ClaudeCodeGitHubActions使用教程

admin 2026-07-04 04:36:21 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 本文档介绍如何通过AceDataCloud的代理服务在GitHubActions中集成ClaudeCode,无需Anthropic官方订阅。核心步骤包括申请APIToken、配置GitHubSecret、添加Workflow文件,并通过本地HTTP代理转换鉴权头,使ClaudeOpus4.8等模型能在Issue或PR中自动读代码、改代码和提PR。 综合评分: 73 文章分类: AI安全,安全工具,软文广告,解决方案,安全建设


cover_image

Claude Code GitHub Actions 使用教程

进击的Coder

2026年6月6日 19:09 上海

在小说阅读器读本章

去阅读

Claude Code GitHub Actions 是 Anthropic 官方推出的 GitHub Actions 集成方案。安装之后,只需要在 Issue、PR 或评论中 @claude,Claude 就会以 GitHub Bot 的身份在你的仓库里直接读代码、改代码、提 PR、跑 Review。

本文档介绍如何通过 Ace Data Cloud 的代理服务,把 Claude Code GitHub Actions 接到 claude-opus-4-8 等 Claude 模型上,无需 Anthropic 官方订阅。文中所有截图均来自我们公开的 demo 仓库 acedatacloud-dev/claude-code-action-demo,可以直接 fork 复现。

申请流程

要使用 Claude Code,首先可以到 Ace Data Cloud 控制台,或者识别下方二维码:

然后获取您的 API Token,留作备用。

如果你尚未登录或注册,会自动跳转到登录页面邀请您来注册和登录,登录注册之后会自动返回当前页面。

在首次申请时会有免费额度赠送,可以免费体验 Claude Code 服务。

配置 GitHub Secret

把刚才复制的 Token 添加到目标仓库的 Secret 中,命名为 ANTHROPIC_AUTH_TOKEN

  1. 进入仓库 Settings → Secrets and variables → Actions
  2. 点击 New repository secret
  3. Name 填 ANTHROPIC_AUTH_TOKENSecret 粘贴 Token 原文
  4. 点击 Add secret

Ace Data Cloud 网关使用 Authorization: Bearer <token> 鉴权,但 anthropics/claude-code-action 内部会通过 Anthropic SDK 把请求改写成 x-api-key。下面的 Workflow 里会启动一个 GitHub Runner 上的本地 HTTP 代理,把 x-api-key 翻译回 Authorization: Bearer

添加 Workflow 文件

在仓库中创建 .github/workflows/claude.yml完整内容如下(这就是我们 demo 仓库实际跑成功的版本):

name:&nbsp;ClaudeCode

on:
issue_comment:
&nbsp; &nbsp;&nbsp;types:[created]
pull_request_review_comment:
&nbsp; &nbsp;&nbsp;types:[created]
issues:
&nbsp; &nbsp;&nbsp;types:[opened,assigned]
pull_request_review:
&nbsp; &nbsp;&nbsp;types:[submitted]

jobs:
claude:
&nbsp; &nbsp;&nbsp;if:|
&nbsp; &nbsp; &nbsp; (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
&nbsp; &nbsp; &nbsp; (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
&nbsp; &nbsp; &nbsp; (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
&nbsp; &nbsp; &nbsp; (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
&nbsp; &nbsp;&nbsp;runs-on:ubuntu-latest
&nbsp; &nbsp;&nbsp;permissions:
&nbsp; &nbsp; &nbsp;&nbsp;contents:write
&nbsp; &nbsp; &nbsp;&nbsp;pull-requests:write
&nbsp; &nbsp; &nbsp;&nbsp;issues:write
&nbsp; &nbsp; &nbsp;&nbsp;id-token:write
&nbsp; &nbsp;&nbsp;env:
&nbsp; &nbsp; &nbsp;&nbsp;ANTHROPIC_BASE_URL:http://127.0.0.1:8788
&nbsp; &nbsp;&nbsp;steps:
&nbsp; &nbsp; &nbsp;&nbsp;-uses:actions/checkout@v4
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;with:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;fetch-depth:1

