Claude Code can run in GitHub Actions for automated quality checks. Here's how we integrate company-standard skills into CI.
1.1 Basic Pattern
yaml
# .github/workflows/claude-review.yml
name: AI Code Review
on:
pull_request:
branches: [main, develop]
jobs:
ai-review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Run Security Review
uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
Run the security review skill on the changes in this PR.
Report any critical issues as PR comments.
Use the skill at .claude/skills/security-review/SKILL.md1.2 Zone-Based CI Enforcement
Zone A — Advisory only:
yaml
# Runs code-review skill, posts findings as comments
# Does not block merge on AI findings aloneZone B — Blocking:
yaml
# Runs security-review skill
# Fails the CI check if CRITICAL severity issues are found
# Requires human resolution before mergeZone C — Don't automate Claude Code in CI
1.3 Using Skills in CI
Reference shared skill files directly:
yaml
- name: AI Quality Gate
uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt_file: .claude/skills/security-review/SKILL.md
additional_prompt: "Focus on the files changed in this PR only."