Skip to content

Fix Claude Code Review workflow permissions#696

Merged
justin808 merged 1 commit intomasterfrom
jg/fix-claude-review-perms
Feb 11, 2026
Merged

Fix Claude Code Review workflow permissions#696
justin808 merged 1 commit intomasterfrom
jg/fix-claude-review-perms

Conversation

@justin808
Copy link
Member

@justin808 justin808 commented Feb 9, 2026
edited by coderabbitai bot
Loading

Summary

  • Add permissions block to the Claude Code Review caller workflow
  • The reusable workflow in shakacode/.github needs issues: write, pull-requests: write, and id-token: write, but callers must explicitly grant these permissions
  • Without this, the workflow fails with: "The nested job is requesting permissions but is only allowed none"

Test plan

  • Verify the Claude Code Review workflow runs successfully on a new PR

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated GitHub Actions workflow permissions to ensure proper operation of automated processes.

@github-actions
Copy link

github-actions bot commented Feb 9, 2026

🚀 Quick Review App Commands

Welcome! Here are the commands you can use in this PR:

/deploy-review-app

Deploy your PR branch for testing

/delete-review-app

Remove the review app when done

/help

Show detailed instructions, environment setup, and configuration options.

@coderabbitai
Copy link

coderabbitai bot commented Feb 9, 2026
edited
Loading

Walkthrough

A permissions block is added to the GitHub Actions workflow configuration, enabling the workflow to read repository contents and write to pull requests, issues, and the OIDC token provider for enhanced security control.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow Configuration
.github/workflows/claude-code-review.yml		 Added permissions block granting read access to contents and write access to pull-requests, issues, and id-token.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A workflow refined with care so fine,
Permissions granted in each line,
Read the contents, write with grace,
Token tokens in their place,
Security blooms, the path is clear! 🌿

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Fix Claude Code Review workflow permissions' accurately summarizes the main change—adding required permissions to the workflow—and is clear, concise, and specific.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch jg/fix-claude-review-perms

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps
Copy link

greptile-apps bot commented Feb 9, 2026

Greptile Overview

Greptile Summary

Added explicit permissions block to the caller workflow to grant necessary permissions (contents: read, pull-requests: write, issues: write, id-token: write) to the reusable workflow in shakacode/.github.

Changes:

  • Added permissions block with four permission grants required by the reusable workflow
  • Fixes "The nested job is requesting permissions but is only allowed none" error

The change follows GitHub Actions' security model where caller workflows must explicitly grant permissions to reusable workflows. The permissions are appropriate for a code review bot that needs to read repository content and write comments to PRs and issues.

Confidence Score: 5/5

  • This PR is safe to merge with no risk
  • The change adds required permissions configuration to fix a known workflow error. The permissions are appropriate and minimal for the workflow's purpose (reading content, writing PR/issue comments, authenticating). The syntax is correct and follows GitHub Actions best practices for reusable workflows.
  • No files require special attention

Important Files Changed

Filename Overview
.github/workflows/claude-code-review.yml Added required permissions block for reusable workflow compatibility

Sequence Diagram

sequenceDiagram
    participant PR as Pull Request Event
    participant Caller as claude-code-review.yml
    participant Reusable as shakacode/.github workflow
    participant GitHub as GitHub API
    
    PR->>Caller: Trigger (opened/synchronize)
    Note over Caller: Grants permissions:<br/>contents: read<br/>pull-requests: write<br/>issues: write<br/>id-token: write
    Caller->>Reusable: Call reusable workflow
    Note over Reusable: Receives granted permissions
    Reusable->>GitHub: Write PR comments
    Reusable->>GitHub: Write issue comments
    Reusable->>GitHub: Authenticate with id-token
    GitHub-->>Reusable: Success
    Reusable-->>Caller: Complete
    Caller-->>PR: Workflow complete
Loading

@justin808 justin808 merged commit 5205064 into master Feb 11, 2026
7 of 8 checks passed
@justin808 justin808 deleted the jg/fix-claude-review-perms branch February 11, 2026 02:24
@github-actions
Copy link

github-actions bot commented Feb 11, 2026
edited
Loading

✅ Review app for PR #696 was successfully deleted

View Completed Delete Logs

Control Plane Organization

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justin808

Comments