groundy
developer tools

Claude Code in GitHub Actions: A Complete Guide to Automated PR Fixes

How to wire Claude Code into GitHub Actions for automated PR fixes, CI failure remediation, and code review, with cost controls, model options, and security guardrails.

10 min···5 sources ↓

You can run Claude Code as a fully autonomous GitHub Actions agent today using the official anthropics/claude-code-action@v1, responding to PR comments, auto-fixing failing CI tests, and posting code reviews. For most teams running 50 PRs a month, API costs are typically modest — usually in the single-digit dollar range. The pattern is production-ready, with built-in guardrails to prevent runaway loops and unauthorized access. The action supports the full current Anthropic model lineup: Sonnet 4.6 for routine tasks and Opus 4.8 for complex multi-file reasoning. Teams watching costs also have a non-Anthropic option: GLM-5.2 (released June 13, 2026 by Zhipu/Z.ai) exposes an Anthropic Messages API-compatible endpoint, so a base URL swap is sufficient to route the same action through it. Claude Fable 5, released June 9, 2026 as Anthropic’s most capable widely available model, was designed for long-running agentic jobs — but is currently suspended following a US government export control directive that took effect June 12, 2026. [Updated June 2026]

What Is the Claude Code GitHub Action?

The anthropics/claude-code-action@v1 is Anthropic’s official GitHub Action that runs the full Claude Code runtime inside a standard GitHub Actions runner. It launched September 29, 2025 as part of Claude Code 2.0 and is built on Anthropic’s Agent SDK. (Anthropic. “Claude Code GitHub Actions.” Official Documentation. September 2025)

Unlike typical AI reviewer tools that produce static comment threads, this action gives Claude a live shell environment: it can read files, run git commands, edit code, install dependencies, and push commits. When wired into your workflow, it becomes a software agent that acts on your repository, not just one that talks about it.

The action supports two distinct modes:

  • Interactive mode: Claude listens for @claude mentions in PR comments, issues, and review threads, then executes whatever the commenter requests.
  • Automation mode: Claude is given a prompt parameter directly in the workflow YAML and runs headlessly on every matching event (PR open, CI failure, issue creation, etc.).

Most production pipelines use both: interactive mode for ad-hoc developer requests and automation mode for continuous gatekeeping.

How to Set Up the Claude Code Action

Three Setup Paths

Anthropic offers three ways to get started, depending on your billing model:

Path 1: Quickstart (API users) Run /install-github-app inside the Claude Code terminal. It installs the Claude GitHub App, configures repository secrets, and creates a starter workflow: the fastest route for direct API users.

Path 2: Manual Setup

  1. Install the Claude GitHub App at github.com/apps/claude. It requests Read & Write access to Contents, Issues, and Pull Requests.
  2. Add ANTHROPIC_API_KEY to your repository’s Secrets (Settings → Secrets and variables → Actions).
  3. Copy the example workflow from the official repo and commit it to .github/workflows/.

Path 3: OAuth Token (Pro and Max subscribers) As of v1.0.44, Claude Pro and Max plan users can authenticate without a per-token API key using an OAuth token instead:

claude update # ensure v1.0.44+ claude setup-token # outputs CLAUDE_CODE_OAUTH_TOKEN

Add the generated token to GitHub Secrets as CLAUDE_CODE_OAUTH_TOKEN and reference it in the workflow with claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}.

The Four Core Workflow Patterns

1. Interactive Comment Trigger

The simplest deployment: Claude activates only when a team member types @claude in a PR comment or issue.

name: Claude Code on: issue_comment: types: [created] pull_request_review_comment: types: [created] issues: types: [opened, assigned] pull_request_review: types: [submitted]

jobs: claude: runs-on: ubuntu-latest permissions: contents: write pull-requests: write issues: write steps: - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

With this in place, any write-access team member can type @claude fix the failing test in auth.spec.ts in a PR comment and Claude will check out the branch, read the error, edit the file, and push the fix.

