name: Claude PR Assistant

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]

jobs:
  check-permissions:
    if: |
      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
    runs-on: ubuntu-latest
    outputs:
      allowed: ${{ steps.check.outputs.allowed }}
    steps:
      - name: Check if user is allowed
        id: check
        run: |
          # List of allowed users
          ALLOWED_USERS="mistercrunch,rusackas"

          # Get the commenter's username
          COMMENTER="${{ github.event.comment.user.login }}"

          echo "Checking permissions for user: $COMMENTER"

          # Check if user is in allowed list
          if [[ ",$ALLOWED_USERS," == *",$COMMENTER,"* ]]; then
            echo "allowed=true" >> $GITHUB_OUTPUT
            echo "✅ User $COMMENTER is allowed to use Claude"
          else
            echo "allowed=false" >> $GITHUB_OUTPUT
            echo "❌ User $COMMENTER is not allowed to use Claude"
          fi

  deny-access:
    needs: check-permissions
    if: needs.check-permissions.outputs.allowed == 'false'
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Comment access denied
        uses: actions/github-script@v8
        with:
          script: |
            const message = `👋 Hi @${{ github.event.comment.user.login || github.event.review.user.login || github.event.issue.user.login }}!

            Thanks for trying to use Claude Code, but currently only certain team members have access to this feature.

            If you believe you should have access, please contact a project maintainer.`;

            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: message
            });

  claude-code-action:
    needs: check-permissions
    if: needs.check-permissions.outputs.allowed == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      issues: write
      id-token: write
    steps:
    - name: Checkout repository
      uses: actions/checkout@v6
      with:
        fetch-depth: 1

    - name: Run Claude PR Action
      uses: anthropics/claude-code-action@beta
      with:
        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
        timeout_minutes: "60"