Claude Code & MCP MasterclassModule 5

5.2CI/CD Integration — GitHub Actions with Claude Code

30 min 3 code blocks Practice Lab Quiz (4Q)

CI/CD Integration — GitHub Actions with Claude Code

Continuous Integration and Continuous Deployment (CI/CD) is what separates a "project" from a "product." Without CI/CD, deploying a change means: SSH into your server, run git pull, restart the service, pray. With GitHub Actions + Claude Code, you can automate code review, run tests, and deploy to production with every git push — while Claude acts as an AI reviewer that catches bugs before they reach your users. For Pakistani freelancers managing client projects on shared servers, this workflow transforms you from a developer who manually handles deployments to one who runs production-grade infrastructure.

Section 1: GitHub Actions Fundamentals for Claude Code Projects

A GitHub Action is a workflow defined in .github/workflows/your-workflow.yml that runs automatically on git events (push, pull request, schedule). The anatomy:

yaml
name: CI Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python 3.12
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Install dependencies
        run: |
          pip install -r requirements.txt
          pip install pytest pytest-cov

      - name: Run tests
        run: pytest tests/ -v --cov=app --cov-report=xml

      - name: Upload coverage
        uses: codecov/codecov-action@v4

This runs on every push to main or develop. If tests fail, the push is flagged and you get an email — before the code reaches your production server.

Section 2: AI Code Review with Claude in GitHub Actions

You can run Claude Code as an automated reviewer in your CI pipeline. When a pull request is opened, Claude reads the diff and posts a review comment automatically:

yaml
name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  claude-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get PR diff
        id: diff
        run: |
          git diff origin/main...HEAD > pr_diff.txt
          echo "diff_size=$(wc -c < pr_diff.txt)" >> $GITHUB_OUTPUT

      - name: Claude AI Review
        if: steps.diff.outputs.diff_size < 50000
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          pip install anthropic
          python - <<'EOF'
          import anthropic
          import os

          with open("pr_diff.txt") as f:
              diff = f.read()

          client = anthropic.Anthropic()
          message = client.messages.create(
              model="claude-sonnet-4-6",
              max_tokens=2000,
              messages=[{
                  "role": "user",
                  "content": f"""Review this code diff for a Pakistani business application.
          Check for:
          1. Security issues (hardcoded secrets, SQL injection, path traversal)
          2. Logic bugs that could affect Pakistani payment flows (JazzCash, EasyPaisa)
          3. Missing error handling
          4. Performance issues
          5. Any breaking changes to existing API contracts

          Diff:
          {diff[:10000]}

          Respond with: APPROVED, NEEDS_CHANGES, or CRITICAL_ISSUES, followed by specific line-by-line feedback."""
              }]
          )
          print(message.content[0].text)
          EOF

      - name: Post Review Comment
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            // Post the Claude review as a PR comment
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: '## AI Code Review\n' + process.env.REVIEW_OUTPUT
            });

Section 3: Automated Deployment Pipeline

After CI passes, deploy automatically to your VPS:

yaml
name: Deploy to Production

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    needs: test  # Only deploy if tests pass

    steps:
      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.VPS_HOST }}          # Your Contabo/DigitalOcean IP
          username: ${{ secrets.VPS_USER }}
          key: ${{ secrets.VPS_SSH_KEY }}
          script: |
            cd /opt/myapp
            git pull origin main
            pip install -r requirements.txt
            # Zero-downtime restart with systemd
            sudo systemctl reload myapp
            # Health check — fail the deployment if app doesn't respond
            sleep 3
            curl -f http://localhost:8000/health || (echo "HEALTH CHECK FAILED" && exit 1)

Setting up Secrets: In your GitHub repository → Settings → Secrets and Variables → Actions, add:

  • ANTHROPIC_API_KEY — your Claude API key
  • VPS_HOST — your server IP (e.g., your Contabo VPS)
  • VPS_USER — typically root or ubuntu
  • VPS_SSH_KEY — your private SSH key (never share this)

Never hardcode these in your YAML — GitHub Actions secrets are encrypted and never appear in logs.

Practice Lab

Practice Lab

Exercise 1: Create a .github/workflows/ci.yml file in any Python project. Add just the test and lint steps (no deployment yet). Push a commit and watch the Actions tab in your GitHub repository. Fix any failures until you see a green checkmark. This first green CI run is a meaningful milestone.

Exercise 2: Add the ANTHROPIC_API_KEY secret to your GitHub repository settings. Modify the CI workflow to include the Claude code review step on pull requests. Create a test branch, make a small change, and open a pull request. Verify that Claude posts a review comment automatically.

Exercise 3: Write a deployment script for your project that includes a health check. The script should: pull the latest code, install dependencies, restart the service, wait 5 seconds, then hit a /health endpoint and exit with code 1 if it fails. A failed health check rolls back the deployment alert. This is the safety net that prevents bad deployments from staying up silently.

Key Takeaways

  • CI/CD transforms you from a developer who manually deploys to one who runs production-grade infrastructure — clients who understand this pay significantly higher rates
  • The needs: test directive in the deploy job is critical — it ensures deployment only happens if tests pass, preventing broken code from reaching production
  • GitHub Secrets are the correct way to store API keys in CI/CD — never hardcode credentials in YAML files since repository history is permanent and public repositories expose everything
  • The health check at the end of deployment is the difference between professional and amateur DevOps — it automatically detects failed deployments within seconds rather than waiting for user complaints

Lesson Summary

Includes hands-on practice lab3 runnable code examples4-question knowledge check below

Quiz: CI/CD Integration — GitHub Actions with Claude Code

4 questions to test your understanding. Score 60% or higher to pass.

Previous
5.1CLAUDE.md Best Practices — Project Memory & Conventions
Next
5.3Capstone: Build & Deploy a Full-Stack App with Claude Code