Fix CI permissions: Add explicit tool permissions via claude_args

- Add --allowedTools parameter to all three CI workflows - Explicitly allow gh pr comment, diff, view, and echo commands - Also allow Read, Glob, Grep, and WebFetch tools for reviews - Fixes permission denials that prevented comment posting
2025-10-06 01:00:28 +03:00 · 2025-09-12 13:24:31 -06:00
parent f1dc1dde2e
commit 38628b034a
3 changed files with 6 additions and 0 deletions
--- a/.github/workflows/claude-link-review.yml
+++ b/.github/workflows/claude-link-review.yml
@@ -28,5 +28,7 @@ jobs:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          prompt: "/link-review"
+          claude_args: |
+            --allowedTools "Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(echo:*),Read,Glob,Grep,WebFetch"
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}
--- a/.github/workflows/claude-model-check.yml
+++ b/.github/workflows/claude-model-check.yml
@@ -27,5 +27,7 @@ jobs:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          prompt: "/model-check"
+          claude_args: |
+            --allowedTools "Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(echo:*),Read,Glob,Grep,WebFetch"
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}
--- a/.github/workflows/claude-notebook-review.yml
+++ b/.github/workflows/claude-notebook-review.yml
@@ -28,5 +28,7 @@ jobs:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          prompt: "/notebook-review"
+          claude_args: |
+            --allowedTools "Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(echo:*),Read,Glob,Grep,WebFetch"
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}