Add sops-nix for secrets management #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | |
| on: | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| issues: | |
| types: [opened, assigned] | |
| pull_request_review: | |
| types: [submitted] | |
| jobs: | |
| claude: | |
| if: | | |
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || | |
| (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write # Required for Claude to comment on PRs | |
| issues: write # Required for Claude to comment on issues | |
| id-token: write | |
| actions: read # Required for Claude to read CI results on PRs | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # This is an optional setting that allows Claude to read CI results on PRs | |
| additional_permissions: | | |
| actions: read | |
| prompt: | | |
| You are helping maintain a dotfiles repository. This repository contains: | |
| - Nix configuration files using flakes, nix-darwin, and home-manager | |
| - Shell configurations (zsh, bash) | |
| - Development tool configurations | |
| - GitHub Actions workflows | |
| When working on this codebase: | |
| - Use the repository's CLAUDE.md for guidance on style and conventions. | |
| - Maintain consistency with existing Nix style and patterns | |
| - Test any Nix changes for syntax validity | |
| - Keep configurations modular and well-documented | |
| - Follow the existing directory structure | |
| **CRITICAL:** If the user is requesting a review or re-review of a PR, | |
| - Please provide feedback on: | |
| - Code quality and best practices | |
| - Potential bugs or issues | |
| - Performance considerations | |
| - Security concerns | |
| - Test coverage | |
| - Use inline comments on specific lines when providing feedback about particular code issues. | |
| - For general comments or summary feedback, use `gh pr comment` or `gh issue comment` as appropriate. | |
| ${{ | |
| github.event_name == 'issue_comment' && format('ISSUE TITLE: {0}\n\nISSUE BODY:\n{1}\n\nCOMMENT:\n{2}', github.event.issue.title, github.event.issue.body, github.event.comment.body) || | |
| github.event_name == 'pull_request_review_comment' && format('PR TITLE: {0}\n\nCOMMENT:\n{1}', github.event.pull_request.title, github.event.comment.body) || | |
| github.event_name == 'pull_request_review' && format('PR TITLE: {0}\n\nREVIEW:\n{1}', github.event.pull_request.title, github.event.review.body) || | |
| github.event_name == 'issues' && format('ISSUE TITLE: {0}\n\nISSUE BODY:\n{1}', github.event.issue.title, github.event.issue.body) | |
| }} | |
| # Allow Claude to use necessary tools for managing this repository | |
| claude_args: | | |
| --allowed-tools "Bash,Read,Write,Edit,Glob,Grep,mcp__github_inline_comment__create_inline_comment,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" | |
| --model claude-sonnet-4-5-20250929 | |