Skip to content

ci: expand Claude GitHub Action permissions for git operations #2048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 1, 2025
Merged

ci: expand Claude GitHub Action permissions for git operations #2048

merged 1 commit into from
Nov 1, 2025
+21 −7

Conversation

@sanity
Copy link
Collaborator

@sanity sanity commented Nov 1, 2025

Why

Currently Claude's GitHub Action has read-only permissions, which prevents it from performing useful git operations like rebasing branches, pushing commits, or updating PR metadata. This came up in #2031 (comment) where Claude couldn't rebase a PR when requested.

What Changed

Upgraded workflow permissions from read-only to write access:

  • contents: write - Enables git rebase, push, and branch management
  • pull-requests: write - Allows PR updates, requesting reviews, and merging
  • issues: write - Enables commenting and label management
  • checks: read - Allows reading CI check results

Also updated checkout step:

  • Set fetch-depth: 0 for full git history (required for rebase operations)
  • Explicitly use GITHUB_TOKEN for git operations

Added documentation with examples of what Claude can now do and how to optionally restrict specific operations using claude_args.

What Claude Can Now Do

With these permissions, Claude can:

  • Rebase branches on main
  • Push commits (including --force-with-lease)
  • Create and delete branches
  • Update PR descriptions and metadata
  • Request reviewers and approve PRs
  • Add comments to issues and PRs
  • Manage labels

Testing

The changes are backwards compatible - existing Claude interactions continue to work, but now with expanded capabilities.

[AI-assisted - Claude]

@sanity @claude
ci: expand Claude GitHub Action permissions for git operations
4d73495 
Upgrade Claude's workflow permissions from read-only to write access:
- contents: write - enables git rebase, push, and branch management
- pull-requests: write - allows PR updates, reviews, and merging
- issues: write - enables commenting and label management
- checks: read - allows reading CI check results

Also update checkout to fetch full git history (fetch-depth: 0)
required for rebase operations.

This allows Claude to perform common development tasks like rebasing
PRs, pushing commits, and managing PR/issue metadata directly from
the GitHub Action workflow.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@sanity sanity enabled auto-merge November 1, 2025 21:34
@sanity sanity added this pull request to the merge queue Nov 1, 2025
Merged via the queue into main with commit a7bfd06 Nov 1, 2025
10 checks passed
@sanity sanity deleted the ci/claude-permissions branch November 1, 2025 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sanity