Claude Code 的非交互模式(claude -p)让 AI 变成 CI/CD 流水线中的一个步骤,
实现自动代码审查、失败诊断、安全扫描等自动化能力。
核心:非交互模式
bash
# -p / --print:非交互,直接输出结果,适合在脚本和 CI 中使用
claude -p "审查这段代码有没有安全漏洞" < code.py
# 配合 --output-format json 解析结果
claude -p "分析..." --output-format json | jq .result
# 通过环境变量传入 API Key
ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} claude -p "..."GitHub Actions:PR 自动代码审查
yaml
# .github/workflows/ai-code-review.yml
name: AI Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Claude Code
run: npm install -g @anthropic-ai/claude-code
- name: Get PR diff
id: diff
run: |
git diff origin/${{ github.base_ref }}...HEAD > pr_diff.txt
echo "diff_size=$(wc -c < pr_diff.txt)" >> $GITHUB_OUTPUT
- name: AI Code Review
if: steps.diff.outputs.diff_size > 0
id: review
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
REVIEW=$(claude -p "
请审查以下代码变更(Git diff 格式),输出 Markdown 格式的审查报告:
审查重点:
1. 潜在 Bug 和逻辑错误
2. 安全漏洞(SQL注入/XSS/权限绕过等)
3. 性能问题(N+1/内存泄漏/不必要的循环)
4. 代码规范和可读性
5. 是否需要补充测试
输出格式:
- 总体评价(1-2句话)
- 问题列表(按严重程度:Critical/Major/Minor)
- 如无问题,输出「✅ 代码审查通过,未发现明显问题」
" < pr_diff.txt)
echo "review<<EOF" >> $GITHUB_OUTPUT
echo "$REVIEW" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Post Review Comment
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## 🤖 AI Code Review
${{ steps.review.outputs.review }}`
})构建失败 AI 诊断
yaml
# .github/workflows/build-with-ai-diagnosis.yml
name: Build & Test with AI Diagnosis
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: "20" }
- name: Install & Build
id: build
run: |
npm ci
npm run build 2>&1 | tee build_output.txt
echo "exit_code=${PIPESTATUS[1]}" >> $GITHUB_OUTPUT
continue-on-error: true
- name: AI Diagnosis on Failure
if: steps.build.outputs.exit_code != '0'
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
DIAGNOSIS=$(claude -p "
以下是 CI 构建失败的输出。请分析:
1. 失败的根本原因
2. 具体是哪个文件/哪行代码出问题
3. 修复建议(具体的代码修改方向)
" < build_output.txt)
echo "## 🔍 AI 构建失败诊断" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "$DIAGNOSIS" >> $GITHUB_STEP_SUMMARY
- name: Fail if build failed
if: steps.build.outputs.exit_code != '0'
run: exit 1自动测试生成
yaml
# 在 PR 中自动为新函数生成测试
- name: Generate Tests for New Functions
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
# 找出新增的函数
git diff origin/main...HEAD --unified=0 | grep "^+" | grep -E "^\+.*(function|def |async fn)" | head -20 > new_functions.txt
if [ -s new_functions.txt ]; then
claude -p "
以下是新增的函数,请为每个函数生成对应的单元测试:
- 使用项目现有测试框架(Jest/Vitest)
- 覆盖正常情况、边界条件、异常情况
- 测试代码可以直接运行
" < new_functions.txt >> $GITHUB_STEP_SUMMARY
fiAPI Key 安全配置
yaml
# 1. 在 GitHub 仓库设置中添加 Secret
# Settings → Secrets and variables → Actions → New secret
# 名称:ANTHROPIC_API_KEY
# 2. 在 workflow 中引用(不会在日志中暴露)
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
# 3. 限制 Secret 只对特定环境可用(生产环境)
environment: production # 只有 production 环境的 workflow 才能访问成本控制策略
yaml
# 根据任务选择不同模型,控制成本
- name: Quick Syntax Check (Haiku - 最便宜)
run: claude -p "检查语法错误" --model claude-haiku-4-5 < code.py
- name: Full Code Review (Sonnet - 均衡)
run: claude -p "完整代码审查" --model claude-sonnet-4-6 < pr_diff.txt
- name: Security Audit (Opus - 最强)
if: github.ref == 'refs/heads/main' # 只在合并到 main 时用 Opus
run: claude -p "深度安全审计" --model claude-opus-4-6 < security_scope.py来源:Claude Code 官方文档 - docs.anthropic.com/en/docs/claude-code