Advanced GitHub Actions Patterns with Claude Code

Enterprise-grade patterns and advanced techniques for maximizing Claude Code’s capabilities in GitHub Actions.

🎯 Enterprise Patterns

1. Multi-Repository Orchestration

Coordinated Updates Across Repositories

name: Coordinate Multi-Repo Updates
 
on:
  workflow_dispatch:
    inputs:
      update_type:
        description: 'Type of update'
        required: true
        type: choice
        options:
          - dependency
          - security
          - api-breaking-change
      
jobs:
  orchestrate:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        repository:
          - { name: 'api-service', branch: 'main' }
          - { name: 'web-app', branch: 'develop' }
          - { name: 'mobile-app', branch: 'main' }
          - { name: 'shared-lib', branch: 'main' }
    
    steps:
      - name: Generate GitHub App Token
        id: app-token
        uses: tibdex/github-app-token@v1
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PRIVATE_KEY }}
      
      - uses: actions/checkout@v4
        with:
          repository: ${{ github.repository_owner }}/${{ matrix.repository.name }}
          token: ${{ steps.app-token.outputs.token }}
          ref: ${{ matrix.repository.branch }}
      
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          github_token: ${{ steps.app-token.outputs.token }}
          direct_prompt: |
            Coordinate ${{ github.event.inputs.update_type }} update:
            
            Repository: ${{ matrix.repository.name }}
            
            Tasks:
            1. Analyze impact of change
            2. Update dependencies/code as needed
            3. Ensure compatibility
            4. Run tests
            5. Create PR with standardized message
            6. Link to parent tracking issue
            
            Coordination rules:
            - shared-lib must be updated first
            - api-service before web/mobile apps
            - maintain backward compatibility

2. Advanced Security Patterns

Comprehensive Security Pipeline

name: Security Analysis Pipeline
 
on:
  pull_request:
    types: [opened, synchronize]
  schedule:
    - cron: '0 2 * * *'  # Daily security scan
 
jobs:
  security-scan:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
      pull-requests: write
      
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      
      - name: Run Security Tools
        run: |
          # Run multiple security scanners
          npm audit --json > npm-audit.json
          npx snyk test --json > snyk-results.json
          semgrep --config=auto --json > semgrep-results.json
          
      - name: Secret Scanning
        uses: trufflesecurity/trufflehog@main
        with:
          path: ./
          base: ${{ github.event.pull_request.base.sha }}
          head: ${{ github.event.pull_request.head.sha }}
      
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          claude_env: |
            SECURITY_LEVEL: high
            COMPLIANCE_MODE: SOC2
          direct_prompt: |
            Perform comprehensive security analysis:
            
            1. Analyze scanner results:
               - npm-audit.json
               - snyk-results.json
               - semgrep-results.json
            
            2. Cross-reference vulnerabilities:
               - Check if actively exploited
               - Assess actual risk in our context
               - Prioritize by severity and exploitability
            
            3. For each vulnerability:
               - Provide fix recommendation
               - Estimate effort
               - Suggest safe alternatives
               - Check if fix breaks functionality
            
            4. Security best practices review:
               - Authentication flows
               - Authorization checks
               - Input validation
               - Output encoding
               - Cryptography usage
            
            5. Generate:
               - Executive summary
               - Developer action items
               - SARIF report for GitHub Security tab
            
            Format: Group by severity (Critical/High/Medium/Low)

3. Intelligent Release Management

Automated Release Pipeline

name: Intelligent Release Management
 
on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:
    inputs:
      release_type:
        type: choice
        options: [patch, minor, major]
 
jobs:
  prepare-release:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.version.outputs.version }}
      changelog: ${{ steps.changelog.outputs.content }}
      
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      
      - name: Calculate Version
        id: version
        run: |
          if [[ "${{ github.event_name }}" == "push" ]]; then
            echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
          else
            # Calculate next version based on input
            current=$(git describe --tags --abbrev=0)
            # Version calculation logic here
            echo "version=$next_version" >> $GITHUB_OUTPUT
          fi
      
      - uses: anthropics/claude-code-action@beta
        id: changelog
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          direct_prompt: |
            Generate comprehensive release notes for version ${{ steps.version.outputs.version }}:
            
            1. Analyze commits since last release
            2. Categorize changes:
               - πŸš€ Features
               - πŸ› Bug Fixes
               - πŸ”§ Improvements
               - πŸ”’ Security
               - πŸ“š Documentation
               - ⚠️ Breaking Changes
            
            3. Generate:
               - User-facing changelog
               - Technical changelog
               - Migration guide (if breaking changes)
               - Acknowledgments section
            
            4. Check for:
               - Incomplete features
               - Known issues
               - Deprecation warnings
            
            Format: Markdown with proper sections and emoji
      
      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ steps.version.outputs.version }}
          body: ${{ steps.changelog.outputs.response }}
          draft: true
          prerelease: ${{ contains(steps.version.outputs.version, '-') }}
 
  deploy-staging:
    needs: prepare-release
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          direct_prompt: |
            Validate staging deployment readiness:
            
            1. Check deployment prerequisites
            2. Generate deployment plan
            3. Identify rollback procedures
            4. Create monitoring alerts
            5. Document deployment steps

4. Performance Optimization Workflows

Intelligent Performance Analysis

name: Performance Optimization Pipeline
 
on:
  pull_request:
    types: [opened, synchronize]
  workflow_dispatch:
 
jobs:
  performance-analysis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      
      - name: Setup Performance Environment
        run: |
          # Install performance tools
          npm install -g lighthouse chrome-launcher
          docker pull grafana/k6
      
      - name: Run Performance Tests
        run: |
          # Backend performance
          docker run -i grafana/k6 run - <performance/k6-script.js > k6-results.json
          
          # Frontend performance
          lighthouse https://preview-${{ github.event.pull_request.number }}.example.com \
            --output json \
            --output-path ./lighthouse-results.json
          
          # Bundle analysis
          npm run build:analyze > bundle-analysis.txt
      
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          claude_env: |
            PERF_BASELINE_BRANCH: main
            PERF_THRESHOLD_PERCENT: 5
          direct_prompt: |
            Analyze performance test results and provide optimization recommendations:
            
            1. Backend Performance (k6-results.json):
               - Response time analysis
               - Throughput metrics
               - Error rate patterns
               - Database query performance
               - API endpoint bottlenecks
            
            2. Frontend Performance (lighthouse-results.json):
               - Core Web Vitals (LCP, FID, CLS)
               - JavaScript execution time
               - Network waterfall analysis
               - Resource optimization opportunities
               - Third-party impact
            
            3. Bundle Analysis:
               - Identify large dependencies
               - Find duplicate packages
               - Suggest code splitting points
               - Tree shaking opportunities
               - Lazy loading candidates
            
            4. Provide:
               - Specific optimization recommendations
               - Implementation code examples
               - Expected performance gains
               - Priority order for fixes
               - Regression risks
            
            5. Generate:
               - Performance report card
               - Trend analysis vs baseline
               - Action items by priority

5. Advanced Testing Strategies

Intelligent Test Generation and Optimization

name: Smart Testing Pipeline
 
on:
  pull_request:
    types: [opened, synchronize]
 
jobs:
  test-optimization:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      
      - name: Analyze Code Changes
        id: changes
        run: |
          # Get changed files and their dependencies
          git diff --name-only ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} > changed-files.txt
          
          # Run dependency analysis
          npx madge --json src > dependency-graph.json
      
      - name: Collect Test Metrics
        run: |
          # Historical test data
          curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
            https://api.github.com/repos/${{ github.repository }}/actions/workflows/tests.yml/runs \
            > test-history.json
          
          # Current coverage
          npm run test:coverage -- --json > coverage.json
      
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          direct_prompt: |
            Optimize test suite based on code changes:
            
            1. Test Impact Analysis:
               - Map changed files to affected tests
               - Identify integration test requirements
               - Find uncovered code paths
               - Detect flaky test patterns
            
            2. Generate Missing Tests:
               - Unit tests for new functions
               - Edge case coverage
               - Error handling scenarios
               - Integration test gaps
            
            3. Test Optimization:
               - Identify redundant tests
               - Suggest test consolidation
               - Recommend parallel execution groups
               - Propose test data factories
            
            4. Smart Test Selection:
               - Create focused test suite for PR
               - Risk-based test prioritization
               - Estimate execution time
               - Confidence level assessment
            
            5. Output:
               - New test files
               - Updated test commands
               - CI configuration optimizations
               - Test maintenance recommendations

6. Deployment Strategies

Blue-Green Deployment Orchestration

name: Blue-Green Deployment
 
on:
  workflow_dispatch:
    inputs:
      environment:
        type: choice
        options: [staging, production]
      strategy:
        type: choice
        options: [blue-green, canary, rolling]
 
jobs:
  deployment-orchestration:
    runs-on: ubuntu-latest
    environment: ${{ github.event.inputs.environment }}
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Deployment Pre-checks
        id: prechecks
        run: |
          # Check system health
          curl https://api.${{ github.event.inputs.environment }}.example.com/health > health-check.json
          
          # Get current deployment info
          kubectl get deployments -n ${{ github.event.inputs.environment }} -o json > current-deploy.json
          
          # Database migration status
          ./scripts/check-migrations.sh > migration-status.txt
      
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          claude_env: |
            DEPLOY_ENV: ${{ github.event.inputs.environment }}
            DEPLOY_STRATEGY: ${{ github.event.inputs.strategy }}
            ROLLBACK_ENABLED: true
          direct_prompt: |
            Orchestrate ${{ github.event.inputs.strategy }} deployment:
            
            1. Pre-deployment Validation:
               - Analyze health check results
               - Verify resource availability
               - Check dependency services
               - Validate configuration
               - Assess risk level
            
            2. Generate Deployment Plan:
               - Step-by-step execution plan
               - Resource allocation strategy
               - Traffic switching approach
               - Monitoring setup
               - Rollback triggers
            
            3. Database Considerations:
               - Migration requirements
               - Backward compatibility
               - Data integrity checks
               - Backup verification
            
            4. Create Scripts:
               - Deployment automation
               - Health check loops
               - Traffic management
               - Rollback procedures
               - Monitoring alerts
            
            5. Documentation:
               - Runbook for operators
               - Troubleshooting guide
               - Rollback procedures
               - Success criteria

πŸ”§ Optimization Techniques

1. Workflow Performance

Parallel Execution Strategy

name: Optimized CI Pipeline
 
on: [push, pull_request]
 
jobs:
  # Fast feedback job
  quick-checks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: |
          npm run lint
          npm run type-check
  
  # Parallel test execution
  test-matrix:
    needs: quick-checks
    strategy:
      matrix:
        shard: [1, 2, 3, 4]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm test -- --shard=${{ matrix.shard }}/4
  
  # Claude analysis only after tests
  claude-review:
    needs: test-matrix
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    steps:
      - uses: anthropics/claude-code-action@beta
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

2. Caching Strategies

Intelligent Cache Management

- name: Cache with fallback
  uses: actions/cache@v3
  with:
    path: |
      ~/.npm
      ~/.cache
      node_modules
    key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
    restore-keys: |
      ${{ runner.os }}-node-
      ${{ runner.os }}-
 
- name: Claude Context Cache
  uses: actions/cache@v3
  with:
    path: .claude-context
    key: claude-${{ github.sha }}
    restore-keys: |
      claude-${{ github.event.pull_request.head.sha }}
      claude-main

3. Resource Management

Dynamic Resource Allocation

jobs:
  dynamic-runner:
    runs-on: ${{ matrix.size }}
    strategy:
      matrix:
        include:
          - task: lint
            size: ubuntu-latest
          - task: test
            size: ubuntu-latest-4-cores
          - task: build
            size: ubuntu-latest-8-cores
          - task: claude-analysis
            size: ubuntu-latest-2-cores

πŸ” Security Hardening

Environment Isolation

- uses: anthropics/claude-code-action@beta
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    claude_env: |
      # Sandboxed environment
      SANDBOX_MODE: true
      NETWORK_ACCESS: restricted
      FILE_SYSTEM_ACCESS: read-only
      ALLOWED_COMMANDS: "npm,git,echo"
      MAX_EXECUTION_TIME: 300

Audit Logging

- name: Audit Claude Actions
  if: always()
  run: |
    echo "Claude execution completed" >> audit.log
    echo "Time: $(date -u)" >> audit.log
    echo "Actor: ${{ github.actor }}" >> audit.log
    echo "Event: ${{ github.event_name }}" >> audit.log
    
    # Send to logging service
    curl -X POST https://logs.example.com/webhook \
      -H "Authorization: Bearer ${{ secrets.LOG_TOKEN }}" \
      -d @audit.log

πŸ”— Resources

πŸ—ΊοΈ Navigation

← Examples | GitHub Actions Guide | Troubleshooting β†’