Claude Code in CI/CD: Automation with GitHub Actions and GitLab
Loading the Text to Speech Audio Player...
Why Claude Code in CI/CD?
Automate repetitive tasks:
- Review Pull Requests
- Fix Issues automatically
- Translate strings
- Update documentation
- Fix lint errors
The concept: @claude mention in a PR or Issue triggers Claude Code.
GitHub Actions
Basic Setup
1. Create Workflow
# .github/workflows/claude.yml
name: Claude Code
on:
issue_comment:
types: [created]
pull_request:
types: [opened, synchronize]
jobs:
claude:
if: contains(github.event.comment.body, '@claude')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}2. Add API Key
- Settings → Secrets → Actions
- New repository secret
- Name:
ANTHROPIC_API_KEY - Value: Your key from Anthropic Console
Use Cases
1. Automatic PR Review
name: PR Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
task: |
Review this PR for:
- Security issues
- Performance problems
- Code style violations
Comment your findings on the PR.2. Fix Issues with @claude
name: Fix Issue
on:
issue_comment:
types: [created]
jobs:
fix:
if: |
github.event.issue.pull_request == null &&
contains(github.event.comment.body, '@claude fix')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
task: |
Fix the issue described in #${{ github.event.issue.number }}
Create a PR with the fix.3. Automatic Translation
name: Translate
on:
push:
paths:
- 'locales/en/**'
jobs:
translate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
task: |
Translate new strings in locales/en/ to Arabic and French.
Create a PR for @lang-team to review.@claude Commands in GitHub
| Command | Action |
|---|---|
@claude review | Review code |
@claude fix | Fix the issue |
@claude explain | Explain the code |
@claude test | Write tests |
@claude docs | Update documentation |
GitLab CI/CD
Basic Setup
# .gitlab-ci.yml
stages:
- claude
claude-review:
stage: claude
image: node:20
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
script:
- npm install -g @anthropic-ai/claude-code
- claude -p "Review this MR and comment findings" --no-input
variables:
ANTHROPIC_API_KEY: $ANTHROPIC_API_KEYEvent-Driven Automation
claude-on-mention:
stage: claude
rules:
- if: $CI_MERGE_REQUEST_DESCRIPTION =~ /@claude/
script:
- npm install -g @anthropic-ai/claude-code
- |
claude -p "
Task from MR description:
$CI_MERGE_REQUEST_DESCRIPTION
Implement the requested changes.
" --no-inputSlack Integration
Mention Claude in Slack
@claude fix the bug in auth module and create a PR
What happens:
- Slack sends request to Claude Code on Web
- Claude clones the repo
- Fixes the issue
- Creates PR
- Replies in Slack with the link
Advanced Examples
1. Automatic Security Review
security-review:
on:
pull_request:
paths:
- 'src/auth/**'
- 'src/api/**'
jobs:
review:
steps:
- uses: anthropic/claude-code-action@v1
with:
task: |
SECURITY REVIEW:
- Check for SQL injection
- Check for XSS vulnerabilities
- Verify authentication logic
- Check secrets handling
Flag any issues as 🚨 SECURITY2. Auto-fix Lint Errors
auto-fix-lint:
on:
pull_request:
types: [opened]
jobs:
fix:
steps:
- run: npm run lint 2>&1 | tee lint-output.txt || true
- uses: anthropic/claude-code-action@v1
with:
task: |
Fix all lint errors in lint-output.txt
Commit with message "fix: auto-fix lint errors"3. Update Changelog
update-changelog:
on:
release:
types: [created]
jobs:
changelog:
steps:
- uses: anthropic/claude-code-action@v1
with:
task: |
Update CHANGELOG.md with:
- Release version: ${{ github.event.release.tag_name }}
- Changes from commits since last release
- Categorize: Features, Fixes, Breaking ChangesBest Practices
1. Define Permissions
permissions:
contents: write # For editing
pull-requests: write # For commenting
issues: read # For reading issues2. Use Rate Limiting
claude-review:
concurrency:
group: claude-${{ github.ref }}
cancel-in-progress: true3. Add Timeout
steps:
- uses: anthropic/claude-code-action@v1
timeout-minutes: 104. Monitor Costs
- uses: anthropic/claude-code-action@v1
with:
max-tokens: 50000 # Maximum limit
model: claude-sonnet-4 # Cheaper than OpusSecurity
✅ Do:
- Use Secrets for API keys
- Define allowed repos
- Review auto-created PRs
- Add main branch protection
❌ Don't:
- Put API key in code
- Give excessive permissions
- Trust changes without review
- Use on sensitive repos without caution
Summary
Claude Code in CI/CD provides:
- Automatic PR review
- Fix Issues with one command
- Automate repetitive tasks
- Save team time
Start small: PR review, then expand gradually.
Series Complete! 🎉
Review all articles:
- Anthropic Story
- What is Claude Code?
- Core Concepts
- Benefits and Use Cases
- Pricing
- Competitor Comparison
- Claude Code on the Web
- IDE Integration
- CI/CD (you are here)
Contact us for consulting on integrating Claude Code into your workflow.
Want to read more blog posts? Check out our latest blog post on Contract & Service-Provider Audit Checklist.
Discuss Your Project with Us
We're here to help with your web development needs. Schedule a call to discuss your project and how we can assist you.
Let's find the best solutions for your needs.