claude-code-action icon indicating copy to clipboard operation
claude-code-action copied to clipboard
Published 1 month ago verified publisher icon anthropics

Generated workflows missing id-token:write permission and trigger on bot's own comments

Open lamontadams opened this issue 4 months ago • 2 comments

Bug Report: Generated workflows missing required permissions and trigger on bot's own comments

Summary

The GitHub workflows generated by the Claude Code GitHub App installation (via /install-github-app slash command) are missing a critical permission and will trigger on the bot's own comments, causing duplicate workflow runs.

Issues Found

1. Missing id-token: write permission (CRITICAL)

Impact: Workflow fails immediately with OIDC token error

The generated workflows are missing the id-token: write permission required for OIDC authentication:

permissions:
  contents: write
  pull-requests: write
  issues: write
  actions: read
  # MISSING: id-token: write

Error:

Failed to get OIDC token: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
Could not fetch an OIDC token. Did you remember to add `id-token: write` to your workflow permissions?

Failed run: https://github.com/lamontadams/linkdrop/actions/runs/18543253501/job/52855657504

2. Bot triggers on its own comments

Impact: Multiple duplicate workflow runs (mitigated by concurrency rules if present)

The workflow triggers on any comment containing @claude, including the bot's own responses:

Current generated condition:

if: |
  (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude'))

What happens:

  1. User mentions @claude
  2. Bot responds with: **Claude encountered an error** —— [View job](...)
  3. Bot's response triggers workflow again (contains "Claude")
  4. Without concurrency rules: exponential explosion of workflow runs
  5. With concurrency rules: constant cancellations and re-runs

Example runs showing the pattern:

  • https://github.com/lamontadams/linkdrop/actions/runs/18547722795
  • https://github.com/lamontadams/linkdrop/actions/runs/18547726670

Root cause: No check to exclude the bot itself as the actor

Affected Workflows

Both workflows generated by the app installation have these issues:

  • .github/workflows/claude.yml
  • .github/workflows/claude-code-review.yml

Reproduction

  1. Install Claude Code GitHub App using /install-github-app slash command
  2. Try to use @claude mention in an issue
  3. Observe immediate OIDC token failure
  4. After manually fixing permissions, observe duplicate workflow runs triggered by bot's own comments

Expected Behavior

Generated workflows should:

  • ✅ Include all required permissions (including id-token: write)
  • ✅ Exclude the bot's own comments from triggering the workflow
  • ✅ Work out of the box without manual fixes

Workarounds Applied

We had to manually fix both issues:

Permission fix:

permissions:
  id-token: write  # ADD THIS

Self-trigger fix:

if: |
  github.actor != 'claude[bot]' && (
    # existing conditions...
  )

Fix PRs:

  • Permission fix: https://github.com/lamontadams/linkdrop/pull/39
  • Self-trigger fix: https://github.com/lamontadams/linkdrop/pull/40

Environment

  • GitHub Actions: ubuntu-latest
  • Claude Code Action: anthropics/claude-code-action@v1
  • Installation method: /install-github-app slash command in Claude Code CLI

Suggested Fix

Update the workflow templates that are generated by the installation process to include:

jobs:
  claude:
    # Prevent bot from triggering itself
    if: |
      github.actor != 'claude[bot]' && (
        (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
        (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
        # ... other conditions
      )
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      issues: write
      actions: read
      id-token: write  # ← REQUIRED for OIDC authentication

Notes

  • Concurrency rules (if added by users) help mitigate the self-trigger issue but don't solve it
  • The bot's error messages and normal responses often contain "Claude" in text/links
  • Without the actor check, even one bot response creates a cascade of workflow runs

lamontadams avatar Oct 16 '25 01:10 lamontadams

Hi all. I had Claude author the above bug report after it worked through a couple of fix ideas and I clearly didn't review it closely enough - it seems to have linked to some things in my private repo which naturally none of you will be able to see. Happy to provide dumps of workflow logs or PR diffs if any of that is helpful.

lamontadams avatar Oct 16 '25 02:10 lamontadams

What version of Claude Code are you on? The id-token parameter should be present, and we don't trigger on bot comments by default.

ashwin-ant avatar Oct 20 '25 18:10 ashwin-ant

I installed Claude Code 2.1.7 and used /install-github-app to add the workflows to my GitHub repositories. The claude generated permissions had 'read' for contents, pull-requests and issues

   permissions:
      contents: read
      pull-requests: read
      issues: read
      id-token: write
      actions: read # Required for Claude to read CI results on PRs

vinnyjames avatar Jan 15 '26 15:01 vinnyjames