Skip to main content

CI/CD Integration

Module: Automation | Lesson: 3 of 3 | Time: ~10 minutes

What You Will Learn

  • How to use Claude Code in GitHub Actions workflows
  • How to set up automated code review
  • How to schedule recurring Claude tasks

Prerequisites

What Is CI/CD?

CI/CD stands for Continuous Integration / Continuous Deployment. It is a system that automatically runs tasks whenever you push code to a repository. For example, every time you push a commit to GitHub, a CI/CD pipeline can automatically:

  • Run your tests
  • Check your code for errors
  • Build your project
  • Deploy it to a server

The most common CI/CD tool for GitHub is GitHub Actions. Since Claude Code can run in headless mode (the -p flag you learned about), it fits naturally into these automated pipelines. Imagine pushing code and having Claude automatically review it for bugs -- that is what we are building toward in this lesson.

info

You do not need a CI/CD pipeline set up to follow this lesson. We will walk through the concepts and show you the files you would create. If you have a GitHub repository, you can try these examples for real.

How GitHub Actions Works

GitHub Actions uses workflow files written in YAML (a simple configuration format). These files live in a .github/workflows/ folder inside your repository. Each workflow file defines:

  1. When to run -- on push, on pull request, on a schedule, etc.
  2. What machine to use -- usually a Linux or Windows virtual machine provided by GitHub
  3. What steps to execute -- a list of commands to run in order

Here is a minimal example that has nothing to do with Claude yet, just to show the structure:

# .github/workflows/hello.yml
name: Hello World

on:
  push:
    branches: [main]

jobs:
  greet:
    runs-on: ubuntu-latest
    steps:
      - name: Say hello
        run: echo "Hello from GitHub Actions!"

This workflow runs every time you push to the main branch. It spins up a Linux machine and prints "Hello from GitHub Actions!"

Adding Claude Code to a GitHub Action

To use Claude Code in a GitHub Actions workflow, you need to:

  1. Install Claude Code in the workflow
  2. Provide your API key as a secret (never hard-code it)
  3. Run claude -p with your prompt

Here is a complete example workflow that uses Claude to review code on every pull request:

# .github/workflows/claude-review.yml
name: Claude Code Review

on:
  pull_request:
    branches: [main]

jobs:
  review:
    runs-on: ubuntu-latest

    steps:
      # Step 1: Check out the repository code
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      # Step 2: Set up Node.js (required for Claude Code)
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      # Step 3: Install Claude Code
      - name: Install Claude Code
        run: npm install -g @anthropic-ai/claude-code

      # Step 4: Get the diff of changed files
      - name: Get PR diff
        id: diff
        run: |
          echo "diff<<EOF" >> $GITHUB_OUTPUT
          git diff origin/main...HEAD >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

      # Step 5: Run Claude to review the changes
      - name: Claude Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude -p "Review this code diff for bugs, security issues, and style problems. Be concise and actionable:

          ${{ steps.diff.outputs.diff }}" --output-format json > review.json

      # Step 6: Display the review
      - name: Show Review
        run: |
          cat review.json | python3 -c "import sys,json; print(json.load(sys.stdin)['result'])"

Let's break down what each step does:

StepPurpose
Checkout codeDownloads your repository onto the CI machine
Setup Node.jsInstalls Node.js, which Claude Code requires
Install Claude CodeInstalls Claude Code globally on the CI machine
Get PR diffCaptures the code changes in this pull request
Claude ReviewSends the diff to Claude and saves the JSON response
Show ReviewExtracts and displays Claude's review text

Storing API Keys Securely

Never hard-code your API key

Your Anthropic API key is like a password. If you put it directly in a workflow file, anyone who can see your repository can see your key and use it (and rack up charges on your account). Always use GitHub Secrets.

To add your API key as a GitHub Secret:

  1. Go to your repository on GitHub
  2. Click Settings (the gear icon in the top menu)
  3. In the left sidebar, click Secrets and variables, then Actions
  4. Click New repository secret
  5. Set the name to ANTHROPIC_API_KEY
  6. Paste your API key as the value
  7. Click Add secret

In your workflow file, you reference the secret using ${{ secrets.ANTHROPIC_API_KEY }}. GitHub replaces this with the actual key at runtime, but the key is never visible in logs or to other users.

Automated Code Review on Pull Requests

The workflow above already does automated code review. Let's enhance it to post the review as a comment on the pull request itself, so your team can see it:

      # Step 7: Post review as PR comment
      - name: Post Review Comment
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = JSON.parse(fs.readFileSync('review.json', 'utf8'));
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `## Claude Code Review\n\n${review.result}\n\n---\n*Automated review by Claude Code*`
            });

Now every pull request automatically gets a review comment from Claude. This is incredibly useful for catching bugs early.

Scheduled Tasks

You can also run Claude on a schedule using cron syntax. For example, this workflow runs every Monday at 9 AM UTC and asks Claude to generate a weekly summary of recent commits:

# .github/workflows/weekly-summary.yml
name: Weekly Summary

on:
  schedule:
    - cron: '0 9 * * 1'  # Every Monday at 9:00 AM UTC

jobs:
  summarize:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 50

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install Claude Code
        run: npm install -g @anthropic-ai/claude-code

      - name: Generate Weekly Summary
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          COMMITS=$(git log --oneline --since="7 days ago")
          claude -p "Write a brief weekly development summary based on these commits: $COMMITS" > weekly-summary.txt
          cat weekly-summary.txt
Cron syntax quick reference

Cron expressions have five fields: minute hour day-of-month month day-of-week. Here are some common examples:

  • 0 9 * * 1 -- Every Monday at 9:00 AM
  • 0 0 * * * -- Every day at midnight
  • 0 */6 * * * -- Every 6 hours
  • 0 9 1 * * -- First day of every month at 9:00 AM

Security Considerations

When running Claude Code in CI/CD, keep these important security practices in mind:

  1. API keys in secrets only. Never put keys in workflow files, README files, or code comments.

  2. Limit permissions. Use the --allowedTools flag to restrict what Claude can do in CI:

    run: claude -p "Review this code" --allowedTools "Read,Grep,Glob"

    This prevents Claude from writing files or running bash commands in your pipeline.

  3. Review costs. Each CI run that calls Claude costs tokens. If you have a busy repository with many pull requests, costs can accumulate. Consider running Claude only on PRs to main (not on every branch push).

  4. Do not expose secrets in logs. GitHub automatically masks secrets in logs, but be careful about commands that might echo the key. Never run echo $ANTHROPIC_API_KEY or similar.

  5. Pin your Claude Code version. Instead of always installing the latest version, pin a specific version to avoid surprises:

    run: npm install -g @anthropic-ai/claude-code@1.0.0

Try It Yourself

  1. Read the YAML. Go back through the claude-review.yml example above and make sure you understand what each step does. If anything is unclear, start Claude Code interactively and ask:

    Explain what this GitHub Actions YAML does step by step

    Then paste the YAML.

  2. Create a workflow file locally. In any Git repository on your computer, create the folder structure and file:

    mkdir -Force .github\workflows
    notepad .github\workflows\claude-review.yml

    Paste the code review workflow from this lesson and save it. You do not need to push it yet -- just practice creating the file.

  3. Think about your use case. What repetitive task would you like Claude to do automatically? Write down the trigger (on push? on schedule?) and the prompt you would use.

  4. If you have a GitHub repository, try adding the ANTHROPIC_API_KEY secret (Settings > Secrets) and pushing the workflow file. Open a pull request and watch the action run.

What You Learned

  • GitHub Actions runs automated tasks using YAML workflow files in .github/workflows/
  • Claude Code works in CI/CD pipelines using claude -p with the --output-format json flag
  • API keys must always be stored as GitHub Secrets, never hard-coded in files
  • Automated code review posts Claude's analysis directly on pull requests
  • Scheduled workflows can run Claude on a cron schedule for recurring tasks
  • Security best practices include limiting tool permissions, pinning versions, and watching costs
Help Us Improve

How was this lesson? Take 2 minutes to share your feedback — it helps us make the tutorials better for everyone.

Give Feedback →

Next Up

Next: Capstone: Build an Automation Script