MCP server configuration for GitHub Actions including tool permissions, environment variables, and multi-server setups. Use when configuring MCP servers in GitHub Actions workflows.
/plugin marketplace add laurigates/claude-plugins/plugin install github-actions-plugin@lgates-claude-pluginsThis skill is limited to using the following tools:
Expert knowledge for configuring MCP (Model Context Protocol) servers in GitHub Actions workflows, including tool permissions and multi-server coordination.
MCP Server Configuration
Tool Access Control
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '{"mcpServers":{"github":{"command":"node","args":["/path/to/server.js"]}}}'
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '{
"mcpServers": {
"github": {
"command": "node",
"args": ["./github-mcp/dist/index.js"],
"env": {"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}"}
},
"postgres": {
"command": "uvx",
"args": ["mcp-server-postgres", "--connection-string", "${{ secrets.DB_URL }}"]
}
}
}'
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '{
"mcpServers": {
"data-processor": {
"command": "uvx",
"args": ["--from", "my-mcp-package", "run-server"],
"env": {
"API_KEY": "${{ secrets.API_KEY }}"
}
}
}
}'
claude_args: |
--allowedTools 'Bash(npm:*)' 'Bash(pytest:*)' 'Bash(cargo:*)'
permissions:
actions: read # Required for CI/CD tools
claude_args: |
--allowedTools 'Bash(gh run:*)' 'Bash(gh workflow:*)'
claude_args: |
--allowedTools 'Bash(npm test:*)' 'Bash(npm run lint:*)' 'Bash(pre-commit:*)'
claude_args: |
--allowedTools 'Bash(make:*)' 'Bash(docker build:*)'
--disallowedTools 'Bash(docker push:*)' 'Bash(rm -rf:*)'
claude_args: |
--allowedTools 'Bash(docker build:*)'
--disallowedTools 'Bash(docker push:*)' 'Bash(rm -rf:*)' 'Bash(curl:*)' 'Bash(wget:*)'
Read, Write, Edit, Glob, Grep - File operationsmcp__github - GitHub operations| Pattern | Purpose | Example |
|---|---|---|
'Bash(npm:*)' | All npm commands | npm test, npm run build |
'Bash(pytest:*)' | Python testing | pytest, pytest --cov |
'Bash(cargo:*)' | Rust commands | cargo test, cargo build |
'Bash(go test:*)' | Go testing | go test ./... |
'Bash(git:*)' | All git commands | git status, git commit |
'Bash(pre-commit:*)' | Pre-commit hooks | pre-commit run --all-files |
'Bash(actionlint:*)' | Action linting | actionlint .github/workflows/ |
'Bash(gh:*)' | GitHub CLI | gh pr create, gh issue list |
| Pattern | Purpose | Use Case |
|---|---|---|
'Bash(make:*)' | Make commands | Build automation |
'Bash(docker build:*)' | Docker build only | Container creation |
'Bash(kubectl:*)' | Kubernetes CLI | K8s operations |
'Bash(terraform:*)' | Infrastructure as Code | Terraform operations |
Configuration
Error Handling
# Verify server availability
- run: node ./mcp-server/index.js --version
# Check environment variables
- run: env | grep API_KEY
# Test server locally
- run: |
cd mcp-server
npm install
npm test
Security
# development.yml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--max-turns 20
--allowedTools 'Bash(npm:*)' 'Bash(git:*)'
# production.yml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--max-turns 10
--allowedTools 'Bash(npm test:*)' 'Bash(npm run lint:*)'
--disallowedTools 'Bash(npm publish:*)'
# .github/workflows/claude-template.yml
name: Claude Code Template
on:
workflow_call:
secrets:
ANTHROPIC_API_KEY:
required: true
MCP_SECRETS:
required: false
jobs:
claude:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
steps:
- uses: actions/checkout@v5
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '${{ secrets.MCP_SECRETS }}'
# Verify server availability
node ./mcp-server/index.js --version
# Check environment variables
env | grep API_KEY
# Test server locally
cd mcp-server && npm install && npm test
# Enable specific tools
claude_args: |
--allowedTools 'Bash(npm:*)' 'Bash(git:*)'
# Check tool syntax
# Correct: 'Bash(npm:*)'
# Wrong: 'Bash(npm *)'
# Verify additional_permissions
additional_permissions:
actions: read
# Validate workflow syntax
actionlint .github/workflows/claude.yml
# Test locally (with act)
act -j claude
# Check workflow logs
gh run list --workflow=claude.yml
| Option | Purpose | Example |
|---|---|---|
--mcp-config | Configure MCP servers | --mcp-config '{...}' |
--allowedTools | Permit specific tools | 'Bash(npm:*)' |
--disallowedTools | Block specific tools | 'Bash(rm -rf:*)' |
--max-turns | Limit conversation length | --max-turns 10 |
| Secret | Purpose | Format |
|---|---|---|
ANTHROPIC_API_KEY | Claude API access | sk-ant-api03-... |
GITHUB_TOKEN | GitHub operations | Auto-provided by Actions |
DB_URL | Database connection | Custom format |
API_KEY | Custom MCP server auth | Service-specific |
For authentication methods and security best practices, see the github-actions-auth-security skill. For workflow design patterns, see the claude-code-github-workflows skill.
This skill should be used when the user asks about libraries, frameworks, API references, or needs code examples. Activates for setup questions, code generation involving libraries, or mentions of specific frameworks like React, Vue, Next.js, Prisma, Supabase, etc.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.