diff --git a/.github/workflows/updatecli.weekly.yaml b/.github/workflows/updatecli.weekly.yaml
deleted file mode 100644
index 7cda95d7e..000000000
--- a/.github/workflows/updatecli.weekly.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-name: Updatecli Weekly
-on:
-  workflow_dispatch:
-  schedule:
-    # * is a special character in YAML so you have to quote this string
-    # Run at 12:00 every Thursday
-    - cron: '0 12 * * 4'
-  repository_dispatch:
-    types:
-      - "updatecli-release"
-jobs:
-  updatecli:
-    if: github.ref == 'refs/heads/master'
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Checkout"
-        uses: "actions/checkout@v4"
-      - name: "Install Updatecli"
-        uses: "updatecli/updatecli-action@v2.98.0"
-        with:
-          version: "v0.113.0"
-      # releasepost is required by the Updatecli
-      #   * policy ghcr.io/updatecli/policies/releasepost/releasepost
-      - name: "Install Releasepost"
-        uses: "updatecli/releasepost-action@v0.5.0"
-      - uses: tibdex/github-app-token@v2.1
-        id: generate_token
-        if: github.ref == 'refs/heads/master'
-        with:
-          app_id: ${{ secrets.UPDATECLIBOT_APP_ID }}
-          private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
-      - name: "Run updatecli"
-        if: github.ref == 'refs/heads/master'
-        run: "updatecli compose apply --file updatecli-compose.weekly.yaml"
-        env:
-          GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }}
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-          RELEASEPOST_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
index 602ff7330..c802e5dc3 100644
--- a/.github/workflows/updatecli.yaml
+++ b/.github/workflows/updatecli.yaml
@@ -1,49 +1,29 @@
----
 name: Updatecli
 on:
-  merge_group:
-    branch: master
+  release:
   workflow_dispatch:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
   schedule:
-    # * is a special character in YAML so you have to quote this string
-    # Run every hour
-    - cron: '0 * * * *'
-# Commenting until https://github.com/orgs/community/discussions/41518
-# is fixed
-#concurrency:
-#  # Restrict to one workflow per branch
-#  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
-#  cancel-in-progress: true
+    # Run at 12:00 every Saterday every 14 days
+    - cron: "0 12 */14 * *"
+
 jobs:
   updatecli:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v4"
-      - name: "Install Updatecli"
-        uses: "updatecli/updatecli-action@v2.98.0"
+        uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0
+
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0
         with:
           version: "v0.114.0"
-      - name: "Run updatecli in dryrun"
-        run: "updatecli compose diff"
-        env:
-          GITHUB_ACTOR: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: "Login Udash"
-        if: github.ref == 'refs/heads/master'
-        run: "updatecli udash login --experimental --api-url $UPDATECLI_UDASH_API_URL --oauth-access-token $UPDATECLI_UDASH_ACCESS_TOKEN $UPDATECLI_UDASH_URL"
-        env:
-          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
-          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
-          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
+
       - name: "Run updatecli"
-        if: github.ref == 'refs/heads/master'
-        run: "updatecli compose apply --clean-git-branches=true --experimental"
+        run: updatecli compose apply --clean-git-branches=true --experimental
         env:
           UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
           UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
           UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/.github/workflows/updatecli_release.yaml b/.github/workflows/updatecli_release.yaml
new file mode 100644
index 000000000..60f3b021c
--- /dev/null
+++ b/.github/workflows/updatecli_release.yaml
@@ -0,0 +1,48 @@
+---
+name: Updatecli Release
+on:
+  workflow_dispatch:
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    # Run at 12:00 every Thursday
+    - cron: "0 12 * * 4"
+  repository_dispatch:
+    types:
+      - "updatecli-release"
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+
+      - name: "Install Updatecli"
+        uses: "updatecli/updatecli-action@v2.96.0"
+        with:
+          version: "v0.114.0"
+
+      # releasepost is required by the Updatecli
+      #   * policy ghcr.io/updatecli/policies/releasepost/releasepost
+      - name: "Install Releasepost"
+        uses: "updatecli/releasepost-action@v0.5.0"
+
+      - name: "Run updatecli only on release pipelines"
+        run: updatecli compose apply --clean-git-branches=true --labels="event:release" --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
+
+      - name: "Run updatecli"
+        run: "updatecli compose apply --file updatecli-compose-release.yaml --experimental"
+        env:
+          RELEASEPOST_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml
new file mode 100644
index 000000000..73775b6af
--- /dev/null
+++ b/.github/workflows/updatecli_test.yaml
@@ -0,0 +1,26 @@
+name: Updatecli Test
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0
+
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0
+        with:
+          version: "v0.114.0"
+
+      - name: "Test updatecli in dry-run mode"
+        run: "updatecli compose diff --experimental"
+        env:
+          # This step is executed in untrusted context. We use a GitHub token with minimal permissions.
+          UPDATECLI_GITHUB_USERNAME: ${{ github.actor }}
+          UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml
new file mode 100644
index 000000000..3b07976ef
--- /dev/null
+++ b/.github/workflows/updatecli_update.yaml
@@ -0,0 +1,38 @@
+name: Updatecli - Update
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0
+
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0
+        with:
+          version: "v0.114.0"
+
+      - name: "Run updatecli only on monitored pipelines"
+        run: updatecli compose apply --clean-git-branches=true --labels="monitoring:enabled" --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
+
+      - name: "Run updatecli only on existing pipelines"
+        run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/_typos.toml b/_typos.toml
index 9ba8c9e8e..4bcff698d 100644
--- a/_typos.toml
+++ b/_typos.toml
@@ -1,5 +1,12 @@
 [files]
-extend-exclude = ["static/*", "assets/*", "vendor", "content/en/schema", "vale"]
+extend-exclude = [
+  "static/*",
+  "assets/*",
+  "vendor",
+  "content/en/schema",
+  "vale",
+  "content/en/changelogs/updatecli/changelogs/v0.87.0.adoc",
+]
 
 [default]
-extend-ignore-identifiers-re = ["equirements","stderr"]
+extend-ignore-identifiers-re = ["equirements", "stderr"]
diff --git a/updatecli-compose.weekly.yaml b/updatecli-compose-release.yaml
similarity index 70%
rename from updatecli-compose.weekly.yaml
rename to updatecli-compose-release.yaml
index 5cc4ea05e..faa28e050 100644
--- a/updatecli-compose.weekly.yaml
+++ b/updatecli-compose-release.yaml
@@ -1,4 +1,10 @@
 policies:
+  - name: Local policies
+    config:
+      - updatecli/updatecli.d/
+    values:
+      - updatecli/values.d/scm.yaml
+
   - name: Trigger releasepost
     policy: ghcr.io/updatecli/policies/releasepost/releasepost:0.10.0@sha256:b4b857efbed3a966cbdbc224b5ba0b9322c96322effa0cedff93a2b39d8e086d
     values:
diff --git a/updatecli/updatecli.d/docs.yaml b/updatecli/updatecli.d/docs.yaml
index c8fb00690..22376c726 100644
--- a/updatecli/updatecli.d/docs.yaml
+++ b/updatecli/updatecli.d/docs.yaml
@@ -1,7 +1,10 @@
 name: "docs: update Updatecli cli documentation"
-
 pipelineid: cli_docs
 
+labels:
+  event: release
+  monitoring: enable
+
 actions:
   default:
     kind: github/pullrequest
@@ -18,13 +21,13 @@ scms:
   default:
     kind: github
     spec:
-      branch: master
-      email: updatecli@olblak.com
-      owner: updatecli
-      repository: website
-      user: updatecli
+      branch: "{{ .scm.branch }}"
+      email: "{{ .scm.email }}"
+      owner: "{{ .scm.owner }}"
+      repository: "{{ .scm.repository }}"
+      user: "{{ .scm.user }}"
       force: true
-      commitusingapi: true
+      commitusingapi: {{ scm.commitusingapi }}
     disabled: false
 
 targets:
diff --git a/updatecli/updatecli.d/installation.yaml b/updatecli/updatecli.d/installation.yaml
index e09fae46e..aef80ad20 100644
--- a/updatecli/updatecli.d/installation.yaml
+++ b/updatecli/updatecli.d/installation.yaml
@@ -1,6 +1,10 @@
 name: "docs: update Updatecli version throughout the documentation"
 pipelineid: updatecli/version
 
+labels:
+  event: release
+  monitoring: enable
+
 actions:
   default:
     kind: github/pullrequest
@@ -17,12 +21,13 @@ scms:
   default:
     kind: github
     spec:
-      branch: master
-      email: updatecli@olblak.com
-      owner: updatecli
-      repository: website
-      user: updatecli
-      commitusingapi: true
+      branch: "{{ .scm.branch }}"
+      email: "{{ .scm.email }}"
+      owner: "{{ .scm.owner }}"
+      repository: "{{ .scm.repository }}"
+      user: "{{ .scm.user }}"
+      force: true
+      commitusingapi: {{ scm.commitusingapi }}
     disabled: false
 
 sources:
diff --git a/updatecli/updatecli.d/jsonschema.yaml b/updatecli/updatecli.d/jsonschema.yaml
index 7f2e0666c..8a3a2b102 100644
--- a/updatecli/updatecli.d/jsonschema.yaml
+++ b/updatecli/updatecli.d/jsonschema.yaml
@@ -1,6 +1,10 @@
 pipelineid: jsonschema
 name: "docs: update Updatecli jsonschema"
 
+labels:
+  event: release
+  monitoring: enable
+
 actions:
   default:
     kind: github/pullrequest
@@ -18,12 +22,13 @@ scms:
   default:
     kind: github
     spec:
-      branch: master
-      email: updatecli@olblak.com
-      owner: updatecli
-      repository: website
-      user: updatecli
-      commitusingapi: true
+      branch: "{{ .scm.branch }}"
+      email: "{{ .scm.email }}"
+      owner: "{{ .scm.owner }}"
+      repository: "{{ .scm.repository }}"
+      user: "{{ .scm.user }}"
+      force: true
+      commitusingapi: {{ scm.commitusingapi }}
     disabled: false
 
 targets:
diff --git a/updatecli/values.d/scm.yaml b/updatecli/values.d/scm.yaml
index 903543b38..176784968 100644
--- a/updatecli/values.d/scm.yaml
+++ b/updatecli/values.d/scm.yaml
@@ -1,6 +1,6 @@
 scm:
   enabled: true
-  user: updatecli-bot
+  user: updateclibot
   email: updatecli-bot@updatecli.io
   owner: updatecli
   repository: website