Claude Code中英文系列教程17:将Claude Code集成在GitLab工作流里面

Learn about integrating Claude Code into your development workflow with GitLab CI/CD

了解如何将 Claude Code 集成到您的开发工作流中，使用 GitLab CI/CD

This integration is built on top of the Claude Code CLI and SDK, enabling programmatic use of Claude in your CI/CD jobs and custom automation workflows.

这项集成建立在 Claude Code CLI 和 SDK 之上，使您能够在 CI/CD 作业和自定义自动化工作流中程序化地使用 Claude。

一，Why use Claude Code with GitLab?

为什么要在 GitLab 中使用 Claude Code？

Instant MR creation: Describe what you need, and Claude proposes a complete MR with changes and explanation

即时创建 MR：描述您的需求，Claude 将提出一个包含变更和解释的完整 MR

Automated implementation: Turn issues into working code with a single command or mention

自动化实现：通过单个命令或提及将问题转化为可运行的代码

Project-aware: Claude follows your CLAUDE.md guidelines and existing code patterns

项目感知：Claude 遵循您的 CLAUDE.md 指南和现有代码模式

Simple setup: Add one job to .gitlab-ci.yml and a masked CI/CD variable

设置简单：只需要在 .gitlab-ci.yml 中添加一个作业和一个掩码的 CI/CD 变量

Enterprise-ready: Choose Claude API, AWS Bedrock, or Google Vertex AI to meet data residency and procurement needs

企业级准备：选择 Claude API、AWS Bedrock 或 Google Vertex AI 以满足数据驻留和采购需求

Secure by default: Runs in your GitLab runners with your branch protection and approvals

默认安全：在您的 GitLab 运行器中运行，并使用您的分支保护和审批

二，How it works 工作原理

Claude Code uses GitLab CI/CD to run AI tasks in isolated jobs and commit results back via MRs:

Claude Code 使用 GitLab CI/CD 在隔离的任务中运行 AI 任务，并通过 MR 提交结果：

2.1 Event-driven orchestration:

事件驱动编排：

GitLab listens for your chosen triggers (for example, a comment that mentions @claude in an issue, MR, or review thread). The job collects context from the thread and repository, builds prompts from that input, and runs Claude Code.

GitLab 监听您选择的触发器（例如，在issue、MR 或评审线程中提及 @claude 的评论）。该任务从线程和仓库中收集上下文，根据输入构建提示词，然后运行 Claude Code。

2.2 Provider abstraction:

提供者抽象：

Use the provider that fits your environment:

使用适合您环境的提供者：

Claude API (SaaS)

AWS Bedrock (IAM-based access, cross-region options)

AWS Bedrock (基于 IAM 的访问，跨区域选项)

Google Vertex AI (GCP-native, Workload Identity Federation)

Google Vertex AI (GCP 原生，工作负载身份联合)

2.3 Sandboxed execution:

沙盒执行：

Each interaction runs in a container with strict network and filesystem rules. Claude Code enforces workspace-scoped permissions to constrain writes. Every change flows through an MR so reviewers see the diff and approvals still apply.

每次交互都在具有严格网络和文件系统规则的容器中运行。Claude Code 强制执行工作区范围的权限以限制写入。每次更改都会通过 MR 流动，以便审阅者可以看到差异，并且批准仍然适用。

Pick regional endpoints to reduce latency and meet data-sovereignty requirements while using existing cloud agreements.

选择区域端点以减少延迟并满足数据主权要求，同时使用现有的云协议。

三，What can Claude do? Claude 能做什么？

Claude Code enables powerful CI/CD workflows that transform how you work with code:

Claude Code 能够实现强大的 CI/CD 工作流，改变您处理代码的方式：

Create and update MRs from issue descriptions or comments

从issue描述或评论中创建和更新合并请求

Analyze performance regressions and propose optimizations

分析性能回归并提出优化建议

Implement features directly in a branch, then open an MR

直接在分支中实现功能，然后打开合并请求

Fix bugs and regressions identified by tests or comments

修复由测试或评论发现的问题和回归

Respond to follow-up comments to iterate on requested changes

回复后续评论以迭代请求的更改

四，Setup 设置

4.1 Quick setup 快速设置

The fastest way to get started is to add a minimal job to your .gitlab-ci.yml and set your API key as a masked variable.

