Automate Code Reviews with Claude Code: GitHub Integration Guide

Setup Integration

Start by running the /install-github-app command inside Claude. The command checks for the GitHub CLI; if it is missing, you will be prompted to install and configure it.

Installation Steps

Install the Claude Code app on your GitHub account.

Add your API key.

The command automatically generates a Pull Request containing the required workflow files.

After merging, the .github/workflows directory in your repository will contain two workflow files.

Third‑Party Model Adaptation

If you only have a third‑party large model (e.g., GLM), place the provided workflow configuration files from the .github/workflow directory into the same path in your project and commit them.

Then add three repository secrets in Settings → Secrets and variables → Actions → New repository secret : ANTHROPIC_API_KEY: your GLM API key ANTHROPIC_BASE_URL:

https://open.bigmodel.cn/api/anthropic

ANTHROPIC_MODEL

:

glm-5

Note: All workflow files depend on these three secret values; the base_url must not include a /v1 suffix.

Default GitHub Actions

The integration provides two main workflows:

Mention Action

Pull Request Action

Mention Action

In any Issue or Pull Request, mention @claude. Claude will:

Analyze the request and create a task plan.

Execute the task with full repository access.

Post the result back to the Issue or PR.

The behavior is defined in the claude.md file of the workflow.

Pull Request Action

When a Pull Request is opened, Claude automatically:

Reviews the proposed changes.

Analyzes the impact of the modifications.

Posts a detailed report on the Pull Request.

The prompt used for the review is defined in the workflow YAML, for example:

REPO: ${{ github.repository }
PR NUMBER: ${{ github.event.pull_request.number }}

Please review this Pull Request.

Changed files:
${{ steps.changed-files.outputs.all_changed_files }}

Analyze the following:
1. **Code quality** – style, naming, potential bugs
2. **Security** – XSS, SQL injection, etc.
3. **Performance** – any performance issues
4. **Best practices** – project conventions, React/Tailwind usage
5. **Impact** – effect on existing functionality

Respond in Chinese with concrete improvement suggestions.

Use `gh pr comment` to post the comment.

Provide context (repository, PR number, changed files) so Claude knows what to review and use the gh CLI to post comments, as Claude itself has no direct commenting tool.

Task Trigger Conditions

The workflow runs only when specific conditions are met, for example when an issue comment contains @claude:

jobs:
  claude:
    if: |
      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude'))
      ...

Custom Workflow

After merging the initial Pull Request, you can customize the workflow files to suit your project.

Add Project Setup

- name: Project Setup
  run: |
    npm run setup
    npm run dev:daemon

Custom Instructions

custom_instructions: |
  The project is already set up with all dependencies installed.
  The server is running at localhost:3000 and logs are written to logs.txt.
  You can query the db with the 'sqlite3' CLI.
  Use the mcp__playwright tools to launch a browser and interact with the app.

MCP Server Configuration

mcp_config: |
  {
    "mcpServers": {
      "playwright": {
        "command": "npx",
        "args": ["@playwright/mcp@latest", "--allowed-origins", "localhost:3000;cdn.tailwindcss.com;esm.sh"]
      }
    }
  }

Task Permissions

permissions:
  contents: read   # read repository code
  issues: write    # write issue comments
  pull-requests: write  # write PR comments
  id-token: write  # OIDC token for GLM authentication

Tool Permissions

When running Claude in GitHub Actions, you must explicitly list all allowed tools, especially for MCP servers.

claude_args: |
  --allowedTools "Read,Edit,Write,Glob,Grep,Bash(npm:*),Bash(npx:*),Bash(sqlite3:*),Bash(cat:*),Bash(ls:*),mcp__playwright_browser_snapshot,mcp__playwright_browser_click,mcp__playwright_browser_type,mcp__playwright_browser_navigate,mcp__playwright_browser_wait_for"

Model Configuration (GLM Compatibility)

env:
  ANTHROPIC_AUTH_TOKEN: ${{ secrets.ANTHROPIC_API_KEY }}
  ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
  ANTHROPIC_DEFAULT_OPUS_MODEL: glm-5
  ANTHROPIC_DEFAULT_SONNET_MODEL: glm-4.7
  ANTHROPIC_DEFAULT_HAIKU_MODEL: glm-4.5-air

Important: For Chinese models, the environment variable keys must match exactly; custom keys are not allowed.

Conclusion

Start with the default workflows and gradually customize them.

Provide custom instructions to give Claude project‑specific context.

When using MCP servers, list each allowed tool explicitly.

Test simple tasks before tackling complex automation.

Adjust additional steps to meet the specific needs of your project.

Integrating Claude with GitHub transforms it from a development assistant into an automated team member that can handle tasks, review code, and deliver insights directly within your GitHub workflow.