Bash Mode, Headless Mode, and CI/CD Integration
Claude Code is not limited to interactive terminal sessions. With bash mode and headless mode, you can integrate Claude into automated pipelines, CI/CD workflows, cron jobs, and scripting environments. This transforms Claude from a developer tool into an infrastructure component that can automate code reviews, content generation, testing, and deployment verification.
What You Will Learn
- How bash mode (-p flag) works for scripting
- Headless mode and its output formats
- Integrating Claude Code with GitHub Actions
- Building automated content and code pipelines
- Cron-based agent systems for recurring tasks
Bash Mode with the -p Flag
The -p (prompt) flag runs Claude Code in non-interactive mode. You provide a prompt as a string argument, Claude processes it, and the result is output to stdout. No terminal UI, no permission prompts, no interactive conversation.
# Basic usage
claude -p "List all TypeScript files with more than 200 lines"
# Pipe output to a file
claude -p "Generate a changelog for the last 10 commits" > CHANGELOG.md
# Use in a pipeline
git diff HEAD~1 | claude -p "Summarize these changes in bullet points"
Key Behaviors in Bash Mode
- No UI: There is no interactive terminal interface
- No permission prompts: Since no human is present, Claude cannot ask for approval. Actions that would require approval cause the process to terminate instead
- Single turn: Claude processes the prompt and exits. There is no back-and-forth conversation
- Exit codes: Returns 0 on success, non-zero on failure
Combining with Permissions
To let Claude take actions (edit files, run commands) in bash mode, you need to either pre-configure permissions or use the dangerous skip flag:
# With pre-configured allowlist (recommended for production)
claude -p "Fix all ESLint errors in src/" \
--model claude-sonnet-4-5
# With full permissions (only in sandboxed environments)
claude --dangerously-skip-permissions \
-p "Run the test suite and fix any failures"
Headless Mode Output Formats
By default, bash mode outputs plain text. For programmatic consumption, use structured output:
Stream JSON
claude -p "Analyze this codebase" --output-format stream-json
Outputs newline-delimited JSON events as Claude works:
\{"type":"text","content":"Analyzing the codebase structure..."\}
\{"type":"tool_use","tool":"Read","input":\{"file_path":"src/index.ts"\}\}
\{"type":"tool_result","output":"...file contents..."\}
\{"type":"text","content":"The codebase uses Next.js with..."\}
JSON Output
claude -p "List all API endpoints" --output-format json
Returns a single JSON object with the complete result after Claude finishes.
GitHub Actions Integration
Claude Code has official GitHub Actions support that lets Claude respond to issues, review PRs, and implement changes automatically.
Basic Setup
Create .github/workflows/claude.yml:
name: Claude Code
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
claude:
if: contains(github.event.comment.body, '@claude')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: $\{\{ secrets.ANTHROPIC_API_KEY \}\}
claude_args: "--max-turns 10 --model claude-sonnet-4-5"
What This Enables
When someone comments @claude fix the failing tests on an issue or PR, Claude will:
- Check out the repository
- Analyze the context (issue description, PR diff, comment thread)
- Make changes and push commits
- Comment back with what it did
Advanced GitHub Actions Configuration
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: $\{\{ secrets.ANTHROPIC_API_KEY \}\}
claude_args: >-
--max-turns 15
--model claude-sonnet-4-5
--mcp-config .github/mcp-config.json
allowed_tools: "Edit,Write,Bash(npm test:*),Bash(git:*)"
You can restrict which tools Claude can use, set turn limits, and provide MCP server configurations for the CI environment.
Use Cases for GitHub Actions
Automated code review: Claude analyzes every PR and comments with suggestions.
Issue triage: Claude reads new issues and assigns labels based on content analysis.
Bug fix automation: When a bug report comes in, Claude attempts to reproduce and fix it.
Documentation updates: Claude automatically updates documentation when API endpoints change.
