Skip to content

Add Claude Code workflow for AI-assisted PR reviews#4738

Draft
shreyas-goenka wants to merge 18 commits intomainfrom
add-claude-code-workflow
Draft

Add Claude Code workflow for AI-assisted PR reviews#4738
shreyas-goenka wants to merge 18 commits intomainfrom
add-claude-code-workflow

Conversation

@shreyas-goenka
Copy link
Contributor

@shreyas-goenka shreyas-goenka commented Mar 13, 2026

Summary

  • Adds a thin caller workflow that invokes the reusable Claude Code workflow from databricks-eng/eng-dev-ecosystem
  • Two modes: automatic PR review (read-only) and interactive @claude mentions (can edit/push)
  • Authentication to the Databricks Model Serving endpoint is handled by the reusable workflow

Depends on

Test plan

  • Verify auto-review triggers on PR open
  • Verify @claude interactive mode on a comment
  • Confirm cross-org workflow_call works with explicit secrets

This pull request was AI-assisted by Isaac.

@shreyas-goenka
Add Claude Code workflow for AI-assisted PR reviews
f12e66b 
Add a workflow that calls the reusable Claude Code workflow in
eng-dev-ecosystem. Provides two modes:
- Automatic PR review on open/sync (read-only)
- Interactive @claude mentions for code changes

Co-authored-by: Isaac
@eng-dev-ecosystem-bot
Copy link
Collaborator

eng-dev-ecosystem-bot commented Mar 13, 2026
edited
Loading

Commit: fcde226

Run: 23074187933

Env 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
💚​ aws linux 8 7 268 787 6:09
💚​ aws windows 8 7 270 785 5:45
🔄​ aws-ucws linux 2 7 7 364 702 6:43
🔄​ aws-ucws windows 2 7 7 366 700 6:22
💚​ azure linux 2 9 271 785 5:32
💚​ azure windows 2 9 273 783 4:22
🔄​ azure-ucws linux 2 1 9 369 698 7:47
🔄​ azure-ucws windows 2 1 9 371 696 5:33
💚​ gcp linux 2 9 267 788 6:05
💚​ gcp windows 2 9 269 786 4:47
16 interesting tests: 7 RECOVERED, 7 SKIP, 2 flaky
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
💚​ TestAccept 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/ssh/connect-serverless-gpu 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/ssh/connection 💚​R 💚​R 🔄​f 🔄​f 💚​R 💚​R 🔄​f 🔄​f 💚​R 💚​R
Top 22 slowest tests (at least 2 minutes):
duration env testname
4:57 aws linux TestAccept/ssh/connection
4:07 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:30 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:27 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:26 aws windows TestAccept/ssh/connection
3:23 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:22 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:13 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:12 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:08 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:08 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:06 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:44 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:41 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:38 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:37 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:35 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:16 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:14 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:09 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:03 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:00 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

@shreyas-goenka
Increase max turns for Claude Code workflows
f2bc990 
Review: 5 → 10 turns. Assist: 10 → 20 turns.

Co-authored-by: Isaac
@shreyas-goenka shreyas-goenka force-pushed the add-claude-code-workflow branch from b418b20 to 0d2b698 Compare March 13, 2026 19:56
@shreyas-goenka shreyas-goenka force-pushed the add-claude-code-workflow branch from 0d2b698 to 6dbf8a3 Compare March 13, 2026 20:03
@shreyas-goenka shreyas-goenka force-pushed the add-claude-code-workflow branch from 6dbf8a3 to 275b67a Compare March 13, 2026 20:17
@shreyas-goenka shreyas-goenka force-pushed the add-claude-code-workflow branch from 275b67a to fc25d50 Compare March 13, 2026 20:25
@shreyas-goenka
Remove secrets from Claude Code workflow caller
47a7034 
The reusable Claude Code workflow in eng-dev-ecosystem now uses GitHub
OIDC federation instead of static secrets, so callers no longer need
to pass any credentials.

Co-authored-by: Isaac
@shreyas-goenka shreyas-goenka force-pushed the add-claude-code-workflow branch from fc25d50 to 47a7034 Compare March 13, 2026 20:33
@shreyas-goenka
Add wildcards to Bash() permission rules for Claude Code workflow
5eea506 
Bash(command) without wildcard is an exact match — it doesn't match
commands with arguments. Add * wildcards so Claude can pass arguments
to allowed commands (e.g. pr-comment --body-file, git log --oneline).

Co-authored-by: Isaac
@shreyas-goenka
Enable inline PR review comments via MCP tool
c831fb5 
Add mcp__github_inline_comment__create_inline_comment to the review
job's allowed tools and update prompts to instruct Claude to post
inline comments on specific lines of the diff.

Co-authored-by: Isaac
@shreyas-goenka
Add MCP tools and fix allowed_tools for Claude Code workflow
832a975 
- Remove erroneous allowed_tools action input that restricted Claude
  to a single tool
- Add mcp__github_ci__* tools to assist job for CI investigation
- Review job already has inline comment MCP tool in settings

Co-authored-by: Isaac
@shreyas-goenka
Pass inline comment tool via claude_args --allowedTools
36559e9 
The MCP inline comment server is only registered when the action
detects the tool in claude_args --allowedTools. Pass it there
instead of only in settings.permissions.allow.

Co-authored-by: Isaac
@shreyas-goenka
Strengthen prompt to require inline comments for code review
fb84c12 
Claude was posting all feedback in a single PR comment instead of
using inline comments on specific lines. Updated prompt to make
inline comments mandatory for code-specific feedback.

Co-authored-by: Isaac
@shreyas-goenka
Trigger Claude Code review
7c70001 
Empty commit to trigger the Claude Code review workflow after
federation policy was created.

Co-authored-by: Isaac
@shreyas-goenka
Restructure into reusable workflow for stable OIDC federation
adbf271 
Split the inline workflow into a reusable workflow (claude-code.yml)
and a caller (claude.yml). This ensures job_workflow_ref always points
to the reusable workflow's ref (@refs/heads/main after merge), making
the federation policy work for all trigger types (pull_request,
issue_comment, pull_request_review_comment).

Co-authored-by: Isaac
@shreyas-goenka
Switch to protected runner group for Databricks IP ACL compatibility
7479fc0 
The deco-testing runner group IPs are blocked by the Databricks account
IP ACL. The protected runner group should have whitelisted egress IPs.

Co-authored-by: Isaac
@shreyas-goenka shreyas-goenka deployed to test-trigger-is March 13, 2026 23:10 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewnester andrewnester Awaiting requested review from andrewnester andrewnester will be requested when the pull request is marked ready for review andrewnester is a code owner

@anton-107 anton-107 Awaiting requested review from anton-107 anton-107 will be requested when the pull request is marked ready for review anton-107 is a code owner

@denik denik Awaiting requested review from denik denik will be requested when the pull request is marked ready for review denik is a code owner

@pietern pietern Awaiting requested review from pietern pietern will be requested when the pull request is marked ready for review pietern is a code owner

@simonfaltum simonfaltum Awaiting requested review from simonfaltum simonfaltum will be requested when the pull request is marked ready for review simonfaltum is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shreyas-goenka @eng-dev-ecosystem-bot