs
- Consider using GitHub's concurrency controls to limit parallel runs
The Claude Code Action v1 simplifies configuration with unified parameters:
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: "Your instructions here" # Optional
claude_args: "--max-turns 5" # Optional CLI argumentsKey features:
- Unified prompt interface - Use
promptfor all instructions - Skills - Invoke installed skills directly from the prompt
- CLI passthrough - Any Claude Code CLI argument via
claude_args - Flexible triggers - Works with any GitHub event
Visit the examples directory for complete workflow files.
When responding to issue or PR comments, Claude automatically responds to @claude mentions. For other events, use the prompt parameter to provide instructions.
For enterprise environments, you can use Claude Code GitHub Actions with your own cloud infrastructure. This approach gives you control over data residency and billing while maintaining the same functionality.
Before setting up Claude Code GitHub Actions with cloud providers, you need:
- A Google Cloud Project with Vertex AI enabled
- Workload Identity Federation configured for GitHub Actions
- A service account with the required permissions
- A GitHub App (recommended) or use the default GITHUB_TOKEN
-
An AWS account with Amazon Bedrock enabled
-
GitHub OIDC Identity Provider configured in AWS
-
An IAM role with Bedrock permissions
-
A GitHub App (recommended) or use the default GITHUB_TOKEN
For best control and security when using 3P providers like Vertex AI or Bedrock, we recommend creating your own GitHub App:
- Go to https://github.com/settings/apps/new
- Fill in the basic information:
- GitHub App name: Choose a unique name (e.g., "YourOrg Claude Assistant")
- Homepage URL: Your organization's website or the repository URL
- Configure the app settings:
- Webhooks: Uncheck "Active" (not needed for this integration)
- Set the required permissions:
- Repository permissions:
- Contents: Read & Write
- Issues: Read & Write
- Pull requests: Read & Write
- Repository permissions:
- Click "Create GitHub App"
- After creation, click "Generate a private key" and save the downloaded
.pemfile - Note your App ID from the app settings page
- Install the app to your repository:
- From your app's settings page, click "Install App" in the left sidebar
- Select your account or organization
- Choose "Only select repositories" and select the specific repository
- Click "Install"
- Add the private key as a secret to your repository:
- Go to your repository's Settings → Secrets and variables → Actions
- Create a new secret named
APP_PRIVATE_KEYwith the contents of the.pemfile
- Add the App ID as a secret:
-
Create a new secret named
APP_IDwith your GitHub App's IDThis app will be used with the actions/create-github-app-token action to generate authentication tokens in your workflows.
Alternative for Claude API or if you don't want to setup your own Github app: Use the official Anthropic app:
- Install from: https://github.com/apps/claude
- No additional configuration needed for authentication
Choose your cloud provider and set up secure authentication:
**Configure AWS to allow GitHub Actions to authenticate securely without storing credentials.** > **Security Note**: Use repository-specific configurations and grant only the minimum required permissions. **Required Setup**: 1. **Enable Amazon Bedrock**: * Request access to Claude models in Amazon Bedrock * For cross-region models, request access in all required regions 2. **Set up GitHub OIDC Identity Provider**: * Provider URL: `https://token.actions.githubusercontent.com` * Audience: `sts.amazonaws.com` 3. **Create IAM Role for GitHub Actions**: * Trusted entity type: Web identity * Identity provider: `token.actions.githubusercontent.com` * Permissions: `AmazonBedrockFullAccess` policy * Configure trust policy for your specific repository **Required Values**: After setup, you'll need: * **AWS\_ROLE\_TO\_ASSUME**: The ARN of the IAM role you created OIDC is more secure than using static AWS access keys because credentials are temporary and automatically rotated. See [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) for detailed OIDC setup instructions. **Configure Google Cloud to allow GitHub Actions to authenticate securely without storing credentials.** > **Security Note**: Use repository-specific configurations and grant only the minimum required permissions. **Required Setup**: 1. **Enable APIs** in your Google Cloud project: * IAM Credentials API * Security Token Service (STS) API * Vertex AI API 2. **Create Workload Identity Federation resources**: * Create a Workload Identity Pool * Add a GitHub OIDC provider with: * Issuer: `https://token.actions.githubusercontent.com` * Attribute mappings for repository and owner * **Security recommendation**: Use repository-specific attribute conditions 3. **Create a Service Account**: * Grant only `Vertex AI User` role * **Security recommendation**: Create a dedicated service account per repository 4. **Configure IAM bindings**: * Allow the Workload Identity Pool to impersonate the service account * **Security recommendation**: Use repository-specific principal sets **Required Values**: After setup, you'll need: * **GCP\_WORKLOAD\_IDENTITY\_PROVIDER**: The full provider resource name * **GCP\_SERVICE\_ACCOUNT**: The service account email address Workload Identity Federation eliminates the need for downloadable service account keys, improving security. For detailed setup instructions, consult the [Google Cloud Workload Identity Federation documentation](https://cloud.google.com/iam/docs/workload-identity-federation).Add the following secrets to your repository (Settings → Secrets and variables → Actions):
-
For API Authentication:
ANTHROPIC_API_KEY: Your Claude API key from console.anthropic.com
-
For GitHub App (if using your own app):
APP_ID: Your GitHub App's IDAPP_PRIVATE_KEY: The private key (.pem) content
-
For GCP Authentication:
GCP_WORKLOAD_IDENTITY_PROVIDERGCP_SERVICE_ACCOUNT
-
For GitHub App (if using your own app):
APP_ID: Your GitHub App's IDAPP_PRIVATE_KEY: The private key (.pem) content
-
For AWS Authentication:
AWS_ROLE_TO_ASSUME
-
For GitHub App (if using your own app):
