Claude Code GitHub Actions: Complete Setup and Automation Guide (2026)

Claude Code GitHub Actions transforms your CI/CD pipeline from a passive gatekeeper into an active development participant. Mention @claude in any PR comment or issue, and Claude analyzes context, writes code, creates pull requests, and follows your project’s CLAUDE.md standards — all running on GitHub’s hosted runners.

This guide covers the GA v1.0 release (shipped May 2026), including the simplified configuration model, Skills integration, cloud provider setup for enterprise teams, and cost patterns you need to understand before enabling it on a busy repository.

What Claude Code GitHub Actions Does

The action runs Claude Code inside a GitHub Actions workflow. When triggered, Claude gets full repository context and can:

Create complete pull requests from issue descriptions
Review PRs with security, performance, and correctness lenses
Implement features described in natural language
Fix bugs referenced in issue comments
Run custom automation via Skills and prompts

The key architectural decision: Claude runs on GitHub-hosted runners with your repository checked out. Your code never leaves GitHub’s infrastructure. Authentication happens via your Anthropic API key (or Bedrock/Vertex credentials for enterprise setups).

Quick Setup (Under 5 Minutes)

The fastest path uses the built-in installer. Open Claude Code in your terminal and run:

/install-github-app

This guides you through installing the Claude GitHub App and configuring the required secrets. You need repository admin access.

After setup, test by commenting @claude summarize this PR on any open pull request.

Manual Setup

If the installer fails or you prefer manual configuration:

Install the Claude GitHub App: github.com/apps/claude
Add ANTHROPIC_API_KEY to your repository secrets (Settings → Secrets → Actions)
Create .github/workflows/claude.yml:

name: Claude Code
on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
jobs:
  claude:
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

This minimal configuration responds to @claude mentions in any issue or PR comment.

v1 GA Configuration (Breaking Changes from Beta)

The v1 GA release (May 2026) simplified the configuration model significantly. If you used the beta, these changes are mandatory:

Beta Parameter	v1 Equivalent
`mode: "tag"` or `mode: "agent"`	Removed — auto-detected
`direct_prompt`	`prompt`
`custom_instructions`	`claude_args: --append-system-prompt`
`max_turns`	`claude_args: --max-turns`
`model`	`claude_args: --model`
`allowed_tools`	`claude_args: --allowedTools`

The action now auto-detects its mode: if prompt is provided, it runs immediately (automation mode). If omitted, it waits for @claude mentions (interactive mode).

Key v1 Parameters

Parameter	Description	Required
`prompt`	Instructions or skill name	No
`claude_args`	Any CLI argument	No
`anthropic_api_key`	API key	Yes (direct API)
`github_token`	GitHub token	No
`trigger_phrase`	Custom trigger (default: `@claude`)	No
`use_bedrock`	Use Amazon Bedrock	No
`use_vertex`	Use Google Vertex AI	No
`plugin_marketplaces`	Plugin source URLs	No
`plugins`	Plugins to install	No

Real Workflow Examples

1. Automated Code Review on Every PR

name: Code Review
on:
  pull_request:
    types: [opened, synchronize]
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          plugin_marketplaces: "https://github.com/anthropics/claude-code.git"
          plugins: "code-review@claude-code-plugins"
          prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}"

This installs the official code-review plugin and runs it on every new or updated PR. Claude posts inline comments on specific lines.

2. Issue-to-PR Implementation

name: Implement Issue
on:
  issues:
    types: [labeled]
jobs:
  implement:
    if: github.event.label.name == 'claude-implement'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: "Read the issue description and implement the requested feature. Create a PR with the changes."
          claude_args: "--max-turns 15 --model claude-opus-4-7"

Label an issue with claude-implement, and Claude reads the description, writes the code, and opens a PR.

3. Daily Commit Summary

name: Daily Summary
on:
  schedule:
    - cron: "0 9 * * 1-5"
jobs:
  summary:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          prompt: "Summarize yesterday's commits. Group by author and highlight any breaking changes or security-relevant modifications. Post the summary as an issue."
          claude_args: "--max-turns 5"

4. Using Skills from Your Repository

If you have custom skills in .claude/skills/, invoke them directly:

- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    prompt: "/my-custom-skill"

Skills run with full repository context, making them powerful building blocks for organization-specific automation.

Enterprise Setup: Amazon Bedrock and Google Vertex AI

For organizations that need data residency control or unified cloud billing, Claude Code GitHub Actions supports both Amazon Bedrock and Google Vertex AI as backends.

