Claude Code in GitHub Actions: A Complete Guide to Automated PR Fixes

Q: Does Claude automatically merge PRs after fixing CI failures?

No. By default, Claude commits to a new branch and links to the PR creation page. A human must approve and merge. Automatic merging requires explicitly granting elevated permissions and configuring the relevant GitHub tools in claude_args.

Q: How do I prevent infinite loops when Claude's commits trigger CI again?

Add !startsWith(github.event.workflowrun.headbranch, 'claude-auto-fix-ci-') to your workflow's if condition. This prevents Claude's own fix branches from re-triggering the auto-fix workflow.

Q: Can external contributors trigger the action with @claude in a comment?

No. By default only users with write access to the repository can trigger Claude. External contributors are blocked unless explicitly whitelisted using the allowednonwrite_users parameter, which the official docs recommend against for public repositories.

Q: Which Claude model should I use for routine CI fixes?

Claude Sonnet 4.6 is the right default for routine CI work. It handles typical test failures, lint errors, and type errors reliably at $3/$15 per million tokens. Opus 4.8 (still Anthropic's most capable Opus-tier model) is the step up for complex multi-file reasoning at $5/$25 per MTok. Claude Fable 5 (claude-fable-5), released June 9, 2026 as Anthropic's most capable widely released model, is the top tier at $10/$50 per MTok: it operates autonomously across millions of tokens and is built for long-running agentic tasks where prior Claude models would stall or lose context. For a typical 50-PR-per-month team, Fable 5 is worth evaluating for large-codebase refactors or root-cause diagnosis across deeply nested CI failures, while Sonnet 4.6 remains the cost-efficient default for everything else. Both Fable 5 and Opus 4.8 support 1M-token context and 128k max output, so context limits are no longer the deciding factor: only the per-token rate and reasoning depth are. (Anthropic. "Claude Fable 5 and Mythos 5." Anthropic News. June 9, 2026)

Q: Does the action work without an Anthropic API key?

Yes. Claude Pro and Max subscribers can generate an OAuth token via claude setup-token and use claudecodeoauthtoken instead of anthropicapi_key. Teams with existing AWS or GCP agreements can route through Bedrock or Vertex AI using OIDC, with no Anthropic billing relationship required. Workload Identity Federation offers the same zero-static-secret property for direct Anthropic API access. ---

You can run Claude Code as a fully autonomous GitHub Actions agent today using the official anthropics/claude-code-action@v1, responding to PR comments, auto-fixing failing CI tests, and posting code reviews. For most teams running 50 PRs a month, API costs are typically modest — usually in the single-digit dollar range. The pattern is production-ready, with built-in guardrails to prevent runaway loops and unauthorized access. The action supports the full current model lineup: Sonnet 4.6 for routine tasks, Opus 4.8 for complex multi-file reasoning, and Claude Fable 5 (Anthropic’s most capable widely released model as of June 9, 2026) for long-running agentic jobs that require sustained autonomy across large codebases.

What Is the Claude Code GitHub Action?

The anthropics/claude-code-action@v1 is Anthropic’s official GitHub Action that runs the full Claude Code runtime inside a standard GitHub Actions runner. It launched September 29, 2025 as part of Claude Code 2.0 and is built on Anthropic’s Agent SDK. (Anthropic. “Claude Code GitHub Actions.” Official Documentation. September 2025)

Unlike typical AI reviewer tools that produce static comment threads, this action gives Claude a live shell environment: it can read files, run git commands, edit code, install dependencies, and push commits. When wired into your workflow, it becomes a software agent that acts on your repository, not just one that talks about it.

The action supports two distinct modes:

Interactive mode: Claude listens for @claude mentions in PR comments, issues, and review threads, then executes whatever the commenter requests.
Automation mode: Claude is given a prompt parameter directly in the workflow YAML and runs headlessly on every matching event (PR open, CI failure, issue creation, etc.).

Most production pipelines use both: interactive mode for ad-hoc developer requests and automation mode for continuous gatekeeping.