开始使用的最快方式是在你的 .gitlab-ci.yml 中添加一个最小的作业，并将你的 API 密钥设置为掩码变量。

4.1.1 Add a masked CI/CD variable

添加掩码 CI/CD 变量

Go to Settings → CI/CD → Variables

前往设置→CI/CD→变量

Add ANTHROPIC_API_KEY (masked, protected as needed)

添加 ANTHROPIC_API_KEY （掩码，按需保护）

4.1.2 Add a Claude job to .gitlab-ci.yml

为 .gitlab-ci.yml 添加一个 Claude 任务

```bash

stages:

• ai

claude:

stage: ai

image: node:24-alpine3.21

Adjust rules to fit how you want to trigger the job:

- manual runs

- merge request events

- web/API triggers when a comment contains '@claude'

rules:

• if: '$CI_PIPELINE_SOURCE == "web"'

• if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

variables:

GIT_STRATEGY: fetch

before_script:

• apk update

• apk add --no-cache git curl bash

• curl -fsSL https://claude.ai/install.sh | bash

script:

Optional: start a GitLab MCP server if your setup provides one

• /bin/gitlab-mcp-server || true

Use AI_FLOW_* variables when invoking via web/API triggers with context payloads

• echo "AI_FLOW_INPUT for AI_FLOW_CONTEXT on $AI_FLOW_EVENT"

• >

claude

-p "${AI_FLOW_INPUT:-'Review this MR and implement the requested changes'}"

--permission-mode acceptEdits

--allowedTools "Bash Read Edit Write mcp__gitlab"

--debug

```

After adding the job and your ANTHROPIC_API_KEY variable, test by running the job manually from CI/CD → Pipelines, or trigger it from an MR to let Claude propose updates in a branch and open an MR if needed.

添加任务和您的 ANTHROPIC_API_KEY 变量后，通过从 CI/CD → Pipelines 手动运行任务或从 MR 触发它来测试，让 Claude 在分支中提出更新并在需要时打开 MR。

4.2 Manual setup (recommended for production)

手动设置（推荐用于生产环境）

If you prefer a more controlled setup or need enterprise providers:

如果你更喜欢更受控的设置或需要企业级服务提供商：

4.2.1 Configure provider access:

配置提供者访问：

Claude API: Create and store ANTHROPIC_API_KEY as a masked CI/CD variable

Claude API：创建并存储 ANTHROPIC_API_KEY 作为受控的 CI/CD 变量

AWS Bedrock: Configure GitLab → AWS OIDC and create an IAM role for Bedrock

AWS Bedrock：配置 GitLab → AWS OIDC 并为 Bedrock 创建 IAM 角色

Google Vertex AI: Configure Workload Identity Federation for GitLab → GCP

Google Vertex AI：为 GitLab → GCP 配置工作负载身份联合

4.2.2 Add project credentials for GitLab API operations:

为 GitLab API 操作添加项目凭证：

Use CI_JOB_TOKEN by default, or create a Project Access Token with api scope

默认使用 CI_JOB_TOKEN ，或创建具有 api 范围的项目访问令牌

Store as GITLAB_ACCESS_TOKEN (masked) if using a PAT

如果使用个人访问令牌（PAT），则存储为 GITLAB_ACCESS_TOKEN （已遮盖）

4.2.3 Add the Claude job to .gitlab-ci.yml (see examples below)

将 Claude 任务添加到 .gitlab-ci.yml （见下方示例）

4.2.4 (Optional) Enable mention-driven triggers:

(可选) 启用基于提及的触发器：

Add a project webhook for "Comments (notes)" to your event listener (if you use one)

将"评论（笔记）"的项目 webhook 添加到你的事件监听器（如果你使用的话）

Have the listener call the pipeline trigger API with variables like AI_FLOW_INPUT and AI_FLOW_CONTEXT when a comment contains @claude

当评论包含 @claude 时，让监听器调用管道触发 API，并传入 AI_FLOW_INPUT 和 AI_FLOW_CONTEXT 等变量

五，Example use cases 示例用例

5.1 Turn issues into MRs 将问题转化为 PR

In an issue comment:

在问题评论中：

@claude implement this feature based on the issue description

Claude analyzes the issue and codebase, writes changes in a branch, and opens an MR for review.

Claude 分析了issue和代码库，在一个分支中编写了更改，并打开了评审请求（MR）。

5.2 Get implementation help 获取实现帮助

In an MR discussion:

在评审请求讨论中：

@claude suggest a concrete approach to cache the results of this API call

建议一个具体的方法来缓存这个API调用的结果

Claude proposes changes, adds code with appropriate caching, and updates the MR.

Claude 进行更改，添加了适当的缓存代码，并更新了评审请求。

5.3 Fix bugs quickly 快速修复错误

In an issue or MR comment:

在issue或 MR 评论中：

@claude fix the TypeError in the user dashboard component

修复用户仪表板组件中的TypeError

Claude locates the bug, implements a fix, and updates the branch or opens a new MR.

Claude 定位了错误，实施了修复，并更新了分支或打开了新的 MR。

六，Using with AWS Bedrock & Google Vertex AI

与 AWS Bedrock & Google Vertex AI 一起使用

For enterprise environments, you can run Claude Code entirely on your cloud infrastructure with the same developer experience.

对于企业环境，您可以在自己的云基础设施上完全运行 Claude Code，并拥有相同的开发者体验

6.1 AWS Bedrock

6.1.1 Prerequisites 前提条件

Before setting up Claude Code with AWS Bedrock, you need:

在用 AWS Bedrock 设置 Claude Code 之前，您需要：

An AWS account with Amazon Bedrock access to the desired Claude models

一个拥有访问所需 Claude 模型的 Amazon Bedrock 的 AWS 账户

GitLab configured as an OIDC identity provider in AWS IAM

GitLab 在 AWS IAM 中配置为 OIDC 身份提供者

An IAM role with Bedrock permissions and a trust policy restricted to your GitLab project/refs

一个具有 Bedrock 权限和仅限于您的 GitLab 项目/引用的信任策略的 IAM 角色

GitLab CI/CD variables for role assumption:

GitLab CI/CD 角色假设变量：

AWS_ROLE_TO_ASSUME (role ARN) #角色 ARN

AWS_REGION (Bedrock region) #Bedrock 区域

6.1.2 Setup instructions 设置说明

Configure AWS to allow GitLab CI jobs to assume an IAM role via OIDC (no static keys).

配置 AWS 以允许 GitLab CI 作业通过 OIDC（无需静态密钥）假设 IAM 角色。

Required setup: 所需设置：

Enable Amazon Bedrock and request access to your target Claude models

启用 Amazon Bedrock 并请求访问您的目标 Claude 模型

Create an IAM OIDC provider for GitLab if not already present

如果尚未存在，为 GitLab 创建一个 IAM OIDC 提供商

Create an IAM role trusted by the GitLab OIDC provider, restricted to your project and protected refs

为 GitLab OIDC 提供商创建一个受信任的 IAM 角色，限制在您的项目和保护引用范围内

Attach least-privilege permissions for Bedrock invoke APIs

为 Bedrock 调用 API 附加最小权限

Required values to store in CI/CD variables:

需要存储在 CI/CD 变量中的值：

AWS_ROLE_TO_ASSUME

AWS_REGION

Add variables in Settings → CI/CD → Variables:

在设置 → CI/CD → 变量中添加变量：

For AWS Bedrock:

• AWS_ROLE_TO_ASSUME

• AWS_REGION

Use the AWS Bedrock job example above to exchange the GitLab job token for temporary AWS credentials at runtime.

使用上述 AWS Bedrock 作业示例，在运行时用 GitLab 作业令牌交换临时 AWS 凭证。

6.2 Google Vertex AI

6.2.1 Prerequisites 前提条件

Before setting up Claude Code with Google Vertex AI, you need:

在用 Google Vertex AI 设置 Claude Code 之前，您需要：

1。 A Google Cloud project with:

一个谷歌Cloud项目并具有：

Vertex AI API enabled

已启用 Vertex AI API

Workload Identity Federation configured to trust GitLab OIDC

工作负载身份联合配置为信任 GitLab OIDC

2. A dedicated service account with only the required Vertex AI roles

一个仅具有所需 Vertex AI 角色的专用服务账户

3. GitLab CI/CD variables for WIF:

用于 WIF 的 GitLab CI/CD 变量：

GCP_WORKLOAD_IDENTITY_PROVIDER (full resource name) #（完整资源名称）

GCP_SERVICE_ACCOUNT (service account email) #（服务账户邮箱）

6.2.2 Setup instructions 设置说明

Configure Google Cloud to allow GitLab CI jobs to impersonate a service account via Workload Identity Federation.

配置 Google Cloud 以允许 GitLab CI 作业通过工作负载身份联合进行服务账户模拟。

Required setup: 所需设置：

Enable IAM Credentials API, STS API, and Vertex AI API

启用 IAM 凭证 API、STS API 和 Vertex AI API

Create a Workload Identity Pool and provider for GitLab OIDC

为 GitLab OIDC 创建工作负载身份池和提供者

Create a dedicated service account with Vertex AI roles

创建具有 Vertex AI 角色的专用服务账户

Grant the WIF principal permission to impersonate the service account

授予 WIF 主体权限以模拟服务账户

Required values to store in CI/CD variables:

需要存储在 CI/CD 变量中的值：

GCP_WORKLOAD_IDENTITY_PROVIDER

GCP_SERVICE_ACCOUNT

Add variables in Settings → CI/CD → Variables:

在设置→CI/CD→变量中添加变量：

For Google Vertex AI:

• GCP_WORKLOAD_IDENTITY_PROVIDER

• GCP_SERVICE_ACCOUNT

• CLOUD_ML_REGION (for example, us-east5)

Use the Google Vertex AI job example above to authenticate without storing keys.

使用上述 Google Vertex AI 作业示例进行无需存储密钥的认证。

七，Configuration examples 配置示例

7.1 Basic .gitlab-ci.yml (Claude API)

基础 .gitlab-ci.yml (Claude API)

```bash

stages:

• ai

claude:

stage: ai

image: node:24-alpine3.21

rules:

• if: '$CI_PIPELINE_SOURCE == "web"'

• if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

variables:

GIT_STRATEGY: fetch

before_script:

• apk update

• apk add --no-cache git curl bash

• curl -fsSL https://claude.ai/install.sh | bash

script:

• /bin/gitlab-mcp-server || true

• >

claude

-p "${AI_FLOW_INPUT:-'Summarize recent changes and suggest improvements'}"

--permission-mode acceptEdits

--allowedTools "Bash Read Edit Write mcp__gitlab"

--debug

Claude Code will use ANTHROPIC_API_KEY from CI/CD variables

```

7.2 AWS Bedrock job example (OIDC)

AWS Bedrock 任务示例 (OIDC)

7.2.1 Prerequisites: 前提条件：

Amazon Bedrock enabled with access to your chosen Claude model(s)

已启用 Amazon Bedrock 并可访问您选择的 Claude 模型

GitLab OIDC configured in AWS with a role that trusts your GitLab project and refs

在 AWS 中配置的 GitLab OIDC，具有信任您的 GitLab 项目和引用的角色

IAM role with Bedrock permissions (least privilege recommended)

具有 Bedrock 权限的 IAM 角色（推荐使用最小权限）

7.2.2 Required CI/CD variables:

所需的 CI/CD 变量：

AWS_ROLE_TO_ASSUME: ARN of the IAM role for Bedrock access #用于 Bedrock 访问的 IAM 角色的 ARN

AWS_REGION: Bedrock region (for example, us-west-2) # Bedrock 区域（例如， us-west-2 ）

```bash

claude-bedrock:

stage: ai

image: node:24-alpine3.21

rules:

• if: '$CI_PIPELINE_SOURCE == "web"'

before_script:

• apk add --no-cache bash curl jq git python3 py3-pip

• pip install --no-cache-dir awscli

• curl -fsSL https://claude.ai/install.sh | bash

Exchange GitLab OIDC token for AWS credentials

• export AWS_WEB_IDENTITY_TOKEN_FILE="${CI_JOB_JWT_FILE:-/tmp/oidc_token}"

• if [ -n "{CI_JOB_JWT_V2}" \]; then printf "%s" "CI_JOB_JWT_V2" > "$AWS_WEB_IDENTITY_TOKEN_FILE"; fi

• >

aws sts assume-role-with-web-identity

--role-arn "$AWS_ROLE_TO_ASSUME"

--role-session-name "gitlab-claude-$(date +%s)"

--web-identity-token "file://$AWS_WEB_IDENTITY_TOKEN_FILE"

--duration-seconds 3600 > /tmp/aws_creds.json

• export AWS_ACCESS_KEY_ID="$(jq -r .Credentials.AccessKeyId /tmp/aws_creds.json)"

• export AWS_SECRET_ACCESS_KEY="$(jq -r .Credentials.SecretAccessKey /tmp/aws_creds.json)"

• export AWS_SESSION_TOKEN="$(jq -r .Credentials.SessionToken /tmp/aws_creds.json)"

script:

• /bin/gitlab-mcp-server || true

• >

claude

-p "${AI_FLOW_INPUT:-'Implement the requested changes and open an MR'}"

--permission-mode acceptEdits

--allowedTools "Bash Read Edit Write mcp__gitlab"

--debug

variables:

AWS_REGION: "us-west-2"

```

Model IDs for Bedrock include region-specific prefixes and version suffixes (for example, us.anthropic.claude-sonnet-4-5-20250929-v1:0). Pass the desired model via your job configuration or prompt if your workflow supports it.

Bedrock 的模型 ID 包括区域特定的前缀和版本后缀（例如， us.anthropic.claude-sonnet-4-5-20250929-v1:0 ）。如果您的流程支持，请通过作业配置或提示传递所需的模型。

7.3 Google Vertex AI job example (Workload Identity Federation)

Google Vertex AI 工作示例（工作负载身份联合）

7.3.1 Prerequisites: 前提条件：

Vertex AI API enabled in your GCP project

您的 GCP 项目中启用了 Vertex AI API

Workload Identity Federation configured to trust GitLab OIDC

已配置 Workload Identity Federation 以信任 GitLab OIDC

A service account with Vertex AI permissions

具有 Vertex AI 权限的服务账户

7.3.2 Required CI/CD variables:

所需的 CI/CD 变量：

GCP_WORKLOAD_IDENTITY_PROVIDER: Full provider resource name # 完整提供者资源名称

GCP_SERVICE_ACCOUNT: Service account email #服务账户邮箱

CLOUD_ML_REGION: Vertex region (for example, us-east5 )#Vertex 区域（例如， us-east5 ）

```bash

claude-vertex:

stage: ai

image: gcr.io/google.com/cloudsdktool/google-cloud-cli:slim

rules:

• if: '$CI_PIPELINE_SOURCE == "web"'

before_script:

• apt-get update && apt-get install -y git && apt-get clean

• curl -fsSL https://claude.ai/install.sh | bash

Authenticate to Google Cloud via WIF (no downloaded keys)

• >

gcloud auth login --cred-file=<(cat <<EOF

{

"type": "external_account",

"audience": "${GCP_WORKLOAD_IDENTITY_PROVIDER}",

"subject_token_type": "urn:ietf:params:oauth:token-type:jwt",

"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${GCP_SERVICE_ACCOUNT}:generateAccessToken",

"token_url": "https://sts.googleapis.com/v1/token"

}

EOF

)

• gcloud config set project "(gcloud projects list --format='value(projectId)' --filter="name:{CI_PROJECT_NAMESPACE}" | head -n1)" || true

script:

• /bin/gitlab-mcp-server || true

• >

CLOUD_ML_REGION="${CLOUD_ML_REGION:-us-east5}"

claude

-p "${AI_FLOW_INPUT:-'Review and update code as requested'}"

--permission-mode acceptEdits

--allowedTools "Bash Read Edit Write mcp__gitlab"

--debug

variables:

CLOUD_ML_REGION: "us-east5"

```

With Workload Identity Federation, you do not need to store service account keys. Use repository-specific trust conditions and least-privilege service accounts.

使用工作负载身份联合，无需存储服务账户密钥。使用特定于存储库的信任条件和最小权限服务账户。

八，Best practices 最佳实践

8.1 CLAUDE.md configuration CLAUDE.md 配置

Create a CLAUDE.md file at the repository root to define coding standards, review criteria, and project-specific rules. Claude reads this file during runs and follows your conventions when proposing changes.

在存储库根目录创建一个 CLAUDE.md 文件来定义编码标准、审查标准和特定于项目的规则。Claude 在运行期间会读取此文件，并在更改时遵循您的约定。

8.2 Security considerations 安全注意事项

Never commit API keys or cloud credentials to your repository. Always use GitLab CI/CD variables:

切勿将 API 密钥或云凭证提交到您的存储库。始终使用 GitLab CI/CD 变量：

Add ANTHROPIC_API_KEY as a masked variable (and protect it if needed)

将 ANTHROPIC_API_KEY 添加为掩码变量（如有需要，则保护它）

Use provider-specific OIDC where possible (no long-lived keys)

尽可能使用特定提供者的 OIDC（不使用长寿命密钥）

Limit job permissions and network egress

限制作业权限和网络出口

Review Claude's MRs like any other contributor

像其他贡献者一样审查 Claude 的 MR

8.3 Optimizing performance 优化性能

Keep CLAUDE.md focused and concise

保持 CLAUDE.md 聚焦且简洁

Provide clear issue/MR descriptions to reduce iterations

提供清晰的 issue/MR 描述以减少迭代次数

Configure sensible job timeouts to avoid runaway runs

配置合理的作业超时时间，避免无限循环运行

Cache npm and package installs in runners where possible

尽可能在执行器中缓存 npm 和包安装

8.4 CI costs CI 成本

When using Claude Code with GitLab CI/CD, be aware of associated costs:

使用 Claude Code 与 GitLab CI/CD 时，注意相关成本：

1.GitLab Runner time: GitLab 执行器时间：

Claude runs on your GitLab runners and consumes compute minutes

Claude 在您的 GitLab 执行器上运行并消耗计算分钟

See your GitLab plan's runner billing for details

有关详细信息，请查看您的 GitLab 计划的运行器计费

2.API costs: API 成本：

Each Claude interaction consumes tokens based on prompt and response size

每次 Claude 交互都会根据提示和响应的大小消耗 token

Token usage varies by task complexity and codebase size

token 使用量因任务复杂性和代码库大小而异

3. Cost optimization tips: 成本优化建议：

Use specific @claude commands to reduce unnecessary turns

使用特定的 @claude 命令减少不必要的轮次

Set appropriate max_turns and job timeout values

设置适当的 max_turns 和作业超时值

Limit concurrency to control parallel runs

限制并发以控制并行运行

九， Security and governance 安全和治理

Each job runs in an isolated container with restricted network access

每个作业都在一个隔离的容器中运行，网络访问受限

Claude's changes flow through MRs so reviewers see every diff

Claude 的更改通过合并请求流动，因此审查者可以看到每个差异

Branch protection and approval rules apply to AI-generated code

分支保护和审批规则适用于 AI 生成的代码

Claude Code uses workspace-scoped permissions to constrain writes

Claude Code 使用工作区范围的权限来限制写入

Costs remain under your control because you bring your own provider credentials

成本仍然由您控制，因为您使用自己的提供者凭证

十，Troubleshooting 故障排除

10.1 Claude not responding to @claude commands

Claude 没有响应 @claude 命令

Verify your pipeline is being triggered (manually, MR event, or via a note event listener/webhook)

验证您的管道是否被触发（手动、MR 事件或通过注释事件监听器/ webhook）

Ensure CI/CD variables (ANTHROPIC_API_KEY or cloud provider settings) are present and unmasked

确保 CI/CD 变量（ ANTHROPIC_API_KEY 或云提供者设置）存在且未被遮掩

Check that the comment contains @claude (not /claude) and that your mention trigger is configured

检查评论中是否包含 @claude （而不是 /claude ），并确认您的提及触发器已配置

10.2 Job can't write comments or open MRs

作业无法写评论或打开 MR

Ensure CI_JOB_TOKEN has sufficient permissions for the project, or use a Project Access Token with api scope

确保 CI_JOB_TOKEN 对项目有足够的权限，或使用具有 api 范围的 Project Access Token

Check the mcp__gitlab tool is enabled in --allowedTools

检查 mcp__gitlab 工具在 --allowedTools 中已启用

Confirm the job runs in the context of the MR or has enough context via AI_FLOW_* variables

确认作业在 MR 的上下文中运行或通过 AI_FLOW_* 变量具有足够的上下文

10.3 Authentication errors 认证错误

For Claude API: Confirm ANTHROPIC_API_KEY is valid and unexpired

对于 Claude API：确认 ANTHROPIC_API_KEY 有效且未过期

For Bedrock/Vertex: Verify OIDC/WIF configuration, role impersonation, and secret names; confirm region and model availability

对于 Bedrock/Vertex：验证 OIDC/WIF 配置、角色模拟和密钥名称；确认区域和模型可用性

十一，Advanced configuration 高级配置

11.1 Common parameters and variables

常用参数和变量

Claude Code supports these commonly used inputs:

Claude Code 支持以下常用输入：

prompt / prompt_file: Provide instructions inline (-p) or via a file

直接在行内提供指令（ -p ）或通过文件提供

max_turns: Limit the number of back-and-forth iterations

限制来回迭代的次数

timeout_minutes: Limit total execution time

限制总执行时间

ANTHROPIC_API_KEY: Required for the Claude API (not used for Bedrock/Vertex)

Claude API 所需（Bedrock/Vertex 不使用）

Provider-specific environment: AWS_REGION, project/region vars for Vertex

特定提供者的环境： AWS_REGION ，Vertex 的项目/区域变量

Exact flags and parameters may vary by version of @anthropic-ai/claude-code. Run claude --help in your job to see supported options.

@anthropic-ai/claude-code 的确切标志和参数可能因版本而异。在您的作业中运行 claude --help 以查看支持的选项。

11.2 Customizing Claude's behavior

自定义 Claude 的行为

You can guide Claude in two primary ways:

您可以以两种主要方式指导 Claude：

CLAUDE.md: Define coding standards, security requirements, and project conventions. Claude reads this during runs and follows your rules.

CLAUDE.md: 定义编码标准、安全要求和项目规范。Claude 在运行期间读取此文件并遵循您的规则。

Custom prompts: Pass task-specific instructions via prompt/prompt_file in the job. Use different prompts for different jobs (for example, review, implement, refactor).

自定义提示：通过在作业中使用 prompt / prompt_file 传递特定任务的指令。为不同作业使用不同的提示（例如，审查、实现、重构）。

小结：

可以直接在分支中实现功能，然后打开合并请求