Claude Code in CI/CD: Automation with GitHub Actions and GitLab
Loading the Text to Speech Audio Player...
Why Claude Code in CI/CD?
Automate repetitive tasks:
- Review Pull Requests
- Fix Issues automatically
- Translate strings
- Update documentation
- Fix lint errors
The concept: @claude mention in a PR or Issue triggers Claude Code.
GitHub Actions
Basic Setup
1. Create Workflow
# .github/workflows/claude.yml
name: Claude Code
on:
issue_comment:
types: [created]
pull_request:
types: [opened, synchronize]
jobs:
claude:
if: contains(github.event.comment.body, '@claude')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}2. Add API Key
- Settings → Secrets → Actions
- New repository secret
- Name:
ANTHROPIC_API_KEY - Value: Your key from Anthropic Console
Use Cases
1. Automatic PR Review
name: PR Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
task: |
Review this PR for:
- Security issues
- Performance problems
- Code style violations
Comment your findings on the PR.2. Fix Issues with @claude
name: Fix Issue
on:
issue_comment:
types: [created]
jobs:
fix:
if: |
github.event.issue.pull_request == null &&
contains(github.event.comment.body, '@claude fix')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
task: |
Fix the issue described in #${{ github.event.issue.number }}
Create a PR with the fix.3. Automatic Translation
name: Translate
on:
push:
paths:
- 'locales/en/**'
jobs:
translate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropic/claude-code-action@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
task: |
Translate new strings in locales/en/ to Arabic and French.
Create a PR for @lang-team to review.@claude Commands in GitHub
| Command | Action |
|---|---|
@claude review | Review code |
@claude fix | Fix the issue |
@claude explain | Explain the code |
@claude test | Write tests |
@claude docs | Update documentation |
GitLab CI/CD
Basic Setup
# .gitlab-ci.yml
stages:
- claude
claude-review:
stage: claude
image: node:20
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
script:
- npm install -g @anthropic-ai/claude-code
- claude -p "Review this MR and comment findings" --no-input
variables:
ANTHROPIC_API_KEY: $ANTHROPIC_API_KEYEvent-Driven Automation
claude-on-mention:
stage: claude
rules:
- if: $CI_MERGE_REQUEST_DESCRIPTION =~ /@claude/
script:
- npm install -g @anthropic-ai/claude-code
- |
claude -p "
Task from MR description:
$CI_MERGE_REQUEST_DESCRIPTION
Implement the requested changes.
" --no-inputSlack Integration
Mention Claude in Slack
@claude fix the bug in auth module and create a PR
What happens:
- Slack sends request to Claude Code on Web
- Claude clones the repo
- Fixes the issue
- Creates PR
- Replies in Slack with the link
Advanced Examples
1. Automatic Security Review
security-review:
on:
pull_request:
paths:
- 'src/auth/**'
- 'src/api/**'
jobs:
review:
steps:
- uses: anthropic/claude-code-action@v1
with:
task: |
SECURITY REVIEW:
- Check for SQL injection
- Check for XSS vulnerabilities
- Verify authentication logic
- Check secrets handling
Flag any issues as 🚨 SECURITY2. Auto-fix Lint Errors
auto-fix-lint:
on:
pull_request:
types: [opened]
jobs:
fix:
steps:
- run: npm run lint 2>&1 | tee lint-output.txt || true
- uses: anthropic/claude-code-action@v1
with:
task: |
Fix all lint errors in lint-output.txt
Commit with message "fix: auto-fix lint errors"3. Update Changelog
update-changelog:
on:
release:
types: [created]
jobs:
changelog:
steps:
- uses: anthropic/claude-code-action@v1
with:
task: |
Update CHANGELOG.md with:
- Release version: ${{ github.event.release.tag_name }}
- Changes from commits since last release
- Categorize: Features, Fixes, Breaking ChangesBest Practices
1. Define Permissions
permissions:
contents: write # For editing
pull-requests: write # For commenting
issues: read # For reading issues2. Use Rate Limiting
claude-review:
concurrency:
group: claude-${{ github.ref }}
cancel-in-progress: true3. Add Timeout
steps:
- uses: anthropic/claude-code-action@v1
timeout-minutes: 104. Monitor Costs
- uses: anthropic/claude-code-action@v1
with:
max-tokens: 50000 # Maximum limit
model: claude-sonnet-4 # Cheaper than OpusSecurity
✅ Do:
- Use Secrets for API keys
- Define allowed repos
- Review auto-created PRs
- Add main branch protection
❌ Don't:
- Put API key in code
- Give excessive permissions
- Trust changes without review
- Use on sensitive repos without caution
Summary
Claude Code in CI/CD provides:
- Automatic PR review
- Fix Issues with one command
- Automate repetitive tasks
- Save team time
Start small: PR review, then expand gradually.
Series Complete! 🎉
Review all articles:
- Anthropic Story
- What is Claude Code?
- Core Concepts
- Benefits and Use Cases
- Pricing
- Competitor Comparison
- Claude Code on the Web
- IDE Integration
- CI/CD (you are here)
Contact us for consulting on integrating Claude Code into your workflow.
Want to read more blog posts? Check out our latest blog post on Cut AI API Costs by 90%: Prompt Caching, Model Routing & Gateways.
Discuss Your Project with Us
We're here to help with your web development needs. Schedule a call to discuss your project and how we can assist you.
Let's find the best solutions for your needs.