ci(github-action): update action anthropics/claude-code-action ( c9d66af ➔ 661a6fe )#1634
Conversation
Branch automerge failureThis PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead. |
There was a problem hiding this comment.
anthropics/claude-code-action: c9d66af → 661a6fe (both v1)
Verdict: Safe to merge
Breaking changes: None.
Deprecations: None.
New features worth adopting:
- Workload Identity Federation (OIDC) — the action can now authenticate to the Claude API by exchanging the workflow's GitHub Actions OIDC token for a short-lived access token, eliminating the need for a static
ANTHROPIC_API_KEYsecret. This is purely opt-in; existing workflows using an API key are unaffected and take precedence. The new inputs areanthropic_federation_rule_id,anthropic_organization_id,anthropic_service_account_id,anthropic_workspace_id, andanthropic_oidc_audience. This repo already holdsid-token: writepermission, so adoption would require no workflow permission changes.
Sources consulted:
e129330 to
0e3e077
Compare
There was a problem hiding this comment.
anthropics/claude-code-action: c9d66af → 661a6fe
Verdict: Safe to merge
Analysis: This digest update corresponds to two commits in the action repository:
- Previous (
c9d66af): bumps Claude Code to 2.1.147 and Agent SDK to 0.3.147 - Current (
661a6fe): adds Workload Identity Federation (OIDC) authentication support — introduces optional inputs for federated OIDC tokens (anthropic_federation_rule_id,anthropic_organization_id,anthropic_service_account_id,anthropic_workspace_id,anthropic_oidc_audience) with audience defaulting tohttps://api.anthropic.com
All changes are additive. The new authentication mechanism is purely optional and does not alter the existing static API key flow that this workflow currently uses. No breaking changes or deprecations apply to current usage.
Impact on this repo: None. The workflow file (.github/workflows/renovate-review.yaml) uses ANTHROPIC_BASE_URL pointing to an internal endpoint; existing authentication and invocation patterns remain fully functional.
New features worth adopting: Workload Identity Federation — enables OIDC-based short-lived tokens instead of static API keys, improving security posture. Adoption is optional and can be pursued separately.
Sources consulted:
This PR contains the following updates:
c9d66af→661a6feConfiguration
📅 Schedule: (in timezone America/Chicago)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.