Set your Anthropic API key as a GitHub repository secret: Go to Settings > Secrets and variables > Actions Add ANTHROPIC_API_KEY with your key value Create .github/workflows/claude-review.yml: name: Claude Code Review on: pull_request: types: [opened, sync...

Claude Code GitHub Actions Integration

Written by Michael Lip · Solo founder of Zovo · $400K+ on Upwork · 100% JSS Join 50+ builders · More at zovo.one

Last updated: April 17, 2026

Integrating Claude Code into GitHub Actions automates code reviews, test generation, and documentation updates on every push or pull request. This guide covers the workflow setup, authentication, non-interactive execution, and real patterns for using Claude as a CI/CD reviewer.

The Problem

Manual code reviews create bottlenecks. Developers wait hours or days for feedback while reviewers context-switch between their own work and review queues. Running Claude Code locally helps individual developers, but the real leverage comes from automating it in CI/CD so every pull request gets instant AI analysis for bugs, security issues, and style consistency.

Quick Solution

Set your Anthropic API key as a GitHub repository secret:
- Go to Settings > Secrets and variables > Actions
- Add ANTHROPIC_API_KEY with your key value
Create .github/workflows/claude-review.yml:

name: Claude Code Review
on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write

jobs:
  review:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Claude Code
        run: npm install -g @anthropic-ai/claude-code

      - name: Get changed files
        id: changed
        run: |
          echo "files=$(git diff --name-only origin/${{ github.base_ref }}...HEAD | tr '\n' ' ')" >> $GITHUB_OUTPUT

      - name: Run Claude Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude --print "Review these changed files for bugs and security issues: ${{ steps.changed.outputs.files }}" > review.md

      - name: Post review comment
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review.md', 'utf8');
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `## Claude Code Review\n\n${review}`
            });

Push the workflow file and open a pull request to trigger it.
Claude’s review appears as a PR comment within minutes.

How It Works

The workflow triggers on pull request events. It checks out the code with full git history (fetch-depth: 0) so it can compute the diff against the base branch. The --print flag runs Claude Code non-interactively, outputting results to stdout instead of starting an interactive session.

The changed files list is computed using git diff against the base branch, giving Claude a focused scope. This is important for cost control since reviewing an entire repository on every PR would burn through API credits quickly.

CLAUDE.md in the repository root is automatically picked up by Claude Code, even in CI. This means your project-specific rules, coding standards, and architecture documentation guide the review just like they do during local development.

The final step uses github-script to post Claude’s review as a PR comment, making it visible to all reviewers in the normal GitHub workflow.

Common Issues

API key not available in forked PRs. GitHub Actions does not expose secrets to workflows triggered by forks. Add a condition: if: github.event.pull_request.head.repo.full_name == github.repository to skip the review for external contributions.

Claude output too long for a PR comment. GitHub comments have a 65536 character limit. Truncate the output or split it into multiple comments:

head -c 60000 review.md > review-truncated.md

Workflow takes too long. Reduce scope by only reviewing changed files, not the entire codebase. Set timeout-minutes: 10 on the job to cap costs. Use Claude Haiku for faster, cheaper reviews when deep analysis is not needed.

Example CLAUDE.md Section

# CI Review Configuration

## Project
- Language: TypeScript
- Framework: Next.js 14
- Testing: Jest + React Testing Library

## Review Rules for CI
- Focus on: type safety, null checks, error handling
- Flag: any use of `any` type, missing error boundaries
- Ignore: style/formatting (handled by Prettier)
- Ignore: test files unless they have obvious bugs

## Security Checklist
- No hardcoded secrets or API keys
- SQL queries use parameterized statements
- User input is sanitized before rendering
- Auth checks on all API routes

## Response Format
- Use markdown with headers for each file
- Rate severity: critical, warning, info
- Include line numbers for specific issues

Best Practices

Scope reviews to changed files only instead of the entire repository to keep costs low and reviews focused.
Set job timeouts to prevent runaway API calls from a single PR consuming your entire monthly budget.
Use CLAUDE.md to define review focus so Claude checks for project-specific patterns rather than generic code quality.
Gate on security issues only for automated blocking. Post style and quality feedback as non-blocking comments.
Cache the Claude Code npm package between workflow runs to save 10-15 seconds per execution.

I'm a solo developer in Vietnam. 50K Chrome extension users. $500K+ on Upwork. 5 Claude Max subscriptions running agent fleets in parallel. These are my actual CLAUDE.md templates, orchestration configs, and prompts. Not a course. Not theory. The files I copy into every project before I write a line of code. **[See what's inside →](https://zovo.one/lifetime?utm_source=ccg&utm_medium=cta-default&utm_campaign=claude-code-github-actions-integration)** $99 once. Free forever. 47/500 founding spots left.