cicd-integration
Installation
SKILL.md
CI/CD Integration Patterns
Integrate Claude Code into CI/CD pipelines for automated PR reviews, code generation, test validation, security scanning, and documentation updates. This skill covers GitHub Actions, GitLab CI, pre-commit hooks, and headless execution modes.
GitHub Actions Integration
Use the official anthropics/claude-code-action@v1 action for turnkey GitHub integration.
Supported Features
- Trigger on pull requests, push, schedule, or workflow dispatch
- Environment variable support:
ANTHROPIC_API_KEY,CLAUDE_MODEL - Pipe mode (
claude -p) with JSON output - Tool access filtering via
--allowedTools - Multiple model routing (Opus for reviews, Haiku for checks)
- Cost tracking and budget enforcement
Setup
# .github/workflows/claude-pr-review.yml
name: Claude PR Review
on:
pull_request:
types: [opened, synchronize]
workflow_dispatch:
jobs:
review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: anthropics/claude-code-action@v1
with:
task: |
Review the changes in this PR and provide:
1. Security issues found (if any)
2. Code style or complexity concerns
3. Test coverage gaps
4. Performance suggestions
Format as JSON for PR comment automation.
model: claude-opus-4-1-20250805
allowed-tools: Read,Grep,Glob
output-format: json
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
Usage in PR Comments
# .github/workflows/claude-pr-analysis.yml
name: Claude PR Analysis with Comments
on:
pull_request:
types: [opened, synchronize]
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
id: claude
with:
task: |
{
"goal": "Review files in this PR",
"files": "${{ github.event.pull_request.title }}",
"output": "json"
}
output-format: json
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Comment Review on PR
if: always()
uses: actions/github-script@v7
with:
script: |
const result = JSON.parse('${{ steps.claude.outputs.result }}');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## Claude Code Review\n\n${result.summary}`
});
Code Generation Workflow
# .github/workflows/claude-codegen.yml
name: Generate Code on Dispatch
on:
workflow_dispatch:
inputs:
feature:
description: Feature to generate
required: true
model:
description: Model to use
default: claude-opus-4-1-20250805
required: false
jobs:
generate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
task: Generate ${{ github.event.inputs.feature }}
model: ${{ github.event.inputs.model }}
output-format: json
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Create PR with Generated Code
uses: peter-evans/create-pull-request@v5
with:
commit-message: "feat: ${{ github.event.inputs.feature }}"
title: "Generate: ${{ github.event.inputs.feature }}"
body: "Auto-generated code from Claude Code Expert"
GitLab CI Integration
Configure Claude Code in GitLab CI pipelines using Docker containers and the CLI.
Setup
# .gitlab-ci.yml
stages:
- review
- test
- generate
variables:
CLAUDE_MODEL: claude-haiku-4-5-20251001
CLAUDE_MAX_TURNS: "5"
claude_review:
stage: review
image: node:20-alpine
before_script:
- npm install -g @anthropic-ai/claude-code
script:
- |
claude \
-p "Review the MR changes and identify issues" \
--allowedTools Read,Grep,Glob \
--output-format json > review_output.json
artifacts:
paths:
- review_output.json
expire_in: 1 day
only:
- merge_requests
claude_test_gap:
stage: test
image: node:20-alpine
before_script:
- npm install -g @anthropic-ai/claude-code
script:
- |
claude \
-p "Find test coverage gaps in changed files" \
--allowedTools Read,Grep,Glob \
--max-turns 3
allow_failure: true
With Caching
claude_cached_analysis:
stage: review
image: node:20-alpine
cache:
key: claude-analysis-${CI_COMMIT_SHA}
paths:
- .claude/cache/
- .claude/memory/
before_script:
- npm install -g @anthropic-ai/claude-code
script:
- claude -p "Cached analysis of repo structure"
Pre-Commit Hook Integration
Validate code locally before pushing using Claude Code as a pre-commit hook.
Husky Setup
# Install dependencies
npm install husky lint-staged -D
# Initialize husky
npx husky install
# Create Claude hook
cat > .husky/pre-commit << 'EOF'
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
# Run lint-staged (including Claude)
npx lint-staged
EOF
chmod +x .husky/pre-commit
Lint-Staged Configuration
{
"lint-staged": {
"*.{ts,tsx,js,jsx}": [
"eslint --fix",
"claude -p 'Quick style check' --allowedTools Read,Grep"
],
"*.{md,mdx}": [
"markdown-lint",
"claude -p 'Check documentation clarity' --allowedTools Read"
]
}
}
Direct Pre-Commit Hook
#!/bin/bash
# .git/hooks/pre-commit
# Check staged files with Claude Code
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(ts|tsx|js|jsx)$')
if [ -z "$STAGED_FILES" ]; then
exit 0
fi
echo "Running Claude Code check on staged files..."
if ! claude -p "Security check: $STAGED_FILES" \
--allowedTools Read,Grep,Glob \
--max-turns 2; then
echo "Claude Code check failed. Use 'git commit --no-verify' to bypass."
exit 1
fi
Automated PR Reviews with Structured Output
Use JSON formatting to post structured reviews to PRs.
Review Configuration
#!/bin/bash
# scripts/claude-pr-review.sh
set -euo pipefail
REPO=$1
PR_NUMBER=$2
GITHUB_TOKEN=$3
# Clone PR branch
git clone "https://github.com/$REPO.git" /tmp/pr-check
cd /tmp/pr-check
git fetch origin pull/$PR_NUMBER/head
git checkout FETCH_HEAD
# Run Claude review
REVIEW_JSON=$(claude -p \
"Analyze this PR for: security issues, code quality, test coverage, performance" \
--allowedTools Read,Grep,Glob \
--max-turns 3 \
--output-format json)
# Parse results and post
SECURITY=$(echo "$REVIEW_JSON" | jq -r '.security // "None found"')
QUALITY=$(echo "$REVIEW_JSON" | jq -r '.quality // "Pass"')
TESTS=$(echo "$REVIEW_JSON" | jq -r '.test_coverage // "Adequate"')
curl -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/$REPO/issues/$PR_NUMBER/comments" \
-d @- << EOF
{
"body": "## Claude Code Review\n\n**Security:** $SECURITY\n\n**Quality:** $QUALITY\n\n**Tests:** $TESTS"
}
EOF
rm -rf /tmp/pr-check
Headless Mode Patterns
Execute Claude Code in fully automated environments without interaction.
Read-Only Checks
# Security scan (no write access)
claude -p "Security audit" \
--allowedTools Read,Grep,Glob \
--output-format json \
--max-turns 2
Constrained Sessions
# Limit turn count to prevent runaway costs
claude -p "Generate test stubs" \
--allowedTools Read,Glob,Bash \
--max-turns 5 \
--output-format json
Model Selection for CI
# Haiku for fast checks (cheaper)
CLAUDE_MODEL=claude-haiku-4-5-20251001 claude -p "Style check"
# Opus for complex analysis (more capable)
CLAUDE_MODEL=claude-opus-4-1-20250805 claude -p "Architecture review"
Exit Code Handling
#!/bin/bash
# scripts/claude-ci-validator.sh
if claude -p "Validate build output" \
--allowedTools Read,Glob \
--output-format json; then
echo "Validation passed"
exit 0
else
echo "Validation failed"
exit 1
fi
SDK-Based CI Integration
Use the @anthropic-ai/claude-code npm package for programmatic control.
Installation
npm install @anthropic-ai/claude-code
Basic Usage
// scripts/ci-validator.mjs
import { claudeCode } from '@anthropic-ai/claude-code';
const result = await claudeCode.executeHeadless({
task: 'Analyze test coverage and report gaps',
allowedTools: ['Read', 'Grep', 'Glob'],
outputFormat: 'json',
maxTurns: 3,
model: 'claude-haiku-4-5-20251001'
});
console.log(JSON.stringify(result, null, 2));
process.exit(result.success ? 0 : 1);
Streaming Output
// scripts/ci-streaming.mjs
import { claudeCode } from '@anthropic-ai/claude-code';
const stream = await claudeCode.streamHeadless({
task: 'Generate missing test files',
allowedTools: ['Read', 'Glob'],
model: 'claude-opus-4-1-20250805'
});
for await (const chunk of stream) {
process.stdout.write(chunk.text || '');
if (chunk.status === 'complete') {
process.exit(chunk.exitCode);
}
}
Cost Control in CI
Manage Claude API costs in automated environments.
Budget Estimation
# Haiku: ~$0.80 per million input tokens, $2.40 per million output
# Estimated cost per CI run with Haiku: $0.01-0.05
# Opus: ~$15 per million input tokens, $45 per million output
# Estimated cost per CI run with Opus: $0.10-0.30
# Strategy: Use Haiku for checks, Opus for analysis on schedule
Cost-Optimized Workflow
# .github/workflows/claude-optimized.yml
on:
pull_request:
types: [opened, synchronize]
schedule:
- cron: '0 2 * * *' # Deep analysis daily
jobs:
fast-check:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
task: Quick lint check
model: claude-haiku-4-5-20251001
allowed-tools: Grep,Glob
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
deep-analysis:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
task: Full architecture review
model: claude-opus-4-1-20250805
allowed-tools: Read,Grep,Glob,Bash
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
Secrets Management
Safely handle API keys and credentials in CI/CD.
GitHub Secrets
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
task: Review changes
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
GitLab CI Secrets
claude_review:
variables:
ANTHROPIC_API_KEY: $ANTHROPIC_API_KEY # Set in GitLab UI
script:
- claude -p "Run analysis" --output-format json
Never Log Sensitive Data
#!/bin/bash
# Safe logging in CI
# DON'T do this:
# echo "API Key: $ANTHROPIC_API_KEY"
# DO this:
echo "Starting Claude review (API key configured)"
# Output result without exposing key
claude -p "Review files" 2>&1 | grep -v "Authorization" > output.log
Example Workflows (Copy-Paste Ready)
1. PR Review Bot (GitHub Actions)
# .github/workflows/claude-review-pr.yml
name: Claude PR Review Bot
on:
pull_request:
types: [opened, synchronize]
paths-ignore:
- '**.md'
- 'docs/**'
jobs:
review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
if: github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: anthropics/claude-code-action@v1
id: review
with:
task: |
Review this PR and provide assessment in JSON:
{
"overall_score": 1-10,
"security_issues": [],
"code_quality": "pass|warning|fail",
"test_coverage": "adequate|needs_improvement",
"suggestions": []
}
model: claude-opus-4-1-20250805
allowed-tools: Read,Grep,Glob
output-format: json
max-turns: 3
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Post Review Comment
uses: actions/github-script@v7
if: always()
with:
script: |
const review = JSON.parse(`${{ steps.review.outputs.result }}`);
const comment = `
## Claude Code Review
**Overall Score:** ${review.overall_score}/10
**Code Quality:** ${review.code_quality}
**Test Coverage:** ${review.test_coverage}
${review.suggestions.length > 0 ? '**Suggestions:**\n' + review.suggestions.map(s => `- ${s}`).join('\n') : 'No suggestions'}
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
2. Test Gap Detector (GitHub Actions)
# .github/workflows/claude-test-gaps.yml
name: Detect Test Gaps
on:
pull_request:
paths:
- 'src/**'
jobs:
detect:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
task: |
Identify test coverage gaps in changed files:
1. List files without tests
2. Find untested functions
3. Suggest test cases
Output as JSON array.
model: claude-haiku-4-5-20251001
allowed-tools: Read,Grep,Glob
output-format: json
max-turns: 2
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Fail if critical gaps
run: |
gaps=$(cat ${{ steps.claude.outputs.result }} | jq '.critical_gaps | length')
if [ "$gaps" -gt 0 ]; then
echo "Critical test gaps found!"
exit 1
fi
3. Security Scanner (GitHub Actions)
# .github/workflows/claude-security-scan.yml
name: Security Scan
on:
pull_request:
schedule:
- cron: '0 3 * * 1' # Monday 3 AM
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
task: |
Security audit:
- Check for hardcoded secrets
- Identify SQL injection risks
- Review authentication logic
- Check dependency vulnerabilities
Format: { "vulnerabilities": [], "risk_level": "low|medium|high" }
model: claude-opus-4-1-20250805
allowed-tools: Read,Grep,Glob
output-format: json
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Block on high risk
run: |
risk=$(jq -r '.risk_level' ${{ steps.claude.outputs.result }})
if [ "$risk" = "high" ]; then
echo "High security risk detected!"
exit 1
fi
4. Documentation Updater (GitHub Actions)
# .github/workflows/claude-docs-update.yml
name: Auto-Update Docs
on:
push:
branches: [main]
paths:
- 'src/**'
jobs:
update:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
id: docs
with:
task: |
Update API documentation based on code changes:
1. Regenerate parameter descriptions
2. Update return type docs
3. Add code examples where missing
Output updated markdown files.
model: claude-opus-4-1-20250805
allowed-tools: Read,Glob,Write
max-turns: 5
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Create Documentation PR
uses: peter-evans/create-pull-request@v5
with:
commit-message: 'docs: auto-update from code changes'
title: 'docs: regenerated from source'
body: 'Auto-generated documentation updates'
branch: auto-docs-update
Related skills
More from lobbi-docs/claude
vision-multimodal
Vision and multimodal capabilities for Claude including image analysis, PDF processing, and document understanding. Activate for image input, base64 encoding, multiple images, and visual analysis.
248design-system
Apply and manage the AI-powered design system with 50+ curated styles
126complex-reasoning
Multi-step reasoning patterns and frameworks for systematic problem solving. Activate for Chain-of-Thought, Tree-of-Thought, hypothesis-driven debugging, and structured analytical approaches that leverage extended thinking.
106gcp
Google Cloud Platform services including GKE, Cloud Run, Cloud Storage, BigQuery, and Pub/Sub. Activate for GCP infrastructure, Google Cloud deployment, and GCP integration.
73kanban
Kanban methodology including boards, WIP limits, flow metrics, and continuous delivery. Activate for Kanban boards, workflow visualization, and lean project management.
63debugging
Debugging techniques for Python, JavaScript, and distributed systems. Activate for troubleshooting, error analysis, log investigation, and performance debugging. Includes extended thinking integration for complex debugging scenarios.
59