Skip to content

Docker: run as non-root user #370

Docker: run as non-root user

Docker: run as non-root user #370

name: Claude Code Review
# Stage 1 (unprivileged): runs on every PR, including forks. Fork PRs get a
# read-only token and no secrets, so the review itself cannot run here. This
# job only records the PR number; the privileged "Claude Code Review (run)"
# workflow picks it up via workflow_run and performs the actual review.
on:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
concurrency:
group: claude-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
prepare:
# Skip draft PRs
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Save PR number
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: echo "$PR_NUMBER" > pr-number.txt
- name: Upload PR number
uses: actions/upload-artifact@v4
with:
name: pr-number
path: pr-number.txt
retention-days: 1