Amazon Bedrock

Requirements:

Bedrock access with Claude model permissions
GitHub OIDC Identity Provider configured in AWS
IAM role with AmazonBedrockFullAccess policy

steps:
  - uses: actions/checkout@v4
  - uses: aws-actions/configure-aws-credentials@v4
    with:
      role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
      aws-region: us-west-2
  - uses: anthropics/claude-code-action@v1
    with:
      use_bedrock: "true"
      claude_args: "--model us.anthropic.claude-sonnet-4-6 --max-turns 10"

Note the Bedrock model ID format: region prefix + model name (e.g., us.anthropic.claude-sonnet-4-6).

Google Vertex AI

Requirements:

Vertex AI API enabled
Workload Identity Federation configured
Service account with Vertex AI User role

steps:
  - uses: actions/checkout@v4
  - id: auth
    uses: google-github-actions/auth@v2
    with:
      workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
      service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
  - uses: anthropics/claude-code-action@v1
    with:
      use_vertex: "true"
      claude_args: "--model claude-sonnet-4-5@20250929 --max-turns 10"
    env:
      ANTHROPIC_VERTEX_PROJECT_ID: ${{ steps.auth.outputs.project_id }}
      CLOUD_ML_REGION: us-east5

Both approaches use OIDC — no static credentials stored in secrets.

Cost Optimization

Claude Code GitHub Actions has two cost vectors:

GitHub Actions minutes: Runner time on GitHub-hosted infrastructure
API tokens: Claude API usage per interaction

Controlling Costs

Set --max-turns to cap conversation depth (default: 10)
Use Sonnet (claude-sonnet-4-6) for routine reviews, Opus for complex implementations
Add workflow-level timeout-minutes to prevent runaway jobs
Use GitHub’s concurrency controls to limit parallel runs
Only trigger on specific labels or phrases, not all PR events

Cost Estimation

A typical PR review (Sonnet, 5 turns) costs roughly $0.10–0.50 in API tokens depending on codebase size. An implementation task (Opus, 15 turns) can run $2–10. Monthly cost for a team of 10 developers doing daily reviews: approximately $50–150.

CLAUDE.md Integration

Create a CLAUDE.md file at your repository root to guide Claude’s behavior in Actions:

# Project Standards

## Code Review Criteria
- All new functions must have JSDoc comments
- No direct database queries outside the data layer
- Test coverage must not decrease

## PR Standards
- Commit messages follow Conventional Commits
- PRs must reference an issue number
- Breaking changes require a migration guide

Claude reads this file on every invocation, ensuring consistent behavior across all automated interactions.

Security Considerations

API keys must be stored as GitHub Secrets, never hardcoded
The Claude GitHub App requires Contents, Issues, and Pull requests permissions (read & write)
Code runs on GitHub-hosted runners — never leaves GitHub’s infrastructure
Use specific --allowedTools to restrict what Claude can do in sensitive repositories
For enterprise: OIDC authentication (Bedrock/Vertex) avoids storing any credentials

Troubleshooting

Claude not responding to @claude:

Verify the GitHub App is installed on the repository
Check that workflows are enabled (Actions tab)
Confirm ANTHROPIC_API_KEY is set in repository secrets
Ensure the comment contains @claude (not /claude)

CI not running on Claude’s commits:

Use a GitHub App token (not the default GITHUB_TOKEN) to trigger downstream workflows
Check workflow triggers include push events

Authentication errors with Bedrock/Vertex:

Verify OIDC provider configuration in your cloud account
Check IAM role trust policy references the correct repository
Confirm the service account has model access permissions

FAQ

Can Claude Code GitHub Actions access private dependencies?

Yes. Since it runs on GitHub-hosted runners with your repository checked out, it has access to anything your CI normally accesses. Configure additional secrets for private registries if needed.

What models are available?

Direct API: any Claude model (Opus 4.7, Sonnet 4.6, Haiku 4.5). Bedrock: region-prefixed model IDs. Vertex: version-suffixed model IDs. Default is Sonnet for cost efficiency.

Can I use MCP servers in GitHub Actions?

Yes. Pass --mcp-config /path/to/config.json via claude_args. The MCP config file should be committed to your repository or generated during the workflow.

Is there a rate limit?

The action itself has no rate limit. You’re bounded by your API token budget and GitHub Actions minute allowance. Use concurrency groups to prevent parallel runs if needed.

Can Claude push directly to protected branches?

No. Claude creates PRs rather than pushing directly. Branch protection rules are respected. A human must approve and merge.

How does it compare to GitHub Copilot’s PR features?

Claude Code GitHub Actions runs full Claude Code (with file editing, bash execution, and multi-turn reasoning) inside your CI. Copilot’s PR features are limited to suggestions and summaries. Claude can implement entire features, run tests, and iterate on feedback.

Can I customize the trigger phrase?

Yes. Set trigger_phrase in the action configuration. For example, trigger_phrase: "@ai" would respond to @ai instead of @claude.