How to Set Up the Claude Code Action

Three Setup Paths

Anthropic offers three ways to get started, depending on your billing model:

Path 1: Quickstart (API users) Run /install-github-app inside the Claude Code terminal. It installs the Claude GitHub App, configures repository secrets, and creates a starter workflow: the fastest route for direct API users.

Path 2: Manual Setup

Install the Claude GitHub App at github.com/apps/claude. It requests Read & Write access to Contents, Issues, and Pull Requests.
Add ANTHROPIC_API_KEY to your repository’s Secrets (Settings → Secrets and variables → Actions).
Copy the example workflow from the official repo and commit it to .github/workflows/.

Path 3: OAuth Token (Pro and Max subscribers) As of v1.0.44, Claude Pro and Max plan users can authenticate without a per-token API key using an OAuth token instead:

claude update # ensure v1.0.44+ claude setup-token # outputs CLAUDE_CODE_OAUTH_TOKEN

Add the generated token to GitHub Secrets as CLAUDE_CODE_OAUTH_TOKEN and reference it in the workflow with claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}.

The Four Core Workflow Patterns

1. Interactive Comment Trigger

The simplest deployment: Claude activates only when a team member types @claude in a PR comment or issue.

name: Claude Code on: issue_comment: types: [created] pull_request_review_comment: types: [created] issues: types: [opened, assigned] pull_request_review: types: [submitted]

jobs: claude: runs-on: ubuntu-latest permissions: contents: write pull-requests: write issues: write steps: - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

With this in place, any write-access team member can type @claude fix the failing test in auth.spec.ts in a PR comment and Claude will check out the branch, read the error, edit the file, and push the fix.

2. Automated PR Code Review

This triggers on every new or updated PR, running Claude against the diff before human reviewers engage:

name: Claude PR Review on: pull_request: types: [opened, synchronize] paths-ignore: - ‘*.md’ - ‘docs/**’

jobs: review: runs-on: ubuntu-latest permissions: contents: read pull-requests: write concurrency: group: claude-review-${{ github.event.pull_request.number }} cancel-in-progress: true steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} prompt: | Review this pull request. Focus on: 1. Logic errors and potential bugs 2. Security vulnerabilities 3. Performance issues (N+1 queries, unnecessary allocations) 4. Missing error handling Format your review with ## Summary, ## Issues Found (file:line, severity), ## Positive Notes. claude_args: “—max-turns 5 —model claude-sonnet-4-6”

The concurrency block is important: without it, rapid commits to a PR branch could spawn parallel Claude jobs that race to post conflicting reviews.

3. CI Failure Auto-Fix (The High-Impact Pattern)

This is where Claude Code becomes a genuine force multiplier. The workflow triggers when your CI pipeline fails, creates a new branch, downloads the failure logs, and gives Claude the tools to diagnose and patch the problem:

name: Auto Fix CI Failures on: workflow_run: workflows: [“CI”] types: [completed]

permissions: contents: write pull-requests: write actions: read issues: write id-token: write

jobs: auto-fix: if: | github.event.workflow_run.conclusion == ‘failure’ && github.event.workflow_run.pull_requests[0] && !startsWith(github.event.workflow_run.head_branch, ‘claude-auto-fix-ci-’) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.workflow_run.head_branch }} fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }}

  - name: Setup git identity
    run: |
      git config --global user.email "claude[bot]@users.noreply.github.com"
      git config --global user.name "claude[bot]"

  - name: Create fix branch
    id: branch
    run: |
      BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
      git checkout -b "$BRANCH_NAME"
      echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT

  - uses: anthropics/claude-code-action@v1
    with:
      prompt: |
        The CI pipeline failed. Diagnose the failure logs and fix the root cause.
        Failed run: ${{ github.event.workflow_run.html_url }}
      anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
      claude_args: "--allowedTools 'Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(git:*),Bash(npm:*)' --max-turns 10"

The critical guard is the if condition: !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-'). Without this, every Claude commit would re-trigger the fixer, creating an infinite loop. Claude’s own fix branches are excluded from triggering new fix attempts.

