Advanced GitHub Actions Patterns with Claude Code
Enterprise-grade patterns and advanced techniques for maximizing Claude Codeβs capabilities in GitHub Actions.
π― Enterprise Patterns
1. Multi-Repository Orchestration
Coordinated Updates Across Repositories
name: Coordinate Multi-Repo Updates
on:
workflow_dispatch:
inputs:
update_type:
description: 'Type of update'
required: true
type: choice
options:
- dependency
- security
- api-breaking-change
jobs:
orchestrate:
runs-on: ubuntu-latest
strategy:
matrix:
repository:
- { name: 'api-service', branch: 'main' }
- { name: 'web-app', branch: 'develop' }
- { name: 'mobile-app', branch: 'main' }
- { name: 'shared-lib', branch: 'main' }
steps:
- name: Generate GitHub App Token
id: app-token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/${{ matrix.repository.name }}
token: ${{ steps.app-token.outputs.token }}
ref: ${{ matrix.repository.branch }}
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
github_token: ${{ steps.app-token.outputs.token }}
direct_prompt: |
Coordinate ${{ github.event.inputs.update_type }} update:
Repository: ${{ matrix.repository.name }}
Tasks:
1. Analyze impact of change
2. Update dependencies/code as needed
3. Ensure compatibility
4. Run tests
5. Create PR with standardized message
6. Link to parent tracking issue
Coordination rules:
- shared-lib must be updated first
- api-service before web/mobile apps
- maintain backward compatibility2. Advanced Security Patterns
Comprehensive Security Pipeline
name: Security Analysis Pipeline
on:
pull_request:
types: [opened, synchronize]
schedule:
- cron: '0 2 * * *' # Daily security scan
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Security Tools
run: |
# Run multiple security scanners
npm audit --json > npm-audit.json
npx snyk test --json > snyk-results.json
semgrep --config=auto --json > semgrep-results.json
- name: Secret Scanning
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.pull_request.base.sha }}
head: ${{ github.event.pull_request.head.sha }}
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_env: |
SECURITY_LEVEL: high
COMPLIANCE_MODE: SOC2
direct_prompt: |
Perform comprehensive security analysis:
1. Analyze scanner results:
- npm-audit.json
- snyk-results.json
- semgrep-results.json
2. Cross-reference vulnerabilities:
- Check if actively exploited
- Assess actual risk in our context
- Prioritize by severity and exploitability
3. For each vulnerability:
- Provide fix recommendation
- Estimate effort
- Suggest safe alternatives
- Check if fix breaks functionality
4. Security best practices review:
- Authentication flows
- Authorization checks
- Input validation
- Output encoding
- Cryptography usage
5. Generate:
- Executive summary
- Developer action items
- SARIF report for GitHub Security tab
Format: Group by severity (Critical/High/Medium/Low)3. Intelligent Release Management
Automated Release Pipeline
name: Intelligent Release Management
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
release_type:
type: choice
options: [patch, minor, major]
jobs:
prepare-release:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
changelog: ${{ steps.changelog.outputs.content }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Calculate Version
id: version
run: |
if [[ "${{ github.event_name }}" == "push" ]]; then
echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
else
# Calculate next version based on input
current=$(git describe --tags --abbrev=0)
# Version calculation logic here
echo "version=$next_version" >> $GITHUB_OUTPUT
fi
- uses: anthropics/claude-code-action@beta
id: changelog
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
direct_prompt: |
Generate comprehensive release notes for version ${{ steps.version.outputs.version }}:
1. Analyze commits since last release
2. Categorize changes:
- π Features
- π Bug Fixes
- π§ Improvements
- π Security
- π Documentation
- β οΈ Breaking Changes
3. Generate:
- User-facing changelog
- Technical changelog
- Migration guide (if breaking changes)
- Acknowledgments section
4. Check for:
- Incomplete features
- Known issues
- Deprecation warnings
Format: Markdown with proper sections and emoji
- name: Create Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ steps.version.outputs.version }}
body: ${{ steps.changelog.outputs.response }}
draft: true
prerelease: ${{ contains(steps.version.outputs.version, '-') }}
deploy-staging:
needs: prepare-release
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
direct_prompt: |
Validate staging deployment readiness:
1. Check deployment prerequisites
2. Generate deployment plan
3. Identify rollback procedures
4. Create monitoring alerts
5. Document deployment steps4. Performance Optimization Workflows
Intelligent Performance Analysis
name: Performance Optimization Pipeline
on:
pull_request:
types: [opened, synchronize]
workflow_dispatch:
jobs:
performance-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Performance Environment
run: |
# Install performance tools
npm install -g lighthouse chrome-launcher
docker pull grafana/k6
- name: Run Performance Tests
run: |
# Backend performance
docker run -i grafana/k6 run - <performance/k6-script.js > k6-results.json
# Frontend performance
lighthouse https://preview-${{ github.event.pull_request.number }}.example.com \
--output json \
--output-path ./lighthouse-results.json
# Bundle analysis
npm run build:analyze > bundle-analysis.txt
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_env: |
PERF_BASELINE_BRANCH: main
PERF_THRESHOLD_PERCENT: 5
direct_prompt: |
Analyze performance test results and provide optimization recommendations:
1. Backend Performance (k6-results.json):
- Response time analysis
- Throughput metrics
- Error rate patterns
- Database query performance
- API endpoint bottlenecks
2. Frontend Performance (lighthouse-results.json):
- Core Web Vitals (LCP, FID, CLS)
- JavaScript execution time
- Network waterfall analysis
- Resource optimization opportunities
- Third-party impact
3. Bundle Analysis:
- Identify large dependencies
- Find duplicate packages
- Suggest code splitting points
- Tree shaking opportunities
- Lazy loading candidates
4. Provide:
- Specific optimization recommendations
- Implementation code examples
- Expected performance gains
- Priority order for fixes
- Regression risks
5. Generate:
- Performance report card
- Trend analysis vs baseline
- Action items by priority5. Advanced Testing Strategies
Intelligent Test Generation and Optimization
name: Smart Testing Pipeline
on:
pull_request:
types: [opened, synchronize]
jobs:
test-optimization:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Analyze Code Changes
id: changes
run: |
# Get changed files and their dependencies
git diff --name-only ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} > changed-files.txt
# Run dependency analysis
npx madge --json src > dependency-graph.json
- name: Collect Test Metrics
run: |
# Historical test data
curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/tests.yml/runs \
> test-history.json
# Current coverage
npm run test:coverage -- --json > coverage.json
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
direct_prompt: |
Optimize test suite based on code changes:
1. Test Impact Analysis:
- Map changed files to affected tests
- Identify integration test requirements
- Find uncovered code paths
- Detect flaky test patterns
2. Generate Missing Tests:
- Unit tests for new functions
- Edge case coverage
- Error handling scenarios
- Integration test gaps
3. Test Optimization:
- Identify redundant tests
- Suggest test consolidation
- Recommend parallel execution groups
- Propose test data factories
4. Smart Test Selection:
- Create focused test suite for PR
- Risk-based test prioritization
- Estimate execution time
- Confidence level assessment
5. Output:
- New test files
- Updated test commands
- CI configuration optimizations
- Test maintenance recommendations6. Deployment Strategies
Blue-Green Deployment Orchestration
name: Blue-Green Deployment
on:
workflow_dispatch:
inputs:
environment:
type: choice
options: [staging, production]
strategy:
type: choice
options: [blue-green, canary, rolling]
jobs:
deployment-orchestration:
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment }}
steps:
- uses: actions/checkout@v4
- name: Deployment Pre-checks
id: prechecks
run: |
# Check system health
curl https://api.${{ github.event.inputs.environment }}.example.com/health > health-check.json
# Get current deployment info
kubectl get deployments -n ${{ github.event.inputs.environment }} -o json > current-deploy.json
# Database migration status
./scripts/check-migrations.sh > migration-status.txt
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_env: |
DEPLOY_ENV: ${{ github.event.inputs.environment }}
DEPLOY_STRATEGY: ${{ github.event.inputs.strategy }}
ROLLBACK_ENABLED: true
direct_prompt: |
Orchestrate ${{ github.event.inputs.strategy }} deployment:
1. Pre-deployment Validation:
- Analyze health check results
- Verify resource availability
- Check dependency services
- Validate configuration
- Assess risk level
2. Generate Deployment Plan:
- Step-by-step execution plan
- Resource allocation strategy
- Traffic switching approach
- Monitoring setup
- Rollback triggers
3. Database Considerations:
- Migration requirements
- Backward compatibility
- Data integrity checks
- Backup verification
4. Create Scripts:
- Deployment automation
- Health check loops
- Traffic management
- Rollback procedures
- Monitoring alerts
5. Documentation:
- Runbook for operators
- Troubleshooting guide
- Rollback procedures
- Success criteriaπ§ Optimization Techniques
1. Workflow Performance
Parallel Execution Strategy
name: Optimized CI Pipeline
on: [push, pull_request]
jobs:
# Fast feedback job
quick-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: |
npm run lint
npm run type-check
# Parallel test execution
test-matrix:
needs: quick-checks
strategy:
matrix:
shard: [1, 2, 3, 4]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm test -- --shard=${{ matrix.shard }}/4
# Claude analysis only after tests
claude-review:
needs: test-matrix
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}2. Caching Strategies
Intelligent Cache Management
- name: Cache with fallback
uses: actions/cache@v3
with:
path: |
~/.npm
~/.cache
node_modules
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
${{ runner.os }}-
- name: Claude Context Cache
uses: actions/cache@v3
with:
path: .claude-context
key: claude-${{ github.sha }}
restore-keys: |
claude-${{ github.event.pull_request.head.sha }}
claude-main3. Resource Management
Dynamic Resource Allocation
jobs:
dynamic-runner:
runs-on: ${{ matrix.size }}
strategy:
matrix:
include:
- task: lint
size: ubuntu-latest
- task: test
size: ubuntu-latest-4-cores
- task: build
size: ubuntu-latest-8-cores
- task: claude-analysis
size: ubuntu-latest-2-coresπ Security Hardening
Environment Isolation
- uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_env: |
# Sandboxed environment
SANDBOX_MODE: true
NETWORK_ACCESS: restricted
FILE_SYSTEM_ACCESS: read-only
ALLOWED_COMMANDS: "npm,git,echo"
MAX_EXECUTION_TIME: 300Audit Logging
- name: Audit Claude Actions
if: always()
run: |
echo "Claude execution completed" >> audit.log
echo "Time: $(date -u)" >> audit.log
echo "Actor: ${{ github.actor }}" >> audit.log
echo "Event: ${{ github.event_name }}" >> audit.log
# Send to logging service
curl -X POST https://logs.example.com/webhook \
-H "Authorization: Bearer ${{ secrets.LOG_TOKEN }}" \
-d @audit.log