Building Automated Pipelines
Content Generation Pipeline
Use Claude in a script to generate content on a schedule:
#!/bin/bash
# generate-daily-content.sh
# Generate a blog post about today's AI news
claude --dangerously-skip-permissions \
-p "Research today's AI news and write a blog post.
Save it to src/content/blog/$(date +%Y-%m-%d)-ai-news.mdx
Include frontmatter with title, date, and description.
Use WebSearch to find current news." \
--model claude-sonnet-4-5 \
--max-turns 20
# Validate the generated content
node scripts/validate-mdx-compilation.js src/content/blog/
# If validation passes, commit and push
if [ $? -eq 0 ]; then
git add src/content/blog/
git commit -m "feat: add daily AI news post for $(date +%Y-%m-%d)"
git push
fi
Test-Fix Pipeline
#!/bin/bash
# auto-fix-tests.sh
# Run tests and capture output
TEST_OUTPUT=$(npm test 2>&1)
EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]; then
# Feed test failures to Claude for fixing
echo "$TEST_OUTPUT" | claude --dangerously-skip-permissions \
-p "The test suite failed. Here are the failures.
Fix the source code (not the tests) to make them pass.
After fixing, run the tests again to verify." \
--model claude-sonnet-4-5 \
--max-turns 15
fi
SEO Audit Pipeline
#!/bin/bash
# seo-audit.sh
claude -p "Audit all pages in src/app/ for SEO best practices:
- Check meta titles (50-60 chars) and descriptions (150-160 chars)
- Verify Open Graph tags exist
- Check heading hierarchy
- Report findings as JSON" \
--output-format json \
--model claude-sonnet-4-5 > seo-report.json
Cron-Based Agent Systems
Combine bash mode with cron (or systemd timers) for recurring automation:
Daily Code Quality Check
# Run at 6 AM every day
0 6 * * * cd /path/to/project && claude --dangerously-skip-permissions -p "Run the full lint and test suite. If there are failures, create a GitHub issue with the details." --max-turns 10
Weekly Dependency Audit
# Run every Monday at 9 AM
0 9 * * 1 cd /path/to/project && claude --dangerously-skip-permissions -p "Check for outdated dependencies with npm outdated. For any with security vulnerabilities (npm audit), create a branch and update them. Run tests to verify nothing breaks." --max-turns 20
Scheduled Agent via Claude Code
Claude Code also supports scheduled remote agents (triggers) that run on a cron schedule without requiring your own infrastructure:
/schedule create "Review open PRs and add comments" --cron "0 9 * * *"
Safety in Automated Environments
When running Claude Code in automated pipelines, follow these practices:
- Use containers: Run Claude inside Docker containers or VMs to isolate filesystem access
- Read-only credentials: Database connections should be read-only unless writes are explicitly needed
- Set max-turns: Always limit how many turns Claude can take to prevent runaway costs
- Review before deploy: Automated changes should go through PR review before merging to main
- Monitor costs: Track token usage per pipeline run and set alerts for unusual spikes
- Audit logs: Log all Claude actions in CI for post-mortem analysis
# Safe CI pattern: branch + PR, never direct to main
claude --dangerously-skip-permissions \
-p "Fix the failing tests on a new branch called fix/test-failures.
Push the branch and create a PR for review." \
--max-turns 10 \
--model claude-sonnet-4-5
Key Takeaways
- The
-pflag enables non-interactive bash mode for scripting and automation - Use
--output-format stream-jsonorjsonfor programmatic consumption of Claude's output - GitHub Actions integration lets Claude respond to issues, review PRs, and implement fixes automatically
- Build content generation, test-fix, and audit pipelines using bash mode scripts
- Cron-based systems enable recurring automation like daily quality checks and weekly dependency audits
- Always use containers, max-turns limits, and branch-based workflows for safety in automated environments
- Never run
--dangerously-skip-permissionson machines with access to production secrets without sandboxing