For teams running this pattern against large monorepos or deeply nested failure chains, Claude Fable 5 (claude-fable-5) is worth evaluating here specifically. Its 1M-token context window and sustained autonomy across long tasks are designed for exactly the kind of multi-step diagnosis the auto-fix workflow demands. At $10/$50 per MTok (2x Opus 4.8’s rate), the cost calculus depends on how often your CI produces failures that require more than a handful of reasoning steps. See how Opus 4.8 handles agentic loop integrity for context on why model choice matters in self-modifying CI pipelines, and Claude Code vs Cursor vs Copilot: the 2026 comparison for how this action fits against competing approaches.

4. Structured Output for Downstream Decisions

Claude can return structured JSON that later workflow steps consume, for example detecting flaky tests before deciding whether to retry or escalate:

name: Classify failure id: analyze uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} prompt: “Examine the test output. Is this a flaky test or a real regression?” claude_args: | —json-schema ’{“type”:“object”,“properties”:{“is_flaky”:{“type”:“boolean”},“confidence”:{“type”:“number”},“summary”:{“type”:“string”}},“required”:[“is_flaky”,“confidence”,“summary”]}’
name: Retry if flaky if: fromJSON(steps.analyze.outputs.structured_output).is_flaky == true run: gh workflow run CI

Cost Controls That Actually Work

Running Claude against every PR commit without guardrails can accumulate costs quickly. These controls, applied together, keep automation affordable:

Control	How to Apply	Effect
`--max-turns N`	`claude_args: "--max-turns 5"`	Hard cap on agentic steps per invocation
Concurrency group	`cancel-in-progress: true`	Cancels queued runs when new commits arrive
Event type filtering	`types: [opened]` not `[opened, synchronize]`	Fires once per PR, not per commit
Path filtering	`paths-ignore: ['.md', 'docs/*']`	Skips doc-only changes entirely
Model selection	`--model claude-sonnet-4-6`	Sonnet ($3/$15 per MTok) handles most CI tasks; Opus 4.8 ($5/$25) for deep reasoning; Fable 5 ($10/$50) for long-running agentic jobs
Workflow timeout	`timeout-minutes: 10`	Kills runaway jobs before they exhaust turn budget
Tool scoping	`--allowedTools 'Edit,Read,Grep'`	Restricts operations, reducing unnecessary turns

Based on community benchmarks, at time of writing the per-PR API cost with Sonnet runs approximately:

PR Size	Lines Changed	Estimated Cost
Small	< 200	$0.01 – $0.03
Medium	200 – 1,000	$0.05 – $0.15
Large	1,000+	$0.20 – $0.50

For teams running 50 PRs per month, total API spend typically stays under $5. (myougatheaxo. “Automate Code Reviews on Every PR with Claude Code + GitHub Actions.” DEV Community. 2025) Teams with higher monthly token spend may find a Claude Max subscription more economical; the plan bundles usage and eliminates per-token billing unpredictability. Teams comparing this against GitHub-native Copilot agents should weigh the Copilot June 1, 2026 token-metered transition before committing to either pricing model.

Security Guardrails

Access Control

By default, only repository contributors with write access can trigger Claude. External contributors and bots are blocked unless explicitly listed in allowed_bots. Setting allowed_non_write_users: "*" bypasses this restriction entirely, and the official documentation flags this as a significant security risk. (Anthropic. claude-code-action Security Documentation. GitHub)

When allowed_non_write_users is set, the action scrubs Anthropic, cloud, and GitHub Actions secrets from subprocess environments. On Linux runners with bubblewrap available, subprocesses additionally run with PID-namespace isolation. This reduces but does not eliminate prompt injection risk — keep workflow permissions minimal and validate all outputs.

Prompt Injection Protection

The action automatically strips hidden content from trigger inputs: HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities. This guards against prompt injection via crafted PR descriptions or issue bodies. That said, the docs recommend reviewing raw content from external contributors before allowing Claude to process anything security-sensitive.