2. Automated PR Code Review

This triggers on every new or updated PR, running Claude against the diff before human reviewers engage:

name: Claude PR Review on: pull_request: types: [opened, synchronize] paths-ignore: - ‘*.md’ - ‘docs/**’

jobs: review: runs-on: ubuntu-latest permissions: contents: read pull-requests: write concurrency: group: claude-review-${{ github.event.pull_request.number }} cancel-in-progress: true steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} prompt: | Review this pull request. Focus on: 1. Logic errors and potential bugs 2. Security vulnerabilities 3. Performance issues (N+1 queries, unnecessary allocations) 4. Missing error handling Format your review with ## Summary, ## Issues Found (file:line, severity), ## Positive Notes. claude_args: “—max-turns 5 —model claude-sonnet-4-6”

The concurrency block is important: without it, rapid commits to a PR branch could spawn parallel Claude jobs that race to post conflicting reviews.

3. CI Failure Auto-Fix (The High-Impact Pattern)

This is where Claude Code becomes a genuine force multiplier. The workflow triggers when your CI pipeline fails, creates a new branch, downloads the failure logs, and gives Claude the tools to diagnose and patch the problem:

name: Auto Fix CI Failures on: workflow_run: workflows: [“CI”] types: [completed]

permissions: contents: write pull-requests: write actions: read issues: write id-token: write

jobs: auto-fix: if: | github.event.workflow_run.conclusion == ‘failure’ && github.event.workflow_run.pull_requests[0] && !startsWith(github.event.workflow_run.head_branch, ‘claude-auto-fix-ci-’) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.workflow_run.head_branch }} fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }}

- name: Setup git identity
run: |
git config --global user.email "claude[bot]@users.noreply.github.com"
git config --global user.name "claude[bot]"
- name: Create fix branch
id: branch
run: |
BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
git checkout -b "$BRANCH_NAME"
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
- uses: anthropics/claude-code-action@v1
with:
prompt: |
The CI pipeline failed. Diagnose the failure logs and fix the root cause.
Failed run: ${{ github.event.workflow_run.html_url }}
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: "--allowedTools 'Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(git:*),Bash(npm:*)' --max-turns 10"

The critical guard is the if condition: !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-'). Without this, every Claude commit would re-trigger the fixer, creating an infinite loop. Claude’s own fix branches are excluded from triggering new fix attempts.

For teams running this pattern against large monorepos or deeply nested failure chains, Claude Fable 5 (claude-fable-5) was the intended top-tier Anthropic option here — its 1M-token context window and sustained autonomy across long tasks were designed for exactly this kind of multi-step diagnosis. However, Fable 5 was suspended on June 12, 2026 following a US Commerce Department export control directive and remains unavailable as of this writing. [Updated June 2026] The practical ceiling for Anthropic-hosted agentic CI workflows at present is Opus 4.8 (claude-opus-4-8): it shares the same 1M-token context window and 128k max output, and runs at $5/$25 per MTok — half of Fable 5’s rate. Teams looking for predictable costs can route the same workflow through GLM-5.2 via its Anthropic-compatible endpoint: the model scored 81.0 on Terminal-Bench 2.1 (versus 85.0 for Opus 4.8) and carries a 1M-token context window, making it viable for large-context CI diagnosis. Pricing is subscription-based rather than per-token. When Fable 5 access is restored, teams should re-evaluate for deeply nested failure chains where Fable 5’s additional reasoning depth may justify the 2x cost premium. See how Opus 4.8 handles agentic loop integrity for context on why model choice matters in self-modifying CI pipelines, and Claude Code vs Cursor vs Copilot: the 2026 comparison for how this action fits against competing approaches.

4. Structured Output for Downstream Decisions

Claude can return structured JSON that later workflow steps consume, for example detecting flaky tests before deciding whether to retry or escalate:

  • name: Classify failure id: analyze uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} prompt: “Examine the test output. Is this a flaky test or a real regression?” claude_args: | —json-schema ’{“type”:“object”,“properties”:{“is_flaky”:{“type”:“boolean”},“confidence”:{“type”:“number”},“summary”:{“type”:“string”}},“required”:[“is_flaky”,“confidence”,“summary”]}’

  • name: Retry if flaky if: fromJSON(steps.analyze.outputs.structured_output).is_flaky == true run: gh workflow run CI

Cost Controls That Actually Work

Running Claude against every PR commit without guardrails can accumulate costs quickly. These controls, applied together, keep automation affordable:

ControlHow to ApplyEffect
--max-turns Nclaude_args: "--max-turns 5"Hard cap on agentic steps per invocation
Concurrency groupcancel-in-progress: trueCancels queued runs when new commits arrive
Event type filteringtypes: [opened] not [opened, synchronize]Fires once per PR, not per commit
Path filteringpaths-ignore: ['*.md', 'docs/**']Skips doc-only changes entirely
Model selection--model claude-sonnet-4-6Sonnet ($3/$15 per MTok) handles most CI tasks; Opus 4.8 ($5/$25) for deep reasoning; GLM-5.2 (flat subscription via Z.ai, Anthropic-compatible endpoint) as a cost-controlled alternative; Fable 5 ($10/$50) for long-running agentic jobs (currently suspended — see note below)
Workflow timeouttimeout-minutes: 10Kills runaway jobs before they exhaust turn budget
Tool scoping--allowedTools 'Edit,Read,Grep'Restricts operations, reducing unnecessary turns

Based on community benchmarks, at time of writing the per-PR API cost with Sonnet runs approximately:

PR SizeLines ChangedEstimated Cost
Small< 200$0.01 – $0.03
Medium200 – 1,000$0.05 – $0.15
Large1,000+$0.20 – $0.50

For teams running 50 PRs per month, total API spend typically stays under $5. (myougatheaxo. “Automate Code Reviews on Every PR with Claude Code + GitHub Actions.” DEV Community. 2025) Teams with higher monthly token spend may find a Claude Max subscription more economical; the plan bundles usage and eliminates per-token billing unpredictability. Teams comparing this against GitHub-native Copilot agents should weigh the Copilot June 1, 2026 token-metered transition before committing to either pricing model.

Model availability and the June 2026 Fable 5 suspension [Updated June 2026]

Any workflow that pinned --model claude-fable-5 stopped working on June 12, 2026. The US Commerce Department issued an export control directive that day requiring Anthropic to suspend Fable 5 and Mythos 5 globally — the first time US export controls have been applied to a commercially deployed AI model rather than to the hardware that runs it. Anthropic disabled both models the same evening and has stated it is working to restore access, but has given no restoration date. As of June 17, 2026, both models remain unavailable.

For CI workflows, the practical fix is to replace claude-fable-5 with claude-opus-4-8. The two models share the same 1M-token context window and 128k max output ceiling; Opus 4.8 runs at $5/$25 per MTok versus Fable 5’s $10/$50. The only material difference is Fable 5’s additional reasoning depth on extremely long, multi-step diagnostic chains — which matters for the most demanding auto-fix scenarios but is not relevant for routine PR review or lint fixes. If your workflow yaml hard-codes the model string, update it now to avoid silent failures when the action falls back to an error state rather than a cheaper model.

One additional billing note for teams planning to adopt Fable 5 when access returns: Anthropic included Fable 5 in all subscription plans at no extra charge through June 22, 2026. From June 23 onward, Fable 5 draws from usage credits at the full $10/$50 API rate, even for Pro, Max, Team, and Enterprise subscribers. See the Fable 5 credit cliff analysis for what this means for team budgets.

Security Guardrails

Access Control

By default, only repository contributors with write access can trigger Claude. External contributors and bots are blocked unless explicitly listed in allowed_bots. Setting allowed_non_write_users: "*" bypasses this restriction entirely, and the official documentation flags this as a significant security risk. (Anthropic. claude-code-action Security Documentation. GitHub)

When allowed_non_write_users is set, the action scrubs Anthropic, cloud, and GitHub Actions secrets from subprocess environments. On Linux runners with bubblewrap available, subprocesses additionally run with PID-namespace isolation. This reduces but does not eliminate prompt injection risk — keep workflow permissions minimal and validate all outputs.

Prompt Injection Protection

The action automatically strips hidden content from trigger inputs: HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities. This guards against prompt injection via crafted PR descriptions or issue bodies. That said, the docs recommend reviewing raw content from external contributors before allowing Claude to process anything security-sensitive.

You can also set CLAU DE_CODE_SCRIPT_CAPS as a JSON map — for example, '{"edit-issue-labels.sh":2}' — to limit how many times Claude can invoke specific helper scripts per run.

CLAUDE.md Behavioral Constraints

Create a CLAUDE.md file at the repository root to define hard behavioral rules Claude follows in every workflow invocation:

CLAUDE.md

Boundaries

  • Never modify files in /vendor/ or /generated/
  • Never push directly to main or release/* branches
  • Do not suggest architectural changes in routine CI fix PRs

Review Standards

  • Flag any hardcoded credentials as critical, block PR merge
  • All new functions require unit tests

Code Style

  • Follow existing patterns before introducing new abstractions

This file functions as a persistent system prompt that outlasts individual workflow runs, ensuring consistent behavior across interactive and automated triggers.

