fix(ci): fix weekly-update workflow auth and inputs handling

- Remove persist-credentials: false from apply-updates checkout so git push works
- Use github.event.inputs.dry-run instead of inputs.dry-run for schedule compatibility
- Add shell: bash declarations to all run steps
- Fix pipefail for claude exit code capture through tee

Author: jdalton

.github/workflows/weekly-update.yml

@@ -40,10 +40,12 @@ jobs:
         uses: pnpm/action-setup@b307475762933b98ed359c036b0e51f26b63b74b # v5.0.0
 
       - name: Install dependencies
+        shell: bash
         run: pnpm install --frozen-lockfile
 
       - name: Check for npm updates
         id: check
+        shell: bash
         run: |
           echo "Checking for npm package updates..."
           HAS_UPDATES=false
@@ -57,7 +59,7 @@ jobs:
   apply-updates:
     name: Apply updates with Claude Code
     needs: check-updates
-    if: needs.check-updates.outputs.has-updates == 'true' && inputs.dry-run != true
+    if: needs.check-updates.outputs.has-updates == 'true' && github.event.inputs.dry-run != 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -67,7 +69,6 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
-          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -79,13 +80,16 @@ jobs:
         uses: pnpm/action-setup@b307475762933b98ed359c036b0e51f26b63b74b # v5.0.0
 
       - name: Install dependencies
+        shell: bash
         run: pnpm install --frozen-lockfile
 
       - name: Install Claude Code
+        shell: bash
         run: npm install -g @anthropic-ai/claude-code
 
       - name: Create update branch
         id: branch
+        shell: bash
         run: |
           BRANCH_NAME="weekly-update-$(date +%Y%m%d)"
           git config user.name "github-actions[bot]"
@@ -96,6 +100,7 @@ jobs:
       - name: Run updating skill with Claude Code
         id: claude
         timeout-minutes: 30
+        shell: bash
         env:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           CI: 'true'
@@ -107,19 +112,17 @@ jobs:
             exit 0
           fi
 
+          set -o pipefail
           claude --print --dangerously-skip-permissions \
             --model sonnet \
             "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests. Do not push or create a PR." \
             2>&1 | tee claude-output.log
 
-          if [ $? -eq 0 ]; then
-            echo "success=true" >> $GITHUB_OUTPUT
-          else
-            echo "success=false" >> $GITHUB_OUTPUT
-          fi
+          echo "success=true" >> $GITHUB_OUTPUT
 
       - name: Check for changes
         id: changes
+        shell: bash
         run: |
           if [ -n "$(git status --porcelain)" ] || [ "$(git rev-list --count HEAD ^origin/main)" -gt 0 ]; then
             echo "has-changes=true" >> $GITHUB_OUTPUT
@@ -129,12 +132,14 @@ jobs:
 
       - name: Push branch
         if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        shell: bash
         env:
           BRANCH_NAME: ${{ steps.branch.outputs.branch }}
         run: git push origin "$BRANCH_NAME"
 
       - name: Create Pull Request
         if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        shell: bash
         env:
           GH_TOKEN: ${{ github.token }}
           BRANCH_NAME: ${{ steps.branch.outputs.branch }}
@@ -146,22 +151,22 @@ jobs:
             --title "chore(deps): weekly dependency update ($(date +%Y-%m-%d))" \
             --body "## Weekly Dependency Update
 
-Automated weekly update of npm packages.
+          Automated weekly update of npm packages.
 
-### Commits (${COMMIT_COUNT})
+          ### Commits (${COMMIT_COUNT})
 
-<details>
-<summary>View commit history</summary>
+          <details>
+          <summary>View commit history</summary>
 
-\`\`\`
-${COMMITS}
-\`\`\`
+          \`\`\`
+          ${COMMITS}
+          \`\`\`
 
-</details>
+          </details>
 
----
+          ---
 
-<sub>Generated by [weekly-update.yml](.github/workflows/weekly-update.yml)</sub>" \
+          <sub>Generated by [weekly-update.yml](.github/workflows/weekly-update.yml)</sub>" \
             --draft \
             --head "$BRANCH_NAME" \
             --base main