ci: skip claude code review for fork PRs

Fork PRs cannot authenticate with the claude-code-action because:

1. The `pull_request` event from forks does not expose repository
   secrets or OIDC tokens (GitHub security restriction), so both
   `anthropic_api_key` and the GitHub App token exchange fail.

2. Switching to `pull_request_target` (which does have access to
   secrets and OIDC) also does not work because Anthropic's OIDC
   token exchange endpoint rejects `pull_request_target` event
   types (anthropics/claude-code-action#713).

Until the upstream action supports fork PRs, skip the review to
avoid noisy CI failures on every external contribution.

Author: maxisbey

.github/workflows/claude-code-review.yml

@@ -7,6 +7,9 @@ on:
 
 jobs:
   claude-review:
+    # Fork PRs don't have access to secrets or OIDC tokens, so the action
+    # cannot authenticate. See https://github.com/anthropics/claude-code-action/issues/339
+    if: github.event.pull_request.head.repo.fork == false
     runs-on: ubuntu-latest
     permissions:
       contents: read