Principle of Least Privilege

Match workflow permissions to what the job actually needs:

permissions: contents: write # only if Claude pushes commits pull-requests: write # only if Claude posts comments or opens PRs issues: write # only if Claude labels or comments on issues actions: read # only for accessing CI logs id-token: write # only for OIDC auth (Bedrock/Vertex/federation)

Granting contents: write to a review-only job that only needs to post comments is a common misconfiguration worth auditing.

Behavioral Summary vs. Competing Approaches

ApproachSetupPR CostHuman LoopCustomizable?
claude-code-action@v1Low (minutes)$0.01–$0.50OptionalHigh (CLAUDE.md + args)
Direct CLI in runnerMediumSameManualFull
CodeRabbit / similarNoneSubscriptionOptionalLow–Medium
Custom LLM reviewerHighVariableManualFull

The action wrapper adds the GitHub App token handling, prompt injection filtering, progress tracking, and structured output support that raw CLI usage requires you to build yourself.

Frequently Asked Questions

Q: Does Claude automatically merge PRs after fixing CI failures? A: No. By default, Claude commits to a new branch and links to the PR creation page. A human must approve and merge. Automatic merging requires explicitly granting elevated permissions and configuring the relevant GitHub tools in claude_args.

Q: How do I prevent infinite loops when Claude’s commits trigger CI again? A: Add !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-') to your workflow’s if condition. This prevents Claude’s own fix branches from re-triggering the auto-fix workflow.

Q: Can external contributors trigger the action with @claude in a comment? A: No. By default only users with write access to the repository can trigger Claude. External contributors are blocked unless explicitly whitelisted using the allowed_non_write_users parameter, which the official docs recommend against for public repositories.

Q: Which model should I use for routine CI fixes? A: Claude Sonnet 4.6 is the right default for routine CI work. It handles typical test failures, lint errors, and type errors reliably at $3/$15 per million tokens. Opus 4.8 is the step up for complex multi-file reasoning at $5/$25 per MTok — and also the current practical ceiling for agentic CI jobs on the Anthropic side, as it matches Fable 5’s 1M-token context window and 128k max output at half the price. [Updated June 2026]

For teams primarily concerned with predictable costs, GLM-5.2 (launched June 13, 2026 by Zhipu/Z.ai) is a credible alternative: it exposes an Anthropic Messages API-compatible endpoint, so adapting the workflow requires only a base URL change. GLM-5.2 scores 62.1% on SWE-bench Pro and 81.0 on Terminal-Bench 2.1, compared to 85.0 for Claude Opus 4.8 on Terminal-Bench — Opus 4.8 leads by four points on that agentic benchmark. Pricing is a flat subscription (Lite at $18/month, Pro at 5x that usage, Max at 20x), which is easier to budget than per-token rates if your team runs high PR volume. The MIT-licensed weights are also self-hostable at hardware cost, with no per-token fees. (Zhipu/Z.ai. “GLM-5.2 Model Card and Benchmarks.” GitHub. June 13, 2026)

Claude Fable 5 (claude-fable-5), released June 9, 2026, was designed as the Anthropic top tier at $10/$50 per MTok for long-running agentic tasks, but access was suspended on June 12, 2026 following a US government export control directive. When availability is restored, Fable 5 is worth evaluating for large-codebase refactors or root-cause diagnosis across deeply nested CI failures. Until then, Sonnet 4.6 and Opus 4.8 cover the Anthropic range, with GLM-5.2 as the subscription-priced alternative. (Anthropic. “Claude Fable 5 and Mythos 5.” Anthropic News. June 9, 2026)

Q: Does the action work without an Anthropic API key? A: Yes, through several paths. Claude Pro and Max subscribers can generate an OAuth token via claude setup-token and use claude_code_oauth_token instead of anthropic_api_key, though as of early 2026 there have been recurring reports of these tokens being rejected for third-party/CI use — treat this path as unreliable until Anthropic stabilizes OAuth for external tooling. The more robust alternatives: teams with existing AWS or GCP agreements can route through Bedrock or Vertex AI using OIDC, with no Anthropic billing relationship required. Workload Identity Federation offers the same zero-static-secret property for direct Anthropic API access and is the preferred approach for production pipelines. [Updated June 2026]


sources · 5 cited