&nbsp; &nbsp; &nbsp;&nbsp;-name:StartAceDataCloudproxy(x-api-key→Bearer)
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;env:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;UPSTREAM:https://api.acedata.cloud
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;ACEDATA_TOKEN:${{secrets.ANTHROPIC_AUTH_TOKEN}}
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;run:|
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cat > /tmp/proxy.py <<'PY'
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; import http.server, socketserver, urllib.request, urllib.error, os
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; UPSTREAM = os.environ["UPSTREAM"].rstrip("/")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; TOKEN = os.environ["ACEDATA_TOKEN"]
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HOP = {"host", "content-length", "connection", "keep-alive",
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"proxy-authenticate", "proxy-authorization", "te",
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"trailers", "transfer-encoding", "upgrade"}

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;classH(http.server.BaseHTTPRequestHandler):
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;protocol_version="HTTP/1.1"

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;def_proxy(self,method):
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;body=self.rfile.read(int(self.headers.get("Content-Length")or0))\
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;ifmethodin("POST","PUT","PATCH")elseNone
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;req=urllib.request.Request(UPSTREAM+self.path,data=body,method=method)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;fork,vinself.headers.items():
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;ifk.lower()inHOPork.lower()in("authorization","x-api-key"):
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;continue
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;req.add_header(k,v)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;req.add_header("Authorization",f"Bearer{TOKEN}")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;try:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;resp=urllib.request.urlopen(req,timeout=600)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;data,code,headers=resp.read(),resp.status,resp.headers
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;except urllib.error.HTTPError as e:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;data,code,headers=e.read(),e.code,e.headers
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;self.send_response(code)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;fork,vinheaders.items():
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;ifk.lower()in HOP:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;continue
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;self.send_header(k,v)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;self.send_header("Content-Length",str(len(data)))
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;self.end_headers()
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;self.wfile.write(data)

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;defdo_GET(self):self._proxy("GET")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;defdo_POST(self):self._proxy("POST")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;defdo_PUT(self):self._proxy("PUT")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;defdo_DELETE(self):self._proxy("DELETE")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;deflog_message(self,*a,**k):pass

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;classT(socketserver.ThreadingMixIn,http.server.HTTPServer):
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;daemon_threads=True
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;allow_reuse_address=True

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;T(("127.0.0.1",8788),H).serve_forever()
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;PY
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;nohuppython3/tmp/proxy.py>/tmp/proxy.log2>&1&
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;foriin$(seq120);do
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;curl-sS-o/dev/nullhttp://127.0.0.1:8788/&&break
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;sleep0.3
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;done

&nbsp; &nbsp; &nbsp;&nbsp;-name:RunClaudeCodeviaAceDataCloud
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;uses:anthropics/claude-code-action@v1
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;with:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;anthropic_api_key:dummy-not-used
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;github_token:${{secrets.GITHUB_TOKEN}}
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;claude_args:|
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --model claude-opus-4-8
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;show_full_output:'true'

提交之后,在 GitHub Actions 的 Workflows 列表中就可以看到这个 Claude Code 工作流:

几个关键点

  • ANTHROPIC_BASE_URL: http://127.0.0.1:8788 把所有 Anthropic API 请求指向本地代理。
  • 代理脚本读取 Secret ANTHROPIC_AUTH_TOKEN,把上游请求里的 x-api-key 头丢弃,统一替换为 Authorization: Bearer <token> 再转发到 https://api.acedata.cloud
  • anthropic_api_key: dummy-not-used 必须填一个非空字符串,否则 claude-code-action 启动前的校验会直接失败。真正鉴权用的是 Secret 里的 ANTHROPIC_AUTH_TOKEN
  • --model claude-opus-4-8 指定使用 Claude Opus 4.8,可以替换为 Ace Data Cloud 支持的任意 Claude 模型,例如 claude-sonnet-4-5claude-haiku-4-5

触发 Claude

新建一个 Issue,正文里写 @claude 加你要它做的事。例如下图,标题 Smoke test&nbsp;#11&nbsp;(Opus 4.8),正文 @claude Reply with: OK.

大约 30 秒后,github-actions Bot 就会用 Claude Opus 4.8 的输出回复评论:

Claude finished @acedatacloud-dev’s task in 22s — View job

OK.

对应的 Workflow 运行结果是 Success,总耗时 51 秒:

工作原理

GitHub Issue / PR comment 含 @claude
&nbsp; └─→ GitHub Actions 触发 .github/workflows/claude.yml
&nbsp; &nbsp; &nbsp; &nbsp; ├─ Step 1: 启动本地代理 127.0.0.1:8788
&nbsp; &nbsp; &nbsp; &nbsp; └─ Step 2: anthropics/claude-code-action@v1
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; └─→ Claude Code CLI 把 ANTHROPIC_BASE_URL 当成 Anthropic API
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; └─→ 请求落到本地代理(自带 x-api-key=dummy-not-used)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; └─→ 代理替换为 Authorization: Bearer <ANTHROPIC_AUTH_TOKEN>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; └─→ 转发到 https://api.acedata.cloud
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; └─→ Claude Opus 4.8 实际推理
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; └─→ Claude 在仓库里读代码 / 写代码 / 评论 / 提 PR

整条链路上唯一关键的转换在本地代理这一步。Ace Data Cloud 网关只识别 Authorization: Bearer <token> 这一种鉴权头,但官方 claude-code-action 内部使用的是 Anthropic SDK,会强制以 x-api-key 头发起请求。中间这个不到 40 行的 Python HTTP 代理就是用来桥接两种鉴权约定的,全部跑在 GitHub Runner 内存里,Token 不出 Runner

切换模型

通过 claude_args 即可切换:

&nbsp; &nbsp; &nbsp;&nbsp;-&nbsp;name:RunClaudeCodeviaAceDataCloud
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;uses:anthropics/claude-code-action@v1
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;with:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;anthropic_api_key:dummy-not-used
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;github_token:${{secrets.GITHUB_TOKEN}}
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;claude_args:|
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --model claude-sonnet-4-5
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --max-turns 8
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;show_full_output:'true'

| 参数 | 说明 | | — | — | | --model | 模型名,常用 claude-opus-4-8claude-sonnet-4-5claude-haiku-4-5 | | --max-turns | 单次任务最多对话轮次,默认 10 | | --allowed-tools | 限制可用工具,逗号分隔 | | --mcp-config | 额外 MCP 配置文件路径 |

可用模型清单可在 Claude Messages 服务页面 查询。

常见问题

1. Workflow 启动失败,提示 Either anthropic_api_key or claude_code_oauth_token must be provided

claude-code-action@v1 启动前必须在 anthropic_api_keyclaude_code_oauth_token 或工作负载联合三者中至少给一个非空值。即使我们后面会用 Bearer Token 鉴权,也必须给 anthropic_api_key 一个占位字符串(示例里的 dummy-not-used)。

2. 代理返回 401,CLS 里看到 Authorization: Bearer -

通常是 Secret 设置出错。强烈避免用 gh secret set ANTHROPIC_AUTH_TOKEN --body - 这种从 stdin 读入的写法 —— 如果 stdin 没接好,Secret 真的会被设成字面量 -。推荐写法:

gh secret&nbsp;set&nbsp;ANTHROPIC_AUTH_TOKEN --repo <org>/<repo> --body&nbsp;'<your-real-token>'

设完后可以在 Workflow 里临时加一行 echo "len=${#ACEDATA_TOKEN}" 打印长度(不会泄露原值),验证 Secret 是否生效。

3. Claude 没有响应 @claude

  • 确认 if: 条件覆盖了触发事件,比如评论触发对应 issue_comment / pull_request_review_comment
  • 确认仓库里有 .github/workflows/claude.yml 且 Actions 没有被禁用。
  • 进入 Actions 选项卡,确认能看到对应的工作流 Run。
  • 检查代理 Step 是否成功启动,可参考 demo 仓库里 Proxy log (on failure) Step 的实现,把 /tmp/proxy.log 打出来定位问题。

4. 如何查看剩余额度

登录 Ace Data Cloud 控制台 即可查看当前账户的剩余额度。 控制台 – 使用历史 可以看到每一次调用的扣费明细。

了解更多

  • 🧪 acedatacloud-dev/claude-code-action-demo — 本文使用的、可直接 fork 复现的 demo 仓库
  • 📖 Claude Code GitHub Actions 官方文档
  • 🛠️ anthropics/claude-code-action — Action 源码
  • 🔧 Ace Data Cloud Claude Messages 服务

免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:进击的Coder 《Claude Code GitHub Actions 使用教程》

评论:0   参与:  0