APP_ID: Your GitHub App's IDAPP_PRIVATE_KEY: The private key (.pem) content
Create GitHub Actions workflow files that integrate with your cloud provider. The examples below show complete configurations for both Amazon Bedrock and Google Vertex AI:
**Prerequisites:** * Amazon Bedrock access enabled with Claude model permissions * GitHub configured as an OIDC identity provider in AWS * IAM role with Bedrock permissions that trusts GitHub Actions **Required GitHub secrets:** | Secret Name | Description | | -------------------- | ------------------------------------------------- | | `AWS_ROLE_TO_ASSUME` | ARN of the IAM role for Bedrock access | | `APP_ID` | Your GitHub App ID (from app settings) | | `APP_PRIVATE_KEY` | The private key you generated for your GitHub App | ```yaml name: Claude PR Action permissions: contents: write pull-requests: write issues: write id-token: write on: issue_comment: types: [created] pull_request_review_comment: types: [created] issues: types: [opened, assigned] jobs: claude-pr: if: | (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'issues' && contains(github.event.issue.body, '@claude')) runs-on: ubuntu-latest env: AWS_REGION: us-west-2 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Configure AWS Credentials (OIDC) uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} aws-region: us-west-2 - uses: anthropics/claude-code-action@v1 with: github_token: ${{ steps.app-token.outputs.token }} use_bedrock: "true" claude_args: '--model us.anthropic.claude-sonnet-4-6 --max-turns 10' ``` The model ID format for Bedrock includes a region prefix (for example, `us.anthropic.claude-sonnet-4-6`). **Prerequisites:** * Vertex AI API enabled in your GCP project * Workload Identity Federation configured for GitHub * Service account with Vertex AI permissions **Required GitHub secrets:** | Secret Name | Description | | -------------------------------- | ------------------------------------------------- | | `GCP_WORKLOAD_IDENTITY_PROVIDER` | Workload identity provider resource name | | `GCP_SERVICE_ACCOUNT` | Service account email with Vertex AI access | | `APP_ID` | Your GitHub App ID (from app settings) | | `APP_PRIVATE_KEY` | The private key you generated for your GitHub App | ```yaml name: Claude PR Action permissions: contents: write pull-requests: write issues: write id-token: write on: issue_comment: types: [created] pull_request_review_comment: types: [created] issues: types: [opened, assigned] jobs: claude-pr: if: | (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'issues' && contains(github.event.issue.body, '@claude')) runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Authenticate to Google Cloud id: auth uses: google-github-actions/auth@v2 with: workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} - uses: anthropics/claude-code-action@v1 with: github_token: ${{ steps.app-token.outputs.token }} trigger_phrase: "@claude" use_vertex: "true" claude_args: '--model claude-sonnet-4-5@20250929 --max-turns 10' env: ANTHROPIC_VERTEX_PROJECT_ID: ${{ steps.auth.outputs.project_id }} CLOUD_ML_REGION: us-east5 VERTEX_REGION_CLAUDE_4_5_SONNET: us-east5 ``` The project ID is automatically retrieved from the Google Cloud authentication step, so you don't need to hardcode it.
Verify the GitHub App is installed correctly, check that workflows are enabled, ensure API key is set in repository secrets, and confirm the comment contains @claude (not /claude).
Ensure you're using the GitHub App or custom app (not Actions user), check workflow triggers include the necessary events, and verify app permissions include CI triggers.
Confirm API key is valid and has sufficient permissions. For Bedrock/Vertex, check credentials configuration and ensure secrets are named correctly in workflows.
The Claude Code Action v1 uses a simplified configuration:
| Parameter | Description | Required |
|---|---|---|
prompt |
Instructions for Claude (plain text or a skill name) | No* |
claude_args |
CLI arguments passed to Claude Code | No |
plugin_marketplaces |
Newline-separated list of plugin marketplace Git URLs | No |
plugins |
Newline-separated list of plugin names to install before execution | No |
anthropic_api_key |
Claude API key | Yes** |
github_token |
GitHub token for API access | No |
trigger_phrase |
Custom trigger phrase (default: "@claude") | No |
use_bedrock |
Use Amazon Bedrock instead of Claude API | No |
use_vertex |
Use Google Vertex AI instead of Claude API | No |
*Prompt is optional - when omitted for issue/PR comments, Claude responds to trigger phrase
**Required for direct Claude API, not for Bedrock/Vertex
The claude_args parameter accepts any Claude Code CLI arguments:
claude_args: "--max-turns 5 --model claude-sonnet-4-6 --mcp-config /path/to/config.json"Common arguments:
--max-turns: Maximum conversation turns (default: 10)--model: Model to use (for example,claude-sonnet-4-6)--mcp-config: Path to MCP configuration--allowedTools: Comma-separated list of allowed tools. The--allowed-toolsalias also works.--debug: Enable debug output
While the /install-github-app command is the recommended approach, you can also:
- Custom GitHub App: For organizations needing branded usernames or custom authentication flows. Create your own GitHub App with required permissions (contents, issues, pull requests) and use the actions/create-github-app-token action to generate tokens in your workflows.
- Manual GitHub Actions: Direct workflow configuration for maximum flexibility
- MCP Configuration: Dynamic loading of Model Context Protocol servers
See the Claude Code Action documentation for detailed guides on authentication, security, and advanced configuration.
You can configure Claude's behavior in two ways:
- CLAUDE.md: Define coding standards, review criteria, and project-specific rules in a
CLAUDE.mdfile at the root of your repository. Claude will follow these guidelines when creating PRs and responding to requests. Check out our Memory documentation for more details. - Custom prompts: Use the
promptparameter in the workflow file to provide workflow-specific instructions. This allows you to customize Claude's behavior for different workflows or tasks.
Claude will follow these guidelines when creating PRs and responding to requests.