fix(ci): rebuild weekly-update.yml with proper YAML and features

Add notify job, job summary, set +e/PIPESTATUS exit code capture,
persist-credentials: false with git remote set-url for push auth,
PR body via variable construction.

Author: jdalton

.github/workflows/weekly-update.yml

@@ -23,22 +23,20 @@ jobs:
       contents: read
     outputs:
       has-updates: ${{ steps.check.outputs.has-updates }}
-      update-summary: ${{ steps.check.outputs.update-summary }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          fetch-depth: 0
           persist-credentials: false
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: .node-version
-          cache: ''
-
-      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+          cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -47,31 +45,13 @@ jobs:
         id: check
         run: |
           echo "Checking for npm package updates..."
-
           HAS_UPDATES=false
-          SUMMARY=""
-
-          # Check for npm updates
           NPM_UPDATES=$(pnpm outdated 2>/dev/null || true)
           if [ -n "$NPM_UPDATES" ] && ! echo "$NPM_UPDATES" | grep -q "No outdated"; then
             echo "npm packages have updates available"
             HAS_UPDATES=true
-            SUMMARY="npm packages: updates available"
           fi
-
           echo "has-updates=$HAS_UPDATES" >> $GITHUB_OUTPUT
-          if [ -n "$SUMMARY" ]; then
-            SUMMARY_B64=$(echo "$SUMMARY" | base64 | tr -d '\n')
-            echo "update-summary=$SUMMARY_B64" >> $GITHUB_OUTPUT
-          fi
-
-          if [ "$HAS_UPDATES" = "true" ]; then
-            echo ""
-            echo "✓ Updates available!"
-          else
-            echo ""
-            echo "✓ All dependencies are up to date"
-          fi
 
   apply-updates:
     name: Apply updates with Claude Code
@@ -88,14 +68,14 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: .node-version
-          cache: ''
-
-      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+          cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -105,10 +85,13 @@ jobs:
 
       - name: Create update branch
         id: branch
+        env:
+          GH_TOKEN: ${{ github.token }}
         run: |
           BRANCH_NAME="weekly-update-$(date +%Y%m%d)"
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
+          git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"
           git checkout -b "$BRANCH_NAME"
           echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
 
@@ -121,42 +104,39 @@ jobs:
           GITHUB_ACTIONS: 'true'
         run: |
           if [ -z "$ANTHROPIC_API_KEY" ]; then
-            echo "⚠️  ANTHROPIC_API_KEY not set - skipping automated update"
-            echo "Please add ANTHROPIC_API_KEY to repository secrets to enable automation"
+            echo "ANTHROPIC_API_KEY not set - skipping automated update"
             echo "success=false" >> $GITHUB_OUTPUT
             exit 0
           fi
 
+          set +e
           claude --print --dangerously-skip-permissions \
             --model sonnet \
-            "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests (CI will run them separately). Do not push or create a PR - just make the changes and commits locally." \
+            "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests. Do not push or create a PR." \
             2>&1 | tee claude-output.log
+          CLAUDE_EXIT=${PIPESTATUS[0]}
+          set -e
 
-          if [ $? -eq 0 ]; then
+          if [ "$CLAUDE_EXIT" -eq 0 ]; then
             echo "success=true" >> $GITHUB_OUTPUT
-            echo "✓ Claude Code successfully applied updates"
           else
             echo "success=false" >> $GITHUB_OUTPUT
-            echo "⚠️  Claude Code encountered errors"
           fi
 
       - name: Check for changes
         id: changes
         run: |
           if [ -n "$(git status --porcelain)" ] || [ "$(git rev-list --count HEAD ^origin/main)" -gt 0 ]; then
             echo "has-changes=true" >> $GITHUB_OUTPUT
-            echo "✓ Changes detected"
           else
             echo "has-changes=false" >> $GITHUB_OUTPUT
-            echo "No changes to commit"
           fi
 
       - name: Push branch
         if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
         env:
           BRANCH_NAME: ${{ steps.branch.outputs.branch }}
-        run: |
-          git push origin "$BRANCH_NAME"
+        run: git push origin "$BRANCH_NAME"
 
       - name: Create Pull Request
         if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
@@ -178,11 +158,6 @@ jobs:
           PR_BODY+="\`\`\`"$'\n\n'
           PR_BODY+="</details>"$'\n\n'
           PR_BODY+="---"$'\n\n'
-          PR_BODY+="### Review Checklist"$'\n\n'
-          PR_BODY+="- [ ] All builds pass"$'\n'
-          PR_BODY+="- [ ] Tests pass"$'\n'
-          PR_BODY+="- [ ] No breaking changes"$'\n\n'
-          PR_BODY+="---"$'\n\n'
           PR_BODY+="<sub>Generated by [weekly-update.yml](.github/workflows/weekly-update.yml)</sub>"
 
           gh pr create \
@@ -192,6 +167,17 @@ jobs:
             --head "$BRANCH_NAME" \
             --base main
 
+      - name: Add job summary
+        if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        env:
+          BRANCH_NAME: ${{ steps.branch.outputs.branch }}
+        run: |
+          COMMIT_COUNT=$(git rev-list --count origin/main..HEAD)
+          echo "## Weekly Update Complete" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Branch:** \`${BRANCH_NAME}\`" >> $GITHUB_STEP_SUMMARY
+          echo "**Commits:** ${COMMIT_COUNT}" >> $GITHUB_STEP_SUMMARY
+
       - name: Upload Claude output
         if: always()
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
@@ -215,11 +201,11 @@ jobs:
         run: |
           if [ "$HAS_UPDATES" = "true" ]; then
             if [ "$DRY_RUN" = "true" ]; then
-              echo "✓ Updates available (dry-run mode - no PR created)"
+              echo "Updates available (dry-run mode - no PR created)"
             else
-              echo "✓ Weekly update workflow completed"
+              echo "Weekly update workflow completed"
               echo "Check the PRs tab for the automated update PR"
             fi
           else
-            echo "✓ All dependencies are up to date - no action needed!"
+            echo "All dependencies are up to date - no action needed!"
           fi

.node-version

@@ -1 +1 @@
-25.8.1
+25.8.2