Use Claude Code Action with Aperture
Last validated:
Configure the Claude Code GitHub Action to send requests through Aperture by Tailscale so that CI runners use their Tailscale identity for authentication instead of per-repository API keys.
Prerequisites
- An Aperture instance with an Anthropic provider configured and at least one Anthropic model enabled.
- A Tailscale account with Owner, Admin, or Network admin permissions.
- A GitHub repository with GitHub Actions enabled and admin access to create repository secrets.
To avoid unexpected TLS issues, use http:// for the Aperture URL when configuring LLM clients. All connections remain encrypted using WireGuard, even when HTTPS is not used.
Step 1: Create a CI tag and grant access to Aperture
CI runners need a Tailscale tag, network access to the Aperture device, and a grant that authorizes model usage.
-
Open the Access controls page in the admin console.
-
In the
tagOwnerssection, addtag:ciif it does not already exist:"tagOwners": { "tag:ci": [] }An empty owner list means Owners, Admins, and Network admins can apply the tag.
-
Add a grant that gives
tag:cidevices network access to the Aperture device and permission to use Anthropic models:{ "grants": [ { "src": ["tag:ci"], "dst": ["<aperture-hostname>"], "ip": ["tcp:80"], "app": { "tailscale.com/cap/aperture": [ { "role": "user" }, { "models": "anthropic/**" } ] } } ] }Replace
"<aperture-hostname>"with the hostname or Tailscale IP address of your Aperture device if it differs from the default. Adjust themodelspattern to restrict CI runners to specific models, such asanthropic/claude-sonnet-4-6. -
Save the tailnet policy file. The rules take effect immediately.
The grant must include both a role entry and a models entry. Without role, Aperture returns HTTP 403 even if the models pattern matches.
For more information on grant syntax and model patterns, refer to control model access.
Step 2: Set up Tailscale authentication for GitHub Actions
The Tailscale GitHub Action needs credentials to join your tailnet as an ephemeral node.
Workload identity federation (recommended)
Workload identity federation uses GitHub's OIDC tokens to authenticate, eliminating secrets that can expire or leak.
- Create a federated identity in the Tailscale admin console. Set the issuer to GitHub Actions and configure the subject claim to match your repository. Assign the
auth_keysscope and thetag:citag. - Copy the Client ID and Audience values.
- In your GitHub repository, create two repository secrets:
TS_OAUTH_CLIENT_ID: your federated identity Client ID.TS_AUDIENCE: your federated identity Audience.
Workload identity federation requires the id-token: write permission in your GitHub Actions workflow, which you add in step 3.
OAuth client
If your organization does not use workload identity federation, create an OAuth client instead.
- Create an OAuth client in the admin console with the
auth_keysscope and thetag:citag. - Copy the Client ID and Client secret.
- In your GitHub repository, create two repository secrets:
TS_OAUTH_CLIENT_ID: your OAuth Client ID.TS_OAUTH_SECRET: your OAuth Client secret.
For detailed instructions on either option, refer to the Tailscale GitHub Action documentation.
Step 3: Add Claude Code Action to the workflow
Create or update a workflow file (for example, .github/workflows/claude.yml) with the following content. This example uses workload identity federation. If you use an OAuth client, replace audience with oauth-secret and reference secrets.TS_OAUTH_SECRET.
name: Claude Code
on:
pull_request:
permissions:
id-token: write
pull-requests: write
contents: read
jobs:
claude:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Connect to tailnet
uses: tailscale/github-action@v4
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
audience: ${{ secrets.TS_AUDIENCE }}
tags: tag:ci
ping: ai
- name: Run Claude Code
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: "-"
env:
ANTHROPIC_BASE_URL: "http://ai"
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
Key settings
| Setting | Purpose |
|---|---|
tags: tag:ci | Assigns the tag that Aperture uses to identify and authorize the caller. |
ping: <aperture-hostname> | Waits for connectivity to the Aperture device before proceeding. Prevents the Claude Code step from starting before the tailnet connection is ready. |
anthropic_api_key: "-" | Placeholder that satisfies the action's non-empty check. Aperture manages the real API key. |
ANTHROPIC_BASE_URL: "http://<aperture-hostname>" | Redirects all API calls to the Aperture device. MagicDNS resolves <aperture-hostname> to the Aperture device's Tailscale IP address. |
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1" | Prevents Claude Code from sending telemetry or update checks that would bypass Aperture. |
anthropic_api_key is a with: input (action parameter), while ANTHROPIC_BASE_URL and CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC are env: variables. The action performs a truthy check on anthropic_api_key and refuses to start without it.
Permissions
The permissions block sets the minimum GitHub token permissions the workflow needs:
| Permission | Purpose |
|---|---|
id-token: write | Required for workload identity federation. Omit if you use an OAuth client. |
pull-requests: write | Lets the Claude Code Action post review comments on the pull request. |
contents: read | Lets the Claude Code Action read repository files. |
Verify the connection
- Open a pull request with a small code change to trigger the workflow.
- In the workflow run's Actions tab, confirm:
- The Connect to tailnet step connected and the
ping: <aperture-hostname>check succeeded. - The Run Claude Code step completed and shows API calls to
http://<aperture-hostname>.
- The Connect to tailnet step connected and the
- Open the Aperture dashboard at
http://<aperture-hostname>/ui/from a device on your tailnet. Go to the Logs page and confirm the request appears withtag:cias the caller identity.
Troubleshoot common issues
| Symptom | Cause | Fix |
|---|---|---|
| Connection timeout in the Tailscale step | tag:ci does not exist in tagOwners, or the runner cannot reach the coordination server. | Verify the tag exists in your tailnet policy file and your GitHub secrets are correct. |
| HTTP 403 from Aperture | The grant is missing a role entry, or the models pattern does not match the requested model. | Verify the grant includes both { "role": "user" } and a matching { "models": "..." } entry. |
| Claude Code reports an API key error | anthropic_api_key is empty or missing. | Set anthropic_api_key: "-" in the with: block. The value must be non-empty. |
ping: <aperture-hostname> times out | The network grant does not allow tag:ci to reach the Aperture device on port 80. | Check the dst and ip fields in your network access grant. |
Next steps
- Set per-user spending limits to cap how much CI pipelines spend on AI requests.
- Restrict CI runners to specific models by narrowing the
modelspattern in the grant, for exampleanthropic/claude-sonnet-4-5instead ofanthropic/**. - Export usage data to S3 for long-term retention and compliance.
- Build a custom webhook to receive real-time notifications when CI runners make AI requests.
- For a complete guide that sets up AI-powered code reviews with cost control and compliance, refer to route AI code reviews through Aperture.