Spaces:
Running on CPU Upgrade
Running on CPU Upgrade
Aksel Joonas Reedi commited on
ci: bypass OIDC for Claude review on pull_request_target (#134)
Browse filesThe GitHub App token-exchange endpoint rejects OIDC tokens minted for
pull_request_target events ('401 Invalid OIDC token'), so every review
has failed since the switch from pull_request in #123. Pass GITHUB_TOKEN
directly to skip the exchange; comments post as github-actions[bot]
instead of claude[bot], which is the documented trade-off.
.github/workflows/claude-review.yml
CHANGED
|
@@ -62,5 +62,12 @@ jobs:
|
|
| 62 |
- uses: anthropics/claude-code-action@v1
|
| 63 |
with:
|
| 64 |
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 65 |
track_progress: true
|
| 66 |
prompt: ${{ steps.compose.outputs.prompt }}
|
|
|
|
| 62 |
- uses: anthropics/claude-code-action@v1
|
| 63 |
with:
|
| 64 |
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
|
| 65 |
+
# Bypass the OIDC -> Claude GitHub App token exchange. That exchange
|
| 66 |
+
# rejects OIDC tokens minted for pull_request_target events with
|
| 67 |
+
# "401 Invalid OIDC token", which broke every review after the switch
|
| 68 |
+
# away from pull_request. Using the workflow's GITHUB_TOKEN works for
|
| 69 |
+
# both same-repo and fork PRs; comments post as github-actions[bot]
|
| 70 |
+
# instead of claude[bot], which is the documented trade-off.
|
| 71 |
+
github_token: ${{ secrets.GITHUB_TOKEN }}
|
| 72 |
track_progress: true
|
| 73 |
prompt: ${{ steps.compose.outputs.prompt }}
|