You can also set CLAU DE_CODE_SCRIPT_CAPS as a JSON map — for example, '{"edit-issue-labels.sh":2}' — to limit how many times Claude can invoke specific helper scripts per run.

CLAUDE.md Behavioral Constraints

Create a CLAUDE.md file at the repository root to define hard behavioral rules Claude follows in every workflow invocation:

CLAUDE.md

Boundaries

Never modify files in /vendor/ or /generated/
Never push directly to main or release/* branches
Do not suggest architectural changes in routine CI fix PRs

Review Standards

Flag any hardcoded credentials as critical, block PR merge
All new functions require unit tests

Code Style

Follow existing patterns before introducing new abstractions

This file functions as a persistent system prompt that outlasts individual workflow runs, ensuring consistent behavior across interactive and automated triggers.

Principle of Least Privilege

Match workflow permissions to what the job actually needs:

permissions: contents: write # only if Claude pushes commits pull-requests: write # only if Claude posts comments or opens PRs issues: write # only if Claude labels or comments on issues actions: read # only for accessing CI logs id-token: write # only for OIDC auth (Bedrock/Vertex/federation)

Granting contents: write to a review-only job that only needs to post comments is a common misconfiguration worth auditing.

Behavioral Summary vs. Competing Approaches

Approach	Setup	PR Cost	Human Loop	Customizable?
`claude-code-action@v1`	Low (minutes)	$0.01–$0.50	Optional	High (CLAUDE.md + args)
Direct CLI in runner	Medium	Same	Manual	Full
CodeRabbit / similar	None	Subscription	Optional	Low–Medium
Custom LLM reviewer	High	Variable	Manual	Full

The action wrapper adds the GitHub App token handling, prompt injection filtering, progress tracking, and structured output support that raw CLI usage requires you to build yourself.

Frequently Asked Questions

Q: Does Claude automatically merge PRs after fixing CI failures? A: No. By default, Claude commits to a new branch and links to the PR creation page. A human must approve and merge. Automatic merging requires explicitly granting elevated permissions and configuring the relevant GitHub tools in claude_args.

Q: How do I prevent infinite loops when Claude’s commits trigger CI again? A: Add !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-') to your workflow’s if condition. This prevents Claude’s own fix branches from re-triggering the auto-fix workflow.

Q: Can external contributors trigger the action with @claude in a comment? A: No. By default only users with write access to the repository can trigger Claude. External contributors are blocked unless explicitly whitelisted using the allowed_non_write_users parameter, which the official docs recommend against for public repositories.

Q: Which Claude model should I use for routine CI fixes? A: Claude Sonnet 4.6 is the right default for routine CI work. It handles typical test failures, lint errors, and type errors reliably at $3/$15 per million tokens. Opus 4.8 (still Anthropic’s most capable Opus-tier model) is the step up for complex multi-file reasoning at $5/$25 per MTok. Claude Fable 5 (claude-fable-5), released June 9, 2026 as Anthropic’s most capable widely released model, is the top tier at $10/$50 per MTok: it operates autonomously across millions of tokens and is built for long-running agentic tasks where prior Claude models would stall or lose context. For a typical 50-PR-per-month team, Fable 5 is worth evaluating for large-codebase refactors or root-cause diagnosis across deeply nested CI failures, while Sonnet 4.6 remains the cost-efficient default for everything else. Both Fable 5 and Opus 4.8 support 1M-token context and 128k max output, so context limits are no longer the deciding factor: only the per-token rate and reasoning depth are. (Anthropic. “Claude Fable 5 and Mythos 5.” Anthropic News. June 9, 2026)

Q: Does the action work without an Anthropic API key? A: Yes. Claude Pro and Max subscribers can generate an OAuth token via claude setup-token and use claude_code_oauth_token instead of anthropic_api_key. Teams with existing AWS or GCP agreements can route through Bedrock or Vertex AI using OIDC, with no Anthropic billing relationship required. Workload Identity Federation offers the same zero-static-secret property for direct Anthropic API access.