Skip to content

[pull] main from anthropics:main#98

Merged
pull[bot] merged 1 commit into
code:mainfrom
anthropics:main
May 26, 2026
Merged

[pull] main from anthropics:main#98
pull[bot] merged 1 commit into
code:mainfrom
anthropics:main

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented May 26, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@zenexer-ant
ci: migrate claude-code-action workflows to Workload Identity Federat…
3c30b02 
…ion (#662)

Replaces the static ANTHROPIC_API_KEY repo secret with Workload
Identity Federation across the 6 workflows that invoke
claude-code-action: the action exchanges this job's GitHub OIDC token
for a short-lived access token. The federation rule is bound to this
repository (repository_id-pinned).

- Adds permissions: id-token: write to all 6 (none had it).
- Pins claude-code-action to v1.0.132 — the WIF inputs landed in
  v1.0.130; @v1 is a moving tag.
- No anthropic_workspace_id — the rule targets the org's default
  workspace, so the input is optional.

The two notebook-execution steps (notebook-quality.yml, notebook-
tests.yml) that pass ANTHROPIC_API_KEY as an env var to nbconvert/
pytest are NOT migrated here — those need a separate inline OIDC
exchange (TODO comments added). Both gracefully degrade when the
secret is absent: notebook-tests has an explicit skip-guard, and
notebook-quality catches per-notebook failures.
@pull pull Bot locked and limited conversation to collaborators May 26, 2026
@pull pull Bot added the ⤵️ pull label May 26, 2026
@pull pull Bot merged commit 3c30b02 into code:main May 26, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zenexer-ant