diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
index eeced5e..32b8571 100644
--- a/.github/workflows/updatecli.yaml
+++ b/.github/workflows/updatecli.yaml
@@ -1,42 +1,29 @@
----
-name: updatecli
-
+name: Updatecli
 on:
+  release:
   workflow_dispatch:
-  push:
-  pull_request:
   schedule:
-    # * is a special character in YAML so you have to quote this string
-    # Run every hour
-    - cron: '0 * * * *'
+    # Run at 12:00 every Saterday every 14 days
+    - cron: "0 12 */14 * 6"
 
 jobs:
-  updatecli:
+  prepare:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - name: "Checkout"
+        uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0
 
-      - name: Diff
-        uses: updatecli/updatecli-action@v1.19.0
-        with:
-          command: diff
-          flags: "--config ./updatecli/updatecli.d"
-        env:
-          UPDATECLI_GITHUB_ACTOR: ${{ github.actor }}
-          UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: tibdex/github-app-token@v1.5
-        id: generate_token
-        if: github.ref == 'refs/heads/main'
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0
         with:
-          app_id: ${{ secrets.UPDATECLIBOT_APP_ID }}
-          private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
-      - name: Apply
-        uses: updatecli/updatecli-action@v1.19.0
-        if: github.ref == 'refs/heads/main'
-        with:
-          command: apply
-          flags: "--config ./updatecli/updatecli.d"
+          version: "v0.113.0-rc.1"
+
+      - name: "Run updatecli"
+        run: updatecli compose apply --clean-git-branches=true --experimental
         env:
-          UPDATECLI_GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }}
-          UPDATECLI_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml
new file mode 100644
index 0000000..ad4e2f7
--- /dev/null
+++ b/.github/workflows/updatecli_test.yaml
@@ -0,0 +1,26 @@
+name: Updatecli Test
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0
+
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0
+        with:
+          version: "v0.113.0-rc.1"
+
+      - name: "Test updatecli in dry-run mode"
+        run: "updatecli compose diff"
+        env:
+          # This step is executed in untrusted context. We use a GitHub token with minimal permissions.
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml
new file mode 100644
index 0000000..bb4cff3
--- /dev/null
+++ b/.github/workflows/updatecli_update.yaml
@@ -0,0 +1,28 @@
+name: Updatecli - Update
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0
+
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0
+        with:
+          version: "v0.113.0-rc.1"
+
+      - name: "Run updatecli only on existing pipelines"
+        run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml
new file mode 100644
index 0000000..d2f2182
--- /dev/null
+++ b/updatecli-compose.yaml
@@ -0,0 +1,34 @@
+---
+policies:
+  - name: Local Updatecli Website Policies
+    config:
+      - updatecli/updatecli.d/
+    values:
+      - updatecli/values.d/scm_githubsearch.yaml
+
+  - name: Default - Sync Updatecli values files from github.com/updatecli/updatecli
+    policy: ghcr.io/updatecli/policies/file:0.3.2
+    values:
+      - updatecli/values.d/scm_githubsearch.yaml
+      - updatecli/values.d/sync_gha_updatecli.yaml
+
+  - name: Golang - Sync Updatecli values files from github.com/updatecli/updatecli
+    policy: ghcr.io/updatecli/policies/file:0.3.2
+    values:
+      - updatecli/values.d/golang/scm_githubsearch.yaml
+      - updatecli/values.d/golang/sync_gha_updatecli.yaml
+
+  - name: Update Updatecli policies
+    policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.7.0@sha256:6890c4b4093a80063f518101881098fab8211c986481641faaf797a9ad5a31c3
+    values:
+      - updatecli/values.d/scm.yaml
+
+  - name: Update githubactions
+    policy: ghcr.io/updatecli/policies/autodiscovery/githubaction:0.3.0@sha256:3b5425da2a2a2b89bb69463f1294704c33730358c66140efb93cab14b2868b06
+    values:
+      - updatecli/values.d/scm.yaml
+
+  - name: Handle Updatecli version in GitHub action
+    policy: ghcr.io/updatecli/policies/updatecli/githubaction:0.7.0@sha256:a97518f118b03d2f63f45378e1961028b07c23d53db91db892893ff240fa5f4e
+    values:
+      - updatecli/values.d/scm.yaml
diff --git a/updatecli/updatecli.d/updatecli.yaml b/updatecli/updatecli.d/updatecli.yaml
deleted file mode 100644
index 102b5e7..0000000
--- a/updatecli/updatecli.d/updatecli.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-title: Bump udpatecli version
-
-scms:
-  default:
-    kind: github
-    spec:
-      user: updatecli
-      email: me@olblak.com
-      owner: updatecli
-      repository: updatecli
-      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
-      username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
-      branch: main
-
-sources:
-  latestVersion:
-    name: Get latest updatecli release
-    kind: githubRelease
-    spec:
-      owner: updatecli
-      repository: updatecli
-      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
-      username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
-
-targets:
-  bugReport:
-    name: '[bug-report] Update updatecli version to {{ source "latestVersion" }}'
-    kind: file
-    spec:
-      file: .github/ISSUE_TEMPLATE/1-bug-report.yml
-      matchPattern: '\*\*updatecli\*\*: .*'
-      content: '**updatecli**: {{ source `latestVersion` }}'
-    scmID: default
-
-pullrequests:
-  default:
-    title: '[updatecli] Bump updatecli version to {{ source "latestVersion" }}'
-    kind: github
-    scmID: default
-    targets:
-      - bugReport
-    spec:
-      automerge: true
-      labels:
-        - chore
-        - skip-changelog
diff --git a/updatecli/values.d/golang/scm_githubsearch.yaml b/updatecli/values.d/golang/scm_githubsearch.yaml
new file mode 100644
index 0000000..cd9b955
--- /dev/null
+++ b/updatecli/values.d/golang/scm_githubsearch.yaml
@@ -0,0 +1,10 @@
+scm:
+  enabled: true
+  kind: githubsearch
+  search: "org:updatecli language:Go archived:false"
+  branch: "^main$|^master$"
+  commitusingapi: true
+  user: updateclibot
+  limit: 0
+
+automerge: false
diff --git a/updatecli/values.d/golang/sync_gha_updatecli.yaml b/updatecli/values.d/golang/sync_gha_updatecli.yaml
new file mode 100644
index 0000000..ea5b9e7
--- /dev/null
+++ b/updatecli/values.d/golang/sync_gha_updatecli.yaml
@@ -0,0 +1,14 @@
+src:
+  url: "https://github.com/updatecli/udash.git"
+  branch: "main"
+
+files:
+  - src: .github/workflows/updatecli.yaml
+    dst: .github/workflows/updatecli.yaml
+  - src: .github/workflows/updatecli_test.yaml
+    dst: .github/workflows/updatecli_test.yaml
+  - src: .github/workflows/updatecli_update.yaml
+    dst: .github/workflows/updatecli_update.yaml
+
+pr:
+  automerge: false
diff --git a/updatecli/values.d/scm.yaml b/updatecli/values.d/scm.yaml
new file mode 100644
index 0000000..fb21bad
--- /dev/null
+++ b/updatecli/values.d/scm.yaml
@@ -0,0 +1,8 @@
+scm:
+  enabled: true
+  user: updatecli
+  email: bot@updatecli.io
+  owner: updatecli
+  repository: .github
+  username: "updateclibot"
+  branch: main
diff --git a/updatecli/values.d/scm_githubsearch.yaml b/updatecli/values.d/scm_githubsearch.yaml
new file mode 100644
index 0000000..959edfe
--- /dev/null
+++ b/updatecli/values.d/scm_githubsearch.yaml
@@ -0,0 +1,10 @@
+scm:
+  enabled: true
+  kind: githubsearch
+  search: "org:updatecli archived:false"
+  branch: "^main$|^master$"
+  commitusingapi: true
+  user: updateclibot
+  limit: 0
+
+automerge: false
diff --git a/updatecli/values.d/sync_gha_updatecli.yaml b/updatecli/values.d/sync_gha_updatecli.yaml
new file mode 100644
index 0000000..edea2e2
--- /dev/null
+++ b/updatecli/values.d/sync_gha_updatecli.yaml
@@ -0,0 +1,14 @@
+src:
+  url: "https://github.com/updatecli/updatecli.git"
+  branch: "main"
+
+files:
+  - src: CODE_OF_CONDCUCT.md
+    dst: CODE_OF_CONDCUCT.md
+  - src: LICENSE
+    dst: LICENSE
+  - src: .github/workflows/typos.yaml
+    dst: .github/workflows/typos.yaml
+
+pr:
+  automerge: false