feat(ci): add updating skill and weekly-update workflow

jdalton · jdalton · commit 47dff6507cf4 · 2026-03-24T18:19:07.000-04:00
- Add updating skill for npm dependency updates
- Add weekly-update.yml workflow for automated updates
- Fix .gitignore to allow .claude/skills/ and .claude/commands/
diff --git a/.claude/skills/updating/SKILL.md b/.claude/skills/updating/SKILL.md
@@ -0,0 +1,167 @@
+---
+name: updating
+description: Updates all npm dependencies to their latest versions. Triggers when user asks to "update dependencies", "update packages", or prepare for a release.
+user-invocable: true
+allowed-tools: Bash, Read, Grep, Glob, Edit
+---
+
+# updating
+
+<task>
+Your task is to update all npm dependencies to their latest versions, ensuring all builds and tests pass.
+</task>
+
+<context>
+**What is this?**
+This skill updates npm packages for security patches, bug fixes, and new features.
+
+**Update Targets:**
+- npm packages via `pnpm run update` or `pnpm update`
+</context>
+
+<constraints>
+**Requirements:**
+- Start with clean working directory (no uncommitted changes)
+
+**CI Mode** (detected via `CI=true` or `GITHUB_ACTIONS`):
+- Create atomic commits, skip build validation (CI validates separately)
+- Workflow handles push and PR creation
+
+**Interactive Mode** (default):
+- Validate updates with build/tests before proceeding
+- Report validation results to user
+
+**Actions:**
+- Update npm packages
+- Create atomic commits
+- Report summary of changes
+</constraints>
+
+<instructions>
+
+## Process
+
+### Phase 1: Validate Environment
+
+<action>
+Check working directory is clean and detect CI mode:
+</action>
+
+```bash
+# Detect CI mode
+if [ "$CI" = "true" ] || [ -n "$GITHUB_ACTIONS" ]; then
+  CI_MODE=true
+  echo "Running in CI mode - will skip build validation"
+else
+  CI_MODE=false
+  echo "Running in interactive mode - will validate builds"
+fi
+
+# Check working directory is clean
+git status --porcelain
+```
+
+<validation>
+- Working directory must be clean
+- CI_MODE detected for subsequent phases
+</validation>
+
+---
+
+### Phase 2: Update npm Packages
+
+<action>
+Run pnpm update to update npm dependencies:
+</action>
+
+```bash
+# Update npm packages (use pnpm run update if script exists, otherwise pnpm update)
+if grep -q '"update"' package.json; then
+  pnpm run update
+else
+  pnpm update
+fi
+
+# Check if there are changes
+if [ -n "$(git status --porcelain pnpm-lock.yaml package.json)" ]; then
+  git add pnpm-lock.yaml package.json
+  git commit -m "chore: update npm dependencies
+
+Updated npm packages via pnpm update."
+  echo "npm packages updated"
+else
+  echo "npm packages already up to date"
+fi
+```
+
+---
+
+### Phase 3: Final Validation
+
+<action>
+Run build and test suite (skip in CI mode):
+</action>
+
+```bash
+if [ "$CI_MODE" = "true" ]; then
+  echo "CI mode: Skipping final validation (CI will run builds/tests separately)"
+  echo "Commits created - ready for push by CI workflow"
+else
+  echo "Interactive mode: Running full validation..."
+  pnpm run check
+  pnpm test
+fi
+```
+
+---
+
+### Phase 4: Report Summary
+
+<action>
+Generate update report:
+</action>
+
+```
+## Update Complete
+
+### Updates Applied:
+
+| Category | Status |
+|----------|--------|
+| npm packages | Updated/Up to date |
+
+### Commits Created:
+- [list commits if any]
+
+### Validation:
+- Build: SUCCESS/SKIPPED (CI mode)
+- Tests: PASS/SKIPPED (CI mode)
+
+### Next Steps:
+**Interactive mode:**
+1. Review changes: `git log --oneline -N`
+2. Push to remote: `git push origin main`
+
+**CI mode:**
+1. Workflow will push branch and create PR
+2. CI will run full build/test validation
+3. Review PR when CI passes
+```
+
+</instructions>
+
+## Success Criteria
+
+- All npm packages checked for updates
+- Full build and tests pass (interactive mode)
+- Summary report generated
+
+## Context
+
+This skill is useful for:
+
+- Weekly maintenance (automated via weekly-update.yml)
+- Security patch rollout
+- Pre-release preparation
+
+**Safety:** Updates are validated before committing. Failures stop the process.
diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
@@ -0,0 +1,175 @@
+name: 🔄 Weekly Dependency Update
+
+on:
+  schedule:
+    # Run weekly on Monday at 9 AM UTC
+    - cron: '0 9 * * 1'
+  workflow_dispatch:
+    inputs:
+      dry-run:
+        description: 'Check for updates without creating PR'
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+
+jobs:
+  check-updates:
+    name: Check for dependency updates
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      has-updates: ${{ steps.check.outputs.has-updates }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version-file: .node-version
+          cache: ''
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b307475762933b98ed359c036b0e51f26b63b74b # v5.0.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Check for npm updates
+        id: check
+        run: |
+          echo "Checking for npm package updates..."
+          HAS_UPDATES=false
+          NPM_UPDATES=$(pnpm outdated 2>/dev/null || true)
+          if [ -n "$NPM_UPDATES" ] && ! echo "$NPM_UPDATES" | grep -q "No outdated"; then
+            echo "npm packages have updates available"
+            HAS_UPDATES=true
+          fi
+          echo "has-updates=$HAS_UPDATES" >> $GITHUB_OUTPUT
+
+  apply-updates:
+    name: Apply updates with Claude Code
+    needs: check-updates
+    if: needs.check-updates.outputs.has-updates == 'true' && inputs.dry-run != true
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version-file: .node-version
+          cache: ''
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b307475762933b98ed359c036b0e51f26b63b74b # v5.0.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Install Claude Code
+        run: npm install -g @anthropic-ai/claude-code
+
+      - name: Create update branch
+        id: branch
+        run: |
+          BRANCH_NAME="weekly-update-$(date +%Y%m%d)"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git checkout -b "$BRANCH_NAME"
+          echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Run updating skill with Claude Code
+        id: claude
+        timeout-minutes: 30
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          CI: 'true'
+          GITHUB_ACTIONS: 'true'
+        run: |
+          if [ -z "$ANTHROPIC_API_KEY" ]; then
+            echo "⚠️  ANTHROPIC_API_KEY not set - skipping automated update"
+            echo "success=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          claude --print --dangerously-skip-permissions \
+            --model sonnet \
+            "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests. Do not push or create a PR." \
+            2>&1 | tee claude-output.log
+
+          if [ $? -eq 0 ]; then
+            echo "success=true" >> $GITHUB_OUTPUT
+          else
+            echo "success=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if [ -n "$(git status --porcelain)" ] || [ "$(git rev-list --count HEAD ^origin/main)" -gt 0 ]; then
+            echo "has-changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has-changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Push branch
+        if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        env:
+          BRANCH_NAME: ${{ steps.branch.outputs.branch }}
+        run: git push origin "$BRANCH_NAME"
+
+      - name: Create Pull Request
+        if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+          BRANCH_NAME: ${{ steps.branch.outputs.branch }}
+        run: |
+          COMMITS=$(git log --oneline origin/main..HEAD)
+          COMMIT_COUNT=$(git rev-list --count origin/main..HEAD)
+
+          gh pr create \
+            --title "chore(deps): weekly dependency update ($(date +%Y-%m-%d))" \
+            --body "## Weekly Dependency Update
+
+Automated weekly update of npm packages.
+
+### Commits (${COMMIT_COUNT})
+
+<details>
+<summary>View commit history</summary>
+
+\`\`\`
+${COMMITS}
+\`\`\`
+
+</details>
+
+---
+
+<sub>Generated by [weekly-update.yml](.github/workflows/weekly-update.yml)</sub>" \
+            --draft \
+            --head "$BRANCH_NAME" \
+            --base main
+
+      - name: Upload Claude output
+        if: always()
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: claude-output-${{ github.run_id }}
+          path: claude-output.log
+          retention-days: 7
diff --git a/.gitignore b/.gitignore
@@ -67,6 +67,6 @@ dist/
 # ============================================================================
 # Claude Code configuration
 # ============================================================================
-.claude/
+.claude/*
 !.claude/commands/
 !.claude/skills/
