How to Use Claude Code in GitHub Actions (2026)

Claude Code is Anthropic's CLI tool that brings Claude directly into your terminal and codebase. By integrating it into GitHub Actions, you can automate AI-powered code reviews, generate PR summaries, run automated refactoring, and add intelligent quality checks to your CI/CD pipeline. This guide shows you how to set it up step by step.

What Can Claude Code Do in CI/CD?

Here are the most practical use cases for Claude Code in GitHub Actions:

Use Case	Description	Trigger
PR Code Review	Automated review with suggestions	Pull request opened/updated
PR Summary	Generate a description from the diff	Pull request opened
Bug Detection	Scan changed files for common bugs	Pull request, push
Documentation	Auto-generate docs for new functions	Pull request
Test Generation	Create test cases for changed code	Pull request
Migration Assistance	Suggest updates for dependency changes	Scheduled, manual

Prerequisites

A GitHub repository
An Anthropic API key (get one at console.anthropic.com)
Basic familiarity with GitHub Actions YAML syntax

Step 1: Store Your API Key as a Secret

Never hardcode API keys in your workflow files. Add your Anthropic API key as a GitHub repository secret:

1. Go to your repository on GitHub
2. Click Settings > Secrets and variables > Actions
3. Click "New repository secret"
4. Name: ANTHROPIC_API_KEY
5. Value: sk-ant-xxxxx (your key)
6. Click "Add secret"

Step 2: Basic Claude Code Workflow

Create a workflow file at .github/workflows/claude-review.yml:

name: Claude Code Review

on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write

jobs:
  claude-review:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for diff

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install Claude Code
        run: npm install -g @anthropic-ai/claude-code

      - name: Get PR diff
        id: diff
        run: |
          git diff origin/${{ github.base_ref }}...HEAD > pr_diff.txt
          echo "diff_size=$(wc -c < pr_diff.txt)" >> $GITHUB_OUTPUT

      - name: Run Claude Code Review
        if: steps.diff.outputs.diff_size > 0
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          claude -p --output-format text "$(cat <<'PROMPT'
          Review the following pull request diff. Focus on:
          1. Potential bugs or logic errors
          2. Security concerns
          3. Performance issues
          4. Code style and readability

          Be concise. Only mention real issues, not style nitpicks.
          Format your response as a markdown list.

          Diff:
          $(cat pr_diff.txt)
          PROMPT
          )" > review_output.md

      - name: Post review comment
        if: steps.diff.outputs.diff_size > 0
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review_output.md', 'utf8');

            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `## Claude Code Review\n\n${review}\n\n---\n*Automated review by Claude Code*`
            });

Step 3: PR Summary Generator

Automatically generate a PR description from the code changes:

name: Claude PR Summary

on:
  pull_request:
    types: [opened]

permissions:
  contents: read
  pull-requests: write

jobs:
  generate-summary:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install Claude Code
        run: npm install -g @anthropic-ai/claude-code

      - name: Generate PR summary
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          # Get the diff
          DIFF=$(git diff origin/${{ github.base_ref }}...HEAD)

          # Get commit messages
          COMMITS=$(git log origin/${{ github.base_ref }}...HEAD --oneline)

          claude -p --output-format text "$(cat <<PROMPT
          Generate a pull request summary based on these changes.

          Format:
          ## Summary
          (2-3 sentences describing what this PR does)

          ## Changes
          (Bulleted list of key changes)

          ## Testing
          (Suggested testing steps)

          Commits:
          $COMMITS

          Diff:
          $DIFF
          PROMPT
          )" > summary.md

      - name: Update PR description
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const summary = fs.readFileSync('summary.md', 'utf8');

            await github.rest.pulls.update({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.issue.number,
              body: summary
            });

Step 4: Automated Test Generation

Generate tests for new or modified files:

name: Claude Test Generator

on:
  pull_request:
    types: [opened, synchronize]
    paths:
      - "src/**/*.ts"
      - "src/**/*.js"
      - "!src/**/*.test.*"
      - "!src/**/*.spec.*"

permissions:
  contents: write
  pull-requests: write

jobs:
  generate-tests:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.head_ref }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install dependencies
        run: |
          npm ci
          npm install -g @anthropic-ai/claude-code

      - name: Find changed files without tests
        id: changed
        run: |
          FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD \
            | grep -E '^src/.*\.(ts|js)$' \
            | grep -v -E '\.(test|spec)\.' \
            | head -5)
          echo "files=$FILES" >> $GITHUB_OUTPUT

      - name: Generate tests with Claude
        if: steps.changed.outputs.files != ''
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          for FILE in ${{ steps.changed.outputs.files }}; do
            TEST_FILE="${FILE%.ts}.test.ts"
            if [ ! -f "$TEST_FILE" ]; then
              echo "Generating tests for $FILE..."
              claude -p --output-format text \
                "Read the file $FILE and generate comprehensive unit tests for it. \
                 Use the existing test framework in this project. \
                 Output only the test file content, no explanations." \
                > "$TEST_FILE"
            fi
          done

      - name: Commit generated tests
        run: |
          git config user.name "claude-code[bot]"
          git config user.email "claude-code[bot]@users.noreply.github.com"
          git add "src/**/*.test.ts"
          git diff --staged --quiet || git commit -m "test: add AI-generated tests for changed files"
          git push

Step 5: Security Scan Workflow

Use Claude to identify security issues in code changes:

name: Claude Security Scan

on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install Claude Code
        run: npm install -g @anthropic-ai/claude-code

      - name: Run security analysis
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          DIFF=$(git diff origin/${{ github.base_ref }}...HEAD)

          claude -p --output-format text "$(cat <<PROMPT
          Analyze this code diff for security vulnerabilities.
          Check for:
          - SQL injection
          - XSS vulnerabilities
          - Hardcoded secrets or credentials
          - Insecure deserialization
          - Path traversal
          - Missing input validation
          - Insecure dependencies

          If no issues found, respond with "No security issues detected."
          If issues found, list each with severity (HIGH/MEDIUM/LOW),
          the file and line, and a suggested fix.

          Diff:
          $DIFF
          PROMPT
          )" > security_report.md

      - name: Post security report
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const report = fs.readFileSync('security_report.md', 'utf8');

            if (!report.includes('No security issues detected')) {
              await github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: context.issue.number,
                body: `## Security Scan Results\n\n${report}\n\n---\n*Scanned by Claude Code*`
              });
            }

Cost Management

Claude Code in CI/CD can consume API credits quickly. Here are strategies to control costs:

Strategy	Implementation
Limit diff size	Truncate diffs over 10,000 lines
Skip drafts	Add `if: github.event.pull_request.draft == false`
Filter by file type	Use `paths` filter in the trigger
Use caching	Cache npm install of Claude Code
Rate limit	Run only on the latest commit, not every push
Use `--max-turns 1`	Prevent multi-turn agent loops

Diff Size Guard

- name: Check diff size
  id: size_check
  run: |
    DIFF_LINES=$(git diff origin/${{ github.base_ref }}...HEAD | wc -l)
    if [ "$DIFF_LINES" -gt 5000 ]; then
      echo "skip=true" >> $GITHUB_OUTPUT
      echo "Diff too large ($DIFF_LINES lines), skipping AI review"
    else
      echo "skip=false" >> $GITHUB_OUTPUT
    fi

- name: Run Claude review
  if: steps.size_check.outputs.skip == 'false'
  # ... rest of the step

Troubleshooting

Issue	Cause	Solution
"API key not found"	Secret not configured	Add `ANTHROPIC_API_KEY` to repository secrets
Workflow times out	Large diff or slow response	Add `timeout-minutes: 10` to the job
Empty review output	Diff too large for context	Truncate diff or review specific files only
Permission denied on PR comment	Missing permissions	Add `pull-requests: write` to permissions
Claude Code not found	Installation failed	Pin the npm version: `npm install -g @anthropic-ai/claude-code@latest`

Best Practices

Set timeouts. Add timeout-minutes: 10 to prevent runaway workflows.
Use --print mode. Always use claude -p in CI to avoid interactive prompts.
Limit context. Send only the diff and relevant files, not the entire codebase.
Handle failures gracefully. Use continue-on-error: true so the AI review does not block merges.
Review AI output. Treat Claude's comments as suggestions, not authoritative verdicts.
Pin versions. Pin Claude Code and action versions for reproducible builds.

Conclusion

Integrating Claude Code into GitHub Actions adds an intelligent layer to your CI/CD pipeline. Whether you use it for code review, PR summaries, test generation, or security scanning, the setup is straightforward -- install Claude Code, pass the diff, and post the results. The key is managing costs by filtering triggers and limiting diff sizes.

For development teams building applications with AI-generated media -- video, images, or talking avatars -- Hypereal AI provides production-ready APIs that integrate naturally into CI/CD pipelines for automated asset generation and testing.