CI/CD with Agents: AI in the Pipeline
With claude -p and GitHub Actions, agents run automatically in your pipeline โ with no follow-up questions. That's why they need gates: tests decide, not the agent.
The building block: headless calls
A pipeline has no chat window. The entry point is therefore headless mode: claude -p "prompt" works through a task and exits. You can pipe data in (git diff main | claude -p "..."), and --output-format json returns a machine-readable result including cost โ good for scripts.
GitHub Actions
For GitHub there is an official action (claude-code-action): it responds to @claude mentions in issues and PRs, or runs automatically with a fixed prompt โ for example as a review on every new pull request. The API key must go into GitHub Secrets, never into the repository.
Gates: tests before trust
The most important rule: agent output is unreviewed code. It has to pass the same gates as human code โ tests, linters, the build โ before anything gets merged. In practice, that means the agent opens a pull request instead of pushing directly, and a human reviews before the merge.
The risks
First: no follow-up questions. Whatever the agent cannot decide gets aborted or decided wrongly. Second: secrets โ an agent in CI can access everything the runner sees, so keep permissions as narrow as possible. Third: cost โ without limits like --max-turns and workflow timeouts, runs can quietly get expensive.
EXAMPLE
# GitHub Actions step (shortened): - uses: anthropics/claude-code-action@v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} prompt: "Review this PR for bugs. Post findings as a comment." claude_args: "--max-turns 10"
QUICK QUIZ
Why does the rule 'tests before trust' apply to agent output in CI/CD?
SOURCES
- Claude Code docs: Run Claude Code programmatically (headless) โ code.claude.com
- Claude Code docs: GitHub Actions โ code.claude.com
- GitHub docs: Using secrets in GitHub Actions โ docs.github.com
- Claude Code docs: Code review โ code.claude.com