AgentSkillsCN

cc-actions

高效配置 Claude Code GitHub Actions 工作流。涵盖自动模式检测、事件路由、子代理协调、质量门限钩子、MCP 服务器集成、可复用工作流、性能优化,以及针对基于分叉的 PR 所需的安全最佳实践。 适用于 GitHub Actions、CI/CD 自动化、PR 审查、问题自动化、claude-code-action、ChatOps、MCP 服务器、分叉安全,或可复用工作流等相关场景。

SKILL.md
--- frontmatter
name: cc-actions
description: |
  Configure Claude Code GitHub Actions workflows effectively. Covers automatic mode detection,
  event routing, subagent coordination, hooks for quality gates, MCP server integration,
  reusable workflows, performance optimization, and security best practices for fork-based PRs.
  Use when working with GitHub Actions, CI/CD automation, PR reviews, issue automation,
  claude-code-action, chatops, MCP servers, fork safety, or reusable workflows.
user-invocable: true
allowed-tools: Read Write Edit Glob Grep Bash

Claude Code GitHub Actions

Configure automation using anthropics/claude-code-action with event routing, subagents, hooks, and MCP integration.

Quick Start

yaml
name: Claude Code
on:
  issue_comment: { types: [created] }
  pull_request: { types: [opened, synchronize] }
  issues: { types: [opened, labeled] }

permissions:
  contents: write
  pull-requests: write
  issues: write

jobs:
  claude:
    if: github.actor != 'github-actions[bot]'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

Core Concepts

ConceptPurposeDetails
Event RoutingRoute GitHub events to behaviorspatterns/event-routing.md
SubagentsParallel execution in isolated contextspatterns/subagents.md
HooksQuality gates and automationpatterns/hooks.md
MCP ServersExternal tool integrationofficial-docs/configuration.md
PermissionsTool and access controlpatterns/permissions.md
SecurityFork-safe PR handlingpatterns/security.md
Reusable WorkflowsOrganization-wide sharingpatterns/reusable-workflows.md
PerformanceOptimization patternspatterns/performance.md
SkillsDomain expertisepatterns/skill-usage.md
Official DocsUpstream documentationofficial-docs/

Key Patterns

Event Routing

yaml
jobs:
  pr-comment:
    if: github.event_name == 'issue_comment' && github.event.issue.pull_request
  issue-comment:
    if: github.event_name == 'issue_comment' && !github.event.issue.pull_request
  label-triggered:
    if: contains(github.event.issue.labels.*.name, 'claude-implement')

Subagents

yaml
prompt: |
  Delegate to 3 parallel subagents:
  1. Security Agent: OWASP Top 10, auth checks
  2. Performance Agent: N+1 queries, memory leaks
  3. Style Agent: Naming, documentation, tests

Hooks

json
{
  "hooks": {
    "PostToolUse": [{
      "matcher": "Edit|Write",
      "hooks": [{ "type": "command", "command": "npx prettier --write $(jq -r '.tool_input.file_path')" }]
    }],
    "Stop": [{
      "hooks": [{ "type": "command", "command": "npm run lint && npm test" }]
    }]
  }
}

Performance

yaml
concurrency:
  group: claude-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  pull_request:
    paths: ['src/**', '!**/*.md']

Tuning Reference

ScenarioMax TurnsModelTimeout
Triage/labeling2-3sonnet5 min
Code review8-12sonnet15 min
Implementation15-20sonnet20 min
Security audit10-15opus30 min

Critical Gotchas

  1. --allowedTools vs --disallowedTools

    • allowedTools only skips prompts—does NOT restrict tools
    • Use disallowedTools to actually block: --disallowedTools Bash,Run,Edit
  2. MCP + Subagents

    • MCP tools do NOT work in background subagents
    • Always run MCP operations in foreground
  3. Fork Safety

    • pull_request event = safe (read-only token, no secrets)
    • pull_request_target = dangerous if you checkout fork code
    • Never: checkout ref: ${{ github.event.pull_request.head.sha }} with secrets
  4. Hook Exit Codes

    • 0 = continue
    • 2 = block, feed stderr to Claude
    • Other = log error, don't block
  5. Subagent Limits

    • ~10 concurrent subagents max
    • Additional tasks queue

Examples

See examples/ for 14 production-ready use cases:

#Use CaseTechniques
1Parallel Review PipelineSubagents, concurrency
2ChatOps Command RouterEvent routing, comment parsing
3Issue-to-ImplementationLabel triggers, Stop hooks
4Compliance FirewallPreToolUse blocking, PostToolUse formatting
5Security ReviewPath filtering, tool restrictions
6Monorepo Supportdorny/paths-filter, language skills
7Ticket SyncMCP servers (foreground!)
8Fork-Safe Reviewpull_request event, disallowedTools
9Scheduled MaintenanceCron, parallel subagents
10Documentation SyncScheduled, MCP
11Dependency ReviewBot filtering, semver skill
12Release NotesRelease event, categorization
13Reusable Workflowworkflow_call, inputs/outputs
14CLAUDE.md PatternProject context, conventions

Patterns

  • Event Routing - Conditions, label routing, author associations
  • Subagents - Creation, parallel execution, built-in types
  • Hooks - All events, exit codes, JSON parsing, examples
  • Permissions - Tool control layers, known issues
  • Security - Fork handling, external contributors, safe patterns
  • Reusable Workflows - workflow_call, composite actions
  • Performance - Concurrency, caching, path filtering
  • Skills - Domain expertise, skill structure, hooks

Official Docs

Synced from anthropics/claude-code-action:

  • Configuration - MCP servers, settings, custom tools
  • Security - API key protection, commit signing
  • Usage - Inputs, outputs, migration guide