Add pydata.it domain zone to global infrastructure #28
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code Review | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| jobs: | |
| code-review: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Find existing Claude bot comment | |
| id: find-comment | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Get the ID of the first claude[bot] comment on this PR (if any) | |
| REPO="${{ github.repository }}" | |
| PR_NUMBER="${{ github.event.pull_request.number }}" | |
| COMMENT_ID=$(gh api "repos/$REPO/issues/$PR_NUMBER/comments" --jq '[.[] | select(.user.login == "claude[bot]")] | first | .id // empty') | |
| if [ -n "$COMMENT_ID" ]; then | |
| echo "Found existing comment: $COMMENT_ID" | |
| echo "comment_id=$COMMENT_ID" >> $GITHUB_OUTPUT | |
| else | |
| echo "No existing comment found" | |
| echo "comment_id=" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Review code | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_OAUTH_TOKEN }} | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ github.event.pull_request.number }} | |
| EXISTING_COMMENT_ID: ${{ steps.find-comment.outputs.comment_id }} | |
| Review this pull request and provide feedback. | |
| If EXISTING_COMMENT_ID is set, update that comment using: | |
| gh api repos/${{ github.repository }}/issues/comments/${{ steps.find-comment.outputs.comment_id }} -X PATCH -f body="<your review>" | |
| Otherwise, create a new comment using: | |
| gh pr comment ${{ github.event.pull_request.number }} --body "<your review>" | |
| IMPORTANT GUIDELINES: | |
| - Be direct and concise. Only mention issues that need attention. | |
| - Start with a brief 1-2 sentence summary of the changes for other reviewers. | |
| - Do NOT compliment the author or praise the code. | |
| - If there are no significant issues, just say "No issues found." and nothing else. | |
| - Focus only on actionable feedback. | |
| Evaluate the following areas (only mention if there are issues): | |
| ### Architecture & Design | |
| - Separation of concerns: Does the code properly separate layers (views, services, models, serializers)? Watch for business logic leaking into views or serializers. | |
| - Single responsibility: Do classes and functions have one clear purpose, or are they doing too much? | |
| - Code patterns: Are there opportunities to use established patterns (e.g., service objects, query objects, mixins) that would improve readability? | |
| - Dependencies: Does the code introduce tight coupling between modules that should be independent? | |
| - Abstraction level: Is code at the right level of abstraction? Avoid both over-engineering and under-abstraction. | |
| ### Testing & Coverage | |
| - Critical path coverage: Are the main success and failure paths tested? | |
| - Edge cases: Are boundary conditions and error scenarios covered? | |
| - Multi-tenant security: Every query involving user data MUST be scoped to the current tenant/business. Look for: | |
| - Missing `.filter(business=...)` or similar tenant scoping | |
| - Direct object lookups without ownership verification (e.g., `Model.objects.get(id=id)` without checking the user has access) | |
| - Bulk operations that could affect other tenants' data | |
| - Test isolation: Are they independent of execution order? | |
| - Mocking boundaries: Are external services and I/O properly mocked? | |
| ### Error Handling | |
| - Explicit error handling: Are exceptions caught and handled appropriately, or do they bubble up unexpectedly? | |
| - User-facing errors: Do error messages make sense to users without leaking internal details? | |
| - Transactional integrity: Are database operations wrapped in transactions where needed to prevent partial updates? | |
| - Graceful degradation: Does the code fail gracefully when external services are unavailable? | |
| ### Performance | |
| - N+1 queries: Look for loops that trigger database queries. Use `select_related()` and `prefetch_related()`. | |
| - Missing indexes: Will new query patterns require database indexes? | |
| - Pagination: Are list endpoints paginated to prevent loading unbounded data? | |
| - Caching opportunities: Could frequently-accessed, rarely-changed data benefit from caching? | |
| - Bulk operations: Are there loops doing individual saves that could use `bulk_create()` or `bulk_update()`? | |
| Use the repository's CLAUDE.md for guidance on style and conventions. | |
| claude_args: '--allowed-tools "Bash(gh api:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' |