/configure:reusable-workflows
Install Claude-powered reusable GitHub Actions workflows from claude-plugins into a project.
When to Use This Skill
Use this skill when... Use another approach when...
Adding Claude-powered reusable workflows for security, quality, or accessibility Setting up standard CI/CD workflows (use /configure:workflows )
Installing pre-built workflow callers from claude-plugins Writing custom GitHub Actions workflows from scratch
Automating OWASP, secret scanning, or code smell detection via CI Configuring local security scanning tools (use /configure:security )
Adding WCAG accessibility checks to pull request pipelines Running one-off accessibility audits manually
Bootstrapping a full suite of Claude-powered CI checks across categories Only need to check existing workflow compliance
Context
-
Workflows dir: !find . -maxdepth 1 -type d -name '.github/workflows'
-
Existing callers: !find .github/workflows -maxdepth 1 -name 'claude-*'
-
Package files: !find . -maxdepth 1 ( -name 'package.json' -o -name 'pyproject.toml' -o -name 'Cargo.toml' -o -name 'go.mod' ) -print -quit
-
TypeScript files: !find . -maxdepth 2 ( -name '.ts' -o -name '.tsx' ) -print -quit
-
Component files: !find . -maxdepth 3 ( -name '.jsx' -o -name '.vue' -o -name '*.svelte' ) -print -quit
Parameters
Parse from command arguments:
-
--all : Install all workflows
-
--security : Install security workflows only
-
--quality : Install quality workflows only
-
--a11y : Install accessibility workflows only
-
--list : List available workflows without installing
Available Workflows
Security
Workflow Description File
secrets Detect leaked secrets and credentials reusable-security-secrets.yml
owasp OWASP Top 10 vulnerability scanning reusable-security-owasp.yml
deps Dependency vulnerability audit reusable-security-deps.yml
Quality
Workflow Description File
typescript TypeScript strictness analysis reusable-quality-typescript.yml
code-smell Code smell detection reusable-quality-code-smell.yml
async Async/await pattern issues reusable-quality-async.yml
Accessibility
Workflow Description File
wcag WCAG 2.1 compliance checking reusable-a11y-wcag.yml
aria ARIA pattern validation reusable-a11y-aria.yml
Execution
Execute this reusable workflow installation:
Step 1: Detect current state
-
Check for .github/workflows/ directory (create if missing)
-
List any existing Claude-powered workflow callers
-
Determine project type from files present
Step 2: Select workflows
If no flags provided, ask the user which categories to install:
Available workflow categories: [1] Security (secrets, owasp, deps) [2] Quality (typescript, code-smell, async) [3] Accessibility (wcag, aria) [4] All workflows
Which categories? (comma-separated, e.g., 1,2):
If --list is set, print the Available Workflows tables above and stop.
Step 3: Generate caller workflows
For each selected workflow, create a caller file in .github/workflows/ .
Naming convention: claude-<category>-<name>.yml
Example: claude-security-secrets.yml
Use the caller workflow template:
name: Claude <Category> - <Name>
on: pull_request: branches: [main] workflow_dispatch:
permissions: contents: read pull-requests: write id-token: write
jobs: check: uses: laurigates/.github/.github/workflows/reusable-<category>-<name>.yml@main with: # Default inputs - customize as needed max-turns: 5 secrets: inherit
For complete caller workflow files per category, see REFERENCE.md.
Step 4: Remind about secrets
After installation, print the required secret configuration:
Required secret: CLAUDE_CODE_OAUTH_TOKEN
To configure:
- Go to repository Settings > Secrets and variables > Actions
- Add secret: CLAUDE_CODE_OAUTH_TOKEN
- Value: Your Claude Code OAuth token
Get token from: https://console.anthropic.com/
Customization
After installation, users can customize:
Input Purpose Example
file-patterns
Files to scan 'src/**/*.ts'
max-turns
Claude analysis depth 3 (quick) to 10 (thorough)
fail-on-*
Block merges on findings true / false
wcag-level
Accessibility standard 'A' , 'AA' , 'AAA'
Post-Installation
-
Configure secret: Add CLAUDE_CODE_OAUTH_TOKEN to repository secrets
-
Customize patterns: Edit file-patterns to match project structure
-
Adjust triggers: Modify paths filters for relevant file types
-
Test manually: Use workflow_dispatch to test before PR triggers
Agentic Optimizations
Context Command
List available workflows /configure:reusable-workflows --list
Install all workflows at once /configure:reusable-workflows --all
Security workflows only /configure:reusable-workflows --security
Quality workflows only /configure:reusable-workflows --quality
Accessibility workflows only /configure:reusable-workflows --a11y
Check existing callers find .github/workflows -name 'claude-*' -type f
Flags
Flag Description
--all
Install all workflows
--security
Install security workflows only
--quality
Install quality workflows only
--a11y
Install accessibility workflows only
--list
List available workflows without installing
See Also
-
/configure:workflows
-
Standard CI/CD workflows (container, release-please)
-
/configure:security
-
Security tooling configuration
-
ci-workflows skill - Workflow patterns