From f85fe06d202b4f2d1c0ed2cddb84e6df8dff3bf2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Nov 2025 09:05:11 +0000 Subject: [PATCH 1/5] chore(deps): bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/bump_templates.yaml | 2 +- .github/workflows/e2e.yaml | 2 +- .github/workflows/pub_publish.yaml | 2 +- .github/workflows/site.yaml | 2 +- .github/workflows/site_deploy.yaml | 2 +- .github/workflows/spdx_license.yaml | 4 ++-- .github/workflows/spdx_license_bot.yaml | 2 +- .github/workflows/sync_labels.yaml | 2 +- .github/workflows/test_optimizer.yaml | 2 +- .github/workflows/very_good_cli.yaml | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/bump_templates.yaml b/.github/workflows/bump_templates.yaml index 721855ede..3f6b91a7d 100644 --- a/.github/workflows/bump_templates.yaml +++ b/.github/workflows/bump_templates.yaml @@ -10,7 +10,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: dart-lang/setup-dart@v1 with: diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index bb866595d..3da96a075 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -46,7 +46,7 @@ jobs: steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: ๐Ÿฆ Setup Flutter uses: subosito/flutter-action@v2 diff --git a/.github/workflows/pub_publish.yaml b/.github/workflows/pub_publish.yaml index c7c9d614d..4fa989bd5 100644 --- a/.github/workflows/pub_publish.yaml +++ b/.github/workflows/pub_publish.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: ๐ŸŽฏ Setup Dart uses: dart-lang/setup-dart@v1 with: diff --git a/.github/workflows/site.yaml b/.github/workflows/site.yaml index 1ac0571d4..ad6d393fd 100644 --- a/.github/workflows/site.yaml +++ b/.github/workflows/site.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: โš™๏ธ Setup Node uses: actions/setup-node@v6 diff --git a/.github/workflows/site_deploy.yaml b/.github/workflows/site_deploy.yaml index f78c55b60..b4a356d86 100644 --- a/.github/workflows/site_deploy.yaml +++ b/.github/workflows/site_deploy.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: โš™๏ธ Setup Node uses: actions/setup-node@v6 diff --git a/.github/workflows/spdx_license.yaml b/.github/workflows/spdx_license.yaml index e8e59d45f..b08555387 100644 --- a/.github/workflows/spdx_license.yaml +++ b/.github/workflows/spdx_license.yaml @@ -31,7 +31,7 @@ jobs: # https://github.com/VeryGoodOpenSource/very_good_workflows/issues/150 steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: ๐ŸŽฏ Setup Dart uses: dart-lang/setup-dart@v1 @@ -66,7 +66,7 @@ jobs: steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: ๐ŸŽฏ Setup Dart uses: dart-lang/setup-dart@v1 diff --git a/.github/workflows/spdx_license_bot.yaml b/.github/workflows/spdx_license_bot.yaml index 1280101ce..57f02757f 100644 --- a/.github/workflows/spdx_license_bot.yaml +++ b/.github/workflows/spdx_license_bot.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: ๐Ÿ“š Git Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: ๐ŸŽฏ Setup Dart uses: dart-lang/setup-dart@v1 diff --git a/.github/workflows/sync_labels.yaml b/.github/workflows/sync_labels.yaml index dd0166ae6..d3c878d94 100644 --- a/.github/workflows/sync_labels.yaml +++ b/.github/workflows/sync_labels.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: ๐Ÿš€ Run Label Sync uses: srealmoreno/label-sync-action@v2 diff --git a/.github/workflows/test_optimizer.yaml b/.github/workflows/test_optimizer.yaml index a80e93eb8..6f1a8c1f6 100644 --- a/.github/workflows/test_optimizer.yaml +++ b/.github/workflows/test_optimizer.yaml @@ -28,7 +28,7 @@ jobs: verify_bundle: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: dart-lang/setup-dart@v1 with: diff --git a/.github/workflows/very_good_cli.yaml b/.github/workflows/very_good_cli.yaml index 1973fe1f0..894503223 100644 --- a/.github/workflows/very_good_cli.yaml +++ b/.github/workflows/very_good_cli.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: subosito/flutter-action@v2.8.0 with: From d3a79f3835e2b4527a29e118ee226130eb81db35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 09:55:33 +0000 Subject: [PATCH 2/5] chore(deps): bump actions/checkout from 4 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/claude.yaml | 2 +- .github/workflows/claude_code_review.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml index 3b0b3cb47..49a186080 100644 --- a/.github/workflows/claude.yaml +++ b/.github/workflows/claude.yaml @@ -26,7 +26,7 @@ jobs: pull-requests: read steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/claude_code_review.yaml b/.github/workflows/claude_code_review.yaml index 9be74340a..ae366a950 100644 --- a/.github/workflows/claude_code_review.yaml +++ b/.github/workflows/claude_code_review.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: refs/pull/${{ github.event.pull_request.number }}/merge fetch-depth: 1 From 7440781fa5a66eb88a81918029e45a926ea2016f Mon Sep 17 00:00:00 2001 From: Marcos Sevilla Date: Wed, 18 Feb 2026 11:22:57 +0100 Subject: [PATCH 3/5] fix: claude workflows for dependabot --- .github/workflows/claude.yaml | 2 +- .github/workflows/claude_code_review.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml index 3b0b3cb47..49a186080 100644 --- a/.github/workflows/claude.yaml +++ b/.github/workflows/claude.yaml @@ -26,7 +26,7 @@ jobs: pull-requests: read steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/claude_code_review.yaml b/.github/workflows/claude_code_review.yaml index 9be74340a..17383b39e 100644 --- a/.github/workflows/claude_code_review.yaml +++ b/.github/workflows/claude_code_review.yaml @@ -6,6 +6,7 @@ on: jobs: claude-review: + if: github.actor != 'dependabot[bot]' runs-on: ubuntu-latest permissions: issues: read @@ -15,7 +16,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: refs/pull/${{ github.event.pull_request.number }}/merge fetch-depth: 1 From a60910c059818d10ce0a7012faf499b31b4c96a0 Mon Sep 17 00:00:00 2001 From: Marcos Sevilla Date: Wed, 18 Feb 2026 11:28:39 +0100 Subject: [PATCH 4/5] fix: check user who opened the PR --- .github/workflows/claude_code_review.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude_code_review.yaml b/.github/workflows/claude_code_review.yaml index 17383b39e..bf66520d8 100644 --- a/.github/workflows/claude_code_review.yaml +++ b/.github/workflows/claude_code_review.yaml @@ -6,7 +6,7 @@ on: jobs: claude-review: - if: github.actor != 'dependabot[bot]' + if: github.event.pull_request.user.login != 'dependabot[bot]' runs-on: ubuntu-latest permissions: issues: read From 76112745c36275b1898c8e901e7e079f25ac081f Mon Sep 17 00:00:00 2001 From: Marcos Sevilla Date: Wed, 18 Feb 2026 11:52:28 +0100 Subject: [PATCH 5/5] ci: improve claude workflows --- .github/workflows/claude.yaml | 18 +++++----- .github/workflows/claude_code_review.yaml | 40 ++++++++++++++--------- 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml index 49a186080..e52cadfe3 100644 --- a/.github/workflows/claude.yaml +++ b/.github/workflows/claude.yaml @@ -19,11 +19,11 @@ jobs: (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: - issues: read - actions: read # Required for Claude to read CI results on PRs - contents: read + contents: write + pull-requests: write + issues: write id-token: write - pull-requests: read + actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository uses: actions/checkout@v6 @@ -34,10 +34,10 @@ jobs: id: claude uses: anthropics/claude-code-action@v1 with: - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + assignee_trigger: "claude-bot" claude_args: | - --max-turns 5 --model claude-opus-4-6 - # This is an optional setting that allows Claude to read CI results on PRs - additional_permissions: | - actions: read + --max-turns 5 + --allowedTools "Bash(dart pub get),Bash(dart test:*),Bash(dart analyze:*),Bash(dart format:*)" + --system-prompt "Follow our coding standards. Ensure all new code has tests. Use TypeScript for new files." diff --git a/.github/workflows/claude_code_review.yaml b/.github/workflows/claude_code_review.yaml index bf66520d8..3534d418f 100644 --- a/.github/workflows/claude_code_review.yaml +++ b/.github/workflows/claude_code_review.yaml @@ -1,34 +1,44 @@ name: claude_code_review on: - pull_request_target: + pull_request: types: [opened, synchronize, ready_for_review, reopened] jobs: - claude-review: - if: github.event.pull_request.user.login != 'dependabot[bot]' + review-with-tracking: runs-on: ubuntu-latest permissions: - issues: read contents: read + pull-requests: write id-token: write - pull-requests: read - steps: - name: Checkout repository uses: actions/checkout@v6 with: - ref: refs/pull/${{ github.event.pull_request.number }}/merge fetch-depth: 1 - - name: Run Claude Code Review - id: claude-review + - name: PR Review uses: anthropics/claude-code-action@v1 with: - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - plugin_marketplaces: "https://github.com/anthropics/claude-code.git" - plugins: "code-review@claude-code-plugins" - prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}" + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + track_progress: true + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + Please review this pull request focusing on the changed files. + + Note: The PR branch is already checked out in the current working directory. + + Provide feedback on: + - Code quality and adherence to best practices + - Potential bugs or edge cases + - Performance considerations + - Security implications + - Suggestions for improvement + + Since this PR touches critical source code paths, please be thorough + in your review and provide inline comments where appropriate. + claude_args: | - --max-turns 5 - --model claude-opus-4-6 + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"