Add PR validation pipeline: CI, Dependabot auto-merge, Playwright tests

[jldeen]

Summary

Sets up an end-to-end automated PR validation and dependency management pipeline for this repo. Today, PRs (including Dependabot PRs) merge with zero automated checks. This PR adds three automation layers:

1. ✅ Validate & Test (ci.yml)

A new CI workflow that runs on every pull request:

Step	What it does
npm ci	Clean install
astro check	TypeScript strict-mode typecheck
npm run build	Production build
npx playwright install --with-deps chromium	Browser install
npm run test	Playwright e2e tests against the preview server

The Playwright HTML report is uploaded as an artifact on failure for easy debugging.

What was wired up:

• Created playwright.config.ts with webServer pointing at npm run preview (port 4321)
• Added test and check npm scripts
• Fixed tests/health.spec.ts to use baseURL from config instead of hardcoded http://localhost:4321/octocanvas
• Installed @astrojs/check, typescript, and @types/node as devDependencies
• Fixed a pre-existing heroTitle null-check error that would have blocked astro check

2. 🤖 Dependabot + Auto-merge

• dependabot.yaml (enhanced): npm + github-actions ecosystems, weekly on Mondays, grouped minor/patch updates, labels (dependencies, npm/github-actions), sensible open-PR limits
• dependabot-automerge.yml: auto-approves and squash-merges Dependabot PRs for patch/minor updates once CI passes; major updates are left for manual review

3. 📝 README documentation

Added a "CI / Automation" section documenting the pipeline and local testing commands.

---

⚠️ Manual follow-ups required

These are repo settings that can't be configured via files — a human needs to toggle them:

1. Branch protection: Go to Settings → Rules → Branch protection and require the ci status check to pass before merging to main.
2. Copilot automatic code review: Enable Copilot code review on PRs via Settings → Code review → Copilot. This completes the "PR review" layer of the pipeline.

---

Local validation

All checks pass locally:

✓ npm ci
✓ npm run build
✓ npm run check (astro check — 0 errors)
✓ npm run test (1 passed, 0 failed)

[Copilot]

Pull request overview

Adds an automated PR validation pipeline (typecheck/build/e2e), plus Dependabot update grouping and an auto-merge workflow, along with small code/test adjustments to support the new CI checks.

Changes:

• Introduces a new PR CI workflow that installs deps, runs astro check, builds, and executes Playwright tests (with report artifact upload on failure).
• Adds Playwright configuration + npm scripts/dependencies to support typechecking and e2e testing.
• Enhances Dependabot configuration and adds a Dependabot auto-approve/auto-merge workflow; documents the automation in the README.

Show a summary per file

File	Description
tsconfig.json	Adjusts TS excludes for the new tooling/tests.
tests/health.spec.ts	Updates the health check test to use a relative URL (baseURL-driven).
src/pages/index.astro	Adds a defensive null-check for heroTitle in the scroll fallback.
README.md	Documents the new CI/automation pipeline and local commands.
playwright.config.ts	Adds Playwright test runner configuration + webServer integration.
package.json	Adds check/test scripts and new devDependencies for typechecking/testing.
package-lock.json	Locks newly added devDependencies and their transitive deps.
.github/workflows/dependabot-automerge.yml	Adds a workflow intended to auto-approve/auto-merge Dependabot PRs.
.github/workflows/ci.yml	Adds a PR CI workflow for install/typecheck/build/e2e test.
.github/dependabot.yaml	Expands Dependabot settings (scheduling, labels, grouping, PR limits).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 8/10 changed files
• Comments generated: 2