anthropics/claude-code-base-action

anthropics/claude-code-base-action

Description: This repo is a mirror of the contents of base-action in https://github.com/anthropics/claude-code-action.

Language: TypeScript

License: MIT

Stars: 868

Forks: 605

Open issues: 14

Created: 2025-05-19T15:25:00Z

Pushed: 2026-06-10T21:01:53Z

Default branch: main

Fork: no

Archived: no

README:

⚠️ This is a Mirror Repository

This repository is an automated mirror of the base-action directory from anthropics/claude-code-action.

Do not submit PRs or issues to this repository. Instead, please contribute to the main repository:

• 🐛 Report issues
• 🔧 Submit pull requests
• 📖 View documentation

---

Claude Code Base Action

This GitHub Action allows you to run Claude Code within your GitHub Actions workflows. You can use this to build any custom workflow on top of Claude Code.

For simply tagging @claude in issues and PRs out of the box, check out the Claude Code action and GitHub app.

Trust model

This action is a thin wrapper that installs and runs Claude Code with the inputs you provide. It does not enforce any trust boundaries on its own. Running this action in a directory is equivalent to running Claude Code in that directory — Claude reads project-level configuration (.claude/, CLAUDE.md, .mcp.json, etc.) from the working directory, and the action's own setup steps run from there as well.

The caller is responsible for ensuring the working directory and prompt are trusted. If your workflow processes untrusted input (issues, fork pull requests, external comments), use `anthropics/claude-code-action` instead — it provides actor permission checks, restores project configuration from the base ref in PR contexts, and is the supported path for those scenarios.

See Claude Code's security documentation and the GitHub Actions guidance on `pull_request_target` for background.

Usage

Add the following to your workflow file:

# Using a direct prompt
- name: Run Claude Code with direct prompt
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Or using a prompt from a file
- name: Run Claude Code with prompt file
uses: anthropics/claude-code-base-action@beta
with:
prompt_file: "/path/to/prompt.txt"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Or limiting the conversation turns
- name: Run Claude Code with limited turns
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
max_turns: "5" # Limit conversation to 5 turns
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Using custom system prompts
- name: Run Claude Code with custom system prompt
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Build a REST API"
system_prompt: "You are a senior backend engineer. Focus on security, performance, and maintainability."
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Or appending to the default system prompt
- name: Run Claude Code with appended system prompt
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Create a database schema"
append_system_prompt: "After writing code, be sure to code review yourself."
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Using custom environment variables
- name: Run Claude Code with custom environment variables
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Deploy to staging environment"
claude_env: |
ENVIRONMENT: staging
API_URL: https://api-staging.example.com
DEBUG: true
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Using fallback model for handling API errors
- name: Run Claude Code with fallback model
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Review and fix TypeScript errors"
model: "claude-opus-4-1-20250805"
fallback_model: "claude-sonnet-4-20250514"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Using OAuth token instead of API key
- name: Run Claude Code with OAuth token
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Update dependencies"
allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Workload Identity Federation

Instead of a static API key or OAuth token, you can authenticate via Workload Identity Federation: the action fetches the workflow's GitHub OIDC token and the Claude Code CLI exchanges it for a short-lived access token. Requires the id-token: write permission on the job:

permissions:
contents: read
id-token: write

steps:
- name: Run Claude Code with workload identity federation
uses: anthropics/claude-code-base-action@beta
with:
prompt: "Your prompt here"
anthropic_federation_rule_id: fdrl_xxxxxxxxxxxx
anthropic_organization_id: 00000000-0000-0000-0000-000000000000
anthropic_service_account_id: svac_xxxxxxxxxxxx

Do not set anthropic_api_key or claude_code_oauth_token alongside the federation inputs — a static credential takes precedence and federation will not be used.

Inputs

| Input | Description | Required | Default | | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------- | | prompt | The prompt to send to Claude Code | No\* | '' | | prompt_file | Path to a file containing the prompt to send to Claude Code | No\* | '' | | allowed_tools | Comma-separated…