The Claude Code GitHub Action: @claude on Issues and PRs (Setup, Auth, Triggers, Pitfalls)

Install the claude-code-action via /install-github-app, then @-mention Claude on any issue or PR to get a committed branch and a ready-to-click PR link. The biggest gotcha: fork PRs on public repos can't read your ANTHROPIC_API_KEY, so the workflow silently does nothing unless you use pull_request_target on the base branch or Workload Identity Federation.

Episode page & show notes

Try a walking desk - stay healthy & sharp while you learn & code

This episode kicks off Act II: moving from power-user-at-the-keyboard toward supervised automation. A human still approves everything here. We set up the Claude Code GitHub Action so you can write @claude on an issue or pull request and have Claude read the repo, make changes, commit to a branch, and hand you a pre-filled PR link.

Setup. Fastest path: run /install-github-app from inside the Claude Code CLI. It installs the Claude GitHub App, writes the workflow YAML under .github/workflows/, and creates the repo secrets. Needs repo admin, and works for direct Anthropic API users (cloud providers need manual config). Manual setup: install the App, add ANTHROPIC_API_KEY (or CLAUDE_CODE_OAUTH_TOKEN from claude setup-token for Pro/Max), and copy examples/claude.yml into your workflows folder.

Triggers. Default phrase is @claude (word-boundary matched, so not @claude-bot). Default events: issue_comment, pull_request_review_comment, pull_request_review, and issues. Adding a prompt: input flips it into automation mode (runs without a mention).

Permissions. Minimal block: contents: write, pull-requests: write, issues: write, id-token: write. Add actions: read for CI log access. Arbitrary Bash is off by default; enable specific commands via --allowedTools.

Pitfalls.

• Fork PRs can't read secrets on public repos (prompt-injection defense). Fix with pull_request_target + checkout of the base branch, Workload Identity Federation, or a same-repo if: guard.
• Claude's own github-actions[bot] comments can't trigger another run (loop protection). Use a PAT/App token or workflow_run.
• Branch protection can reject direct pushes; allow claude[bot] to bypass or accept the create-branch-then-PR flow.
• Every mention is a full agent run on your key. Batch requests, cap with --max-turns.

As of 2026-06-06, latest release is v1.0.140. v1.0 replaced v0.x's mode/direct_prompt/max_turns with prompt + claude_args. Builds on the prior Headless Claude Code episode: the Action is essentially headless Claude triggered